Verifying code checker function integrity

 

Learn how to verify the integrity of the code checker function that you use to verify i5/OS^® system integrity.

To use the new code checker integrity verification function to that you use to verify the integrity of your system, have *AUDIT special authority.

To verify the code checker function, run the Check System (QydoCheckSystem) API to determine whether any key operating system object has changed since it was signed. When you run the API it checks key system objects, including the programs and service programs and selected command (*CMD) objects in the QSYS library, as follows:

1. Checks all program (*PGM) objects to which the system entry point table points.

2. Checks all the service program (*SRVPGM) objects in the QSYS library and verifies the integrity of the Verify Object API.

3. Runs the Verify Object (QydoVerifyObject) API to verify the integrity of Restore Object (RSTOBJ) command, the Restore Library (RSTLIB) command, and the Check Object Integrity (CHKOBJITG) command.

4. Uses the RSTOBJ and RSTLIB commands on a special save file (*SAV) to make sure that errors are reporting correctly. A lack of error messages or the wrong error messages indicate a potential problem.

5. Creates a command (*CMD) object that is designed to fail to verify correctly.

6. Runs the CHKOBJITG command and the Verify Object API on this special command object to ensure that the CHKOBJITG command and the Verify Object API are reporting errors correctly. A lack of error messages or the wrong error messages indicate a potential problem.

 

Parent topic:

Managing signed objects

Related concepts
Code checker integrity verification function

Related reference
Interpreting code checker verification error messages