1. HelpSystems Community
  2. Knowledge Base
  3. Powertech
  4. Powertech Command Security for IBM i
  5. Installing or Updating Powertech Command Security for IBM i

Installing or Updating Powertech Command Security for IBM i

Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Clearer Names for HelpSystems Security Software.

Before You Install

Please review the following information before installing Command Security. 

Note: When installing Command Security in an HA environment: 

  1. Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles. 
  2. Install Command Security on the HA and production systems.
  3. Setup Command Security replication per the HA Setup instructions (see Command Security Setup in an HA Environment).
  4. Start replication (including the user profiles).

Licensing

Command Security requires that you enter a valid license key. Contact keys@helpsystems.com if you need to request a new license key.

System Requirements

Command Security requires the following:

  • IBM i 7.2: PTF SI58106 

Note: During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation.

If FTP is not available, you must install the product manually. See Manual Installation of Powertech IBM i Products.

System Values

It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the Command Security installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.

To install Powertech Command Security on your system, the following system values that control object restores must be configured as shown.

  • Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech Command Security programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
  • QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the Command Security product library PTCSLIB for the product to function properly.
  • Set QVFYOBJRST to 1, 2, or 3. This allows Command Security to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the Command Security install process completes.)
  • Set QFRCCVNRST (Force conversion on restore) to 0 or 1.

Installation

The Command Security installation process is completely automated.

Ensure the following servers are available and running prior to installation:

  • FTP Server
  • Remote Command Server 

Do the following to install Command Security:

  1. Download the Command Security Installer from the Command Security download page. (The "Trial" download is the full product, which can be unlocked with a valid License Key).
  2. Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to install Command Security, a user profile, and password.

    Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.

  3. The Wizard installs Command Security on your system. When the installation completes, click Finish to close the Wizard on your PC.    .

The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the Command Security install.
Command Security installs the following product libraries, user profiles, authorization list, and command on your system. It also creates the PTWRKMGT subsystem if it doesn’t already exist and adds a job queue entry to the subsystem.

Installed on System Description

Product Libraries

PTCSLIB 
PTWRKMGT

User Profiles
  • PTADMIN, which is similar to *SECOFR and has special authorities *ALLOBJ, *SECADM, *JOBCTL, and *AUDIT
  • PTUSER, which is similar to *USER and has no special authorities
    Both profiles are set to Password = *NONE so they can’t be used to sign on to the system.

Authorization Lists

PTADMIN
A user must be in the PTADMIN authorization list to use Command Security.

Command

WRKPTCS

Subsystem

 PTWRKMGT
The subsystem is created at install if it doesn’t already exist on the system

Job queue entry

 PCSJOBQ
Added to PTWRKMGT subsystem.

Starting Command Security

To start Command Security, enter the following command:

PTCSLIB/WRKPTCS

Note: The Command Security Administrator's Guide can be found at Powertech Product Manuals.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: January 22, 2019
+1 800-328-1000
info@helpsystems.com
Cybersecurity
Compliance & Audit Reporting
IT Operations Management
IT Infrastructure Monitoring
Business Intelligence
Document & Forms Management

Copyright © 2019 HelpSystems