Conditions
It is possible to define if/then/else logic in the IBM iSeries policy. This allows the end-user to return a warning message rather than pass/fail in case an audit passes.
The syntax to perform conditions is the following:
<if>
<condition type: "or">
<Insert your audit here>
</condition>
<then>
<Insert your audit here>
</then>
<else>
<Insert your audit here>
</else>
</if>
Example
<if>
<condition type: "or">
<custom_item>
type: AUDIT_SYSTEMVAL
systemvalue: "QDSPSGNINF"
description: "Sign-on information is displayed (QDSPSGNINF)"
info: "\nref : http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/books/sc415302.pdf pg. 23"
value_type: POLICY_DWORD
value_data: "1"
</custom_item>
</condition>
<then>
<custom_item>
type: AUDIT_SYSTEMVAL
systemvalue: "QDSPSGNINF"
description: "Sign-on information is not displayed (QDSPSGNINF)"
info: "\nref : http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/books/sc415302.pdf pg. 23"
value_type: POLICY_DWORD
value_data: "1"
</custom_item>
</then>
<else>
<report type: "WARNING">
description: "Sign-on information is displayed (QDSPSGNINF)"
info: "\nref : http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/books/sc415302.pdf pg. 23"
info: "Check system policy to confirm requirements."
</report>
</else>
</if>
Whether the condition fails or passes never shows up in the report because it is a “silent” check.
Conditions can be of type and or or.