IBM GC28-1920-01 manual Auditing Considerations, SMF Records, Auditors Guide and OS/390, Interface

Page 69

Chapter 8. Auditing Considerations

Chapter 8. Auditing Considerations

This

section

summarizes the

changes

to

auditing

procedures

for

the

Ÿ

SMF records

Ÿ

Report

writer

utility

Ÿ

SMF

data

unload

utility

The

auditor

must

decide on

appropriate

global

auditing

options

for t

and

on which auditing reports are to beOS/390producedSecurity. See Server

(RACF)

Auditor's Guideand OS/390

Security

Server (RACF) Macros

and

Interface

for

more

information.

SMF Records

Figure 22 summarizes		the	new	event	codes	for	SMF records created			by
OS/390 Release 2. The new event code is						a general-use programming				inte
(GUPI).

Figure 22.	New Event Codes

Event Code	Description							Support

65	Audits	the	passing	of	access	rights		fromOS/390one
	process	to	another.					OpenEdition

Figure 23 summarizes changes to SMF records created by RACF for OS/39 Release 2. These changes are general-use programming interfaces (GUPI

Figure 23 (Page 1 of 2). Changes to SMF Records

Record Type

80

80

Record

Description

of

Change

Support

Field

SMF80EVT

Event

code

57 is used to audit

OS/390twonew

OpenEdition

services: a

new

console

OpenEdition

communications service (CCS) and a

new

workload

manager

(WLM)

service. Two

new audit function codes, 99 and 100,

cause event 57 records to be generated.

Creation

of the

audit

records

is

controlled

by the existing PROCESS class.

Event code 65 is used to audit the

passing

of

access

rights

from one

process

to another. Three new audit function

codes, 95, 96, and 97, cause event 65

records to be generated. Creation of the

audit records is controlled by

the existing

PROCACT class.

Relocate

For

event

code

2,

this

SMF

recordOS/390

64

contains

a

link

value

to

connect

clientOpenEditionand

server

audit

records.

DCE

 Copyright IBM Corp. 1994, 1996

45

Image 69

Contents Security Server RACF Planning Installation and Migration OS/390Place graphic in this area. Outline is keyline only. DO NOT PRINT Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsAdministration Considerations Customization ConsiderationsAuditing Considerations Index Operational ConsiderationsChapter 10. ApplicationPage Figures Page Notices Trademarks About This Book How to Use ThisWho Should Use This Book xiiiSoftcopy Publications Where to Find More InformationŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 ServerElements of Security RACF Installation - Student GG24-3971Notes Administration, H3927Using the Ÿ Tutorial Options for Tuning GG22RACFIBM Discussion Areas Other Sources of InformationInternet Sources listserv@uga.cc.uga.eduTo Request Copies of PublicationsOS/390 xviiiFeatures Product ServiceŸ OpenEditionOSA/SF V2R5TSO/EPage Summary of Changes Page Migration Planning Considerations Chapter 1. PlanningMigration Installation Considerations Administration ConsiderationsCustomization Considerations Operational Considerations Auditing ConsiderationsApplication Development Considerations General User ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewidentifies OS/390 OpenEdition DCEfunction introduced in OS/390 ReleaseCheck ConceptsAuditing the Passing of Access Rights Authorizing and Auditing Server Access to the CCS and WLM ServicesOS/390 OpenEdition SOMobjects for MVSRRSF Network Multisystem Nodesnon-main systemsOS/390 Enable and Disable Functions YearTARGET 1.10 NetViewclasses Facilityupdated for Function Not Upgradedidentifies function thatRelease Components for3. Summary of Class Descriptor Table CDTlists classes Commandswhich thereChapter 3. Summary of Changes to RACF Components for OS/390 15Release CommandExits Data Areaslists changed general-use programming interface GUPI data areMessages MacrosFigure 12 lists changes RACF macrosChanged Messages New MessagesMessages RACF Database Split/Merge Utility IRRUT400Publications Library PanelsRoutines Figure 13 lists RACF panels that areTemplates SYS1.SAMPLIBFigure 16 identifies changes to RACF members of SYS1.SAMPLIB RACROUTE REQUEST=EXTRACTUtilities Figure 18 lists changes to RACF utilities for OS/390 ReleaseTemplate 0280 UtilityRACF Planning Installation and Migrationfor RACF OS/390 Security Server RACF Planning Installation and forMigrationChapter 4. Planning Considerations Migration StrategyHardware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andSoftware Requirements RACF Migration and Planning for RACFCompatibility Compatibility Considerations for Remote SharingRequirements Page Enabling RACF Chapter 5. Installation ConsiderationsConsiderations Networksconfigured installationare in your existing workspace data sets when you install multisystem Rmust Chapter 5. Installation Considerations29nodename prefixsysname local-luprefix.local-node.local-node .INMSG Virtual Storage RACF Storage ConsiderationsThis section discusses storage considerations for RACF Figure 21 estimates RACF virtual storage usage, for planning purposesSubpool Customer Additions to the CDTOS/390 Release Templates for RACF oninformation, OS/390see Security Server SystemExit Processing Chapter 6. Customization Considerationsand IRRSXT00 Effects of OS/390 OpenEdition DCERACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation ExitServer RACF Security Administrators. Guide Chapter 7. Administration ConsiderationsCross-Linking Between RACF Users signonDCEUUIDS Class Signon toActivating single signon restrictionsOpenEditionsee DCE Administration .Guide OS/390 OpenEdition DCE Application Considerationsthe DCE Encryption Key OpenEdition Planning, and inOS/390 OpenEdition Programming Assembler Library ReferenceThreads and Changes to RACF Authorization Processing Restrictionscallable servicepthread orsecuritynp Rdceruid Callable Service UtilityEnhancements to the SYSMVIEW Chapter 7. Administration Considerations43Page SMF Records Chapter 8. Auditing ConsiderationsAuditors Guide and OS/390 Server RACF MacrosServices Auditing New OS/390Interfaces Auditing SystemView for MVS Support Auditing OS/390 OpenEdition DCE SupportReport Writer SMF Data Unload UtilityPage OS/390 Security Server RACF Command Language Referencefor more CommandChapter 9. Operational Considerations Enabling and DisablingPage 2000 Support Chapter 10. Application Development ConsiderationsServers 01yydddFpthread the securitynp New Application Services and SecurityNew Application Authorization ServiceChanges to the Class Descriptor Table Programming InterfacesŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageConsiderations Chapter 11. General UserOpenEdition Reference forPage APAR OW14451 Chapter 12. NJE ConsiderationsOW08457 After Applying the PTFOW08457 Actions RequiredUACC NODESAPAR OW15408 GROUPFAILSAFE Page Migrating an Existing Chapter 13. ScenariosNodes RRSFOn MIAMI2 prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 DELETERACF Diagnosis On ORLANDODELETE Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEGlossary accessdirection Page Seegeneral-use programming Seeinventoryprogramming Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page SERVER SFSCMDKEYSMSTR utilitiescontinued Page IBM  Now you can! TheIBM Online Library ProductivityEdition OS/390 Security Server RACF Information Page Page comments Communicating Your Comments to IBMOS/390 Security Server RACF Planning Installation and Migration Readers Comments - Wed Like to Hear from YouPublication No. GC28-1920-01 Note CopiesREPLY MAILBUSINESS IBMPage IBM Drop in Back Cover Image HereGC28-192ð-ð1