Auditing Considerations, SMF Records, Interface | IBM GC28-1920-01

Chapter 8. Auditing Considerations

Chapter 8. Auditing Considerations

This

section

summarizes the

changes

to

auditing

procedures

for

the

Ÿ

SMF records

Ÿ

Report

writer

utility

Ÿ

SMF

data

unload

utility

The

auditor

must

decide on

appropriate

global

auditing

options

for t

and

on which auditing reports are to beOS/390producedSecurity. See Server

(RACF)

Auditor's Guideand OS/390

Security

Server (RACF) Macros

and

Interface

for

more

information.

SMF Records

Figure 22 summarizes		the	new	event	codes	for	SMF records created			by
OS/390 Release 2. The new event code is						a general-use programming				inte
(GUPI).

Figure 22.	New Event Codes

Event Code	Description							Support

65	Audits	the	passing	of	access	rights		fromOS/390one
	process	to	another.					OpenEdition

Figure 23 summarizes changes to SMF records created by RACF for OS/39 Release 2. These changes are general-use programming interfaces (GUPI

Figure 23 (Page 1 of 2). Changes to SMF Records

Record Type

80

80

Record

Description

of

Change

Support

Field

SMF80EVT

Event

code

57 is used to audit

OS/390twonew

OpenEdition

services: a

new

console

OpenEdition

communications service (CCS) and a

new

workload

manager

(WLM)

service. Two

new audit function codes, 99 and 100,

cause event 57 records to be generated.

Creation

of the

audit

records

is

controlled

by the existing PROCESS class.

Event code 65 is used to audit the

passing

of

access

rights

from one

process

to another. Three new audit function

codes, 95, 96, and 97, cause event 65

records to be generated. Creation of the

audit records is controlled by

the existing

PROCACT class.

Relocate

For

event

code

2,

this

SMF

recordOS/390

64

contains

a

link

value

to

connect

clientOpenEditionand

server

audit

records.

DCE

 Copyright IBM Corp. 1994, 1996

45

Image 69

IBM GC28-1920-01 Auditing Considerations, SMF Records, Auditors Guide and OS/390, Server RACF Macros, Interface, Security

Contents

Security Server RACF Planning Installation and Migration OS/390Place graphic in this area. Outline is keyline only. DO NOT PRINT Page OS/390 1996. All Second Edition, SeptemberPage Page Migration Contents Administration Considerations Customization ConsiderationsAuditing Considerations Index Operational ConsiderationsChapter 10. ApplicationPage Figures Page Notices Trademarks About This Book How to Use ThisWho Should Use This Book xiii Softcopy Publications Where to Find More InformationŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 Server Elements of Security RACF Installation - Student GG24-3971Notes Administration, H3927Using the Ÿ Tutorial Options for Tuning GG22RACF IBM Discussion Areas Other Sources of InformationInternet Sources listserv@uga.cc.uga.edu To Request Copies of Publications OS/390 xviiiFeatures Product ServiceŸ OpenEditionOSA/SF V2R5TSO/EPage Summary of Changes Page Migration Planning Considerations Chapter 1. PlanningMigration Installation Considerations Administration ConsiderationsCustomization Considerations Operational Considerations Auditing ConsiderationsApplication Development Considerations General User ConsiderationsPage New and Enhanced Support Chapter 2. Release Overview identifies OS/390 OpenEdition DCEfunction introduced in OS/390 Release Check Concepts Auditing the Passing of Access Rights Authorizing and Auditing Server Access to the CCS and WLM ServicesOS/390 OpenEdition SOMobjects for MVS RRSF Network Multisystem Nodesnon-main systems OS/390 Enable and Disable Functions YearTARGET 1.10 NetViewclasses Facility updated for Function Not Upgradedidentifies function that Release Components for3. Summary of Class Descriptor Table CDT lists classes Commandswhich there Chapter 3. Summary of Changes to RACF Components for OS/390 15Release Command Exits Data Areaslists changed general-use programming interface GUPI data are Messages MacrosFigure 12 lists changes RACF macros Changed Messages New MessagesMessages RACF Database Split/Merge Utility IRRUT400 Publications Library PanelsRoutines Figure 13 lists RACF panels that are Templates SYS1.SAMPLIBFigure 16 identifies changes to RACF members of SYS1.SAMPLIB RACROUTE REQUEST=EXTRACT Utilities Figure 18 lists changes to RACF utilities for OS/390 ReleaseTemplate 0280 Utility RACF Planning Installation and Migrationfor RACF OS/390 Security Server RACF Planning Installation and forMigrationChapter 4. Planning Considerations Migration Strategy Hardware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andSoftware Requirements RACF Migration and Planning for RACF Compatibility Compatibility Considerations for Remote SharingRequirements Page Enabling RACF Chapter 5. Installation ConsiderationsConsiderations Networks configured installationare in your existing workspace data sets when you install multisystem R must Chapter 5. Installation Considerations29 nodename prefixsysname local-lu prefix.local-node.local-node .INMSG Virtual Storage RACF Storage ConsiderationsThis section discusses storage considerations for RACF Figure 21 estimates RACF virtual storage usage, for planning purposes Subpool Customer Additions to the CDT OS/390 Release Templates for RACF oninformation, OS/390see Security Server System Exit Processing Chapter 6. Customization Considerationsand IRRSXT00 Effects of OS/390 OpenEdition DCE RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exit Server RACF Security Administrators. Guide Chapter 7. Administration ConsiderationsCross-Linking Between RACF Users signon DCEUUIDS Class Signon toActivating single signon restrictionsOpenEditionsee DCE Administration .Guide OS/390 OpenEdition DCE Application Considerationsthe DCE Encryption Key OpenEdition Planning, and inOS/390 OpenEdition Programming Assembler Library ReferenceThreads and Changes to RACF Authorization Processing Restrictionscallable servicepthread orsecuritynp Rdceruid Callable Service UtilityEnhancements to the SYSMVIEW Chapter 7. Administration Considerations43Page SMF Records Chapter 8. Auditing ConsiderationsAuditors Guide and OS/390 Server RACF Macros Services Auditing New OS/390Interfaces Auditing SystemView for MVS Support Auditing OS/390 OpenEdition DCE SupportReport Writer SMF Data Unload UtilityPage OS/390 Security Server RACF Command Language Referencefor more CommandChapter 9. Operational Considerations Enabling and DisablingPage 2000 Support Chapter 10. Application Development ConsiderationsServers 01yydddF pthread the securitynp New Application Services and Security New Application Authorization ServiceChanges to the Class Descriptor Table Programming Interfaces Ÿ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Considerations Chapter 11. General UserOpenEdition Reference forPage APAR OW14451 Chapter 12. NJE ConsiderationsOW08457 After Applying the PTF OW08457 Actions RequiredUACC NODES APAR OW15408 GROUPFAILSAFE Page Migrating an Existing Chapter 13. ScenariosNodes RRSF On MIAMI2 prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 DELETE RACF Diagnosis On ORLANDODELETE Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Glossary accessdirection Page Seegeneral-use programming Seeinventoryprogramming Seemultisystem Seelogical logical supervisory other.single-system task segment andDFP classes continued Index A continued Page SERVER SFSCMDKEYSMSTR utilitiescontinued Page IBM  Now you can! TheIBM Online Library ProductivityEdition OS/390 Security Server RACF Information Page Page comments Communicating Your Comments to IBM OS/390 Security Server RACF Planning Installation and Migration Readers Comments - Wed Like to Hear from YouPublication No. GC28-1920-01 Note Copies REPLY MAILBUSINESS IBMPage IBM Drop in Back Cover Image HereGC28-192ð-ð1