We want to know in a USS environment if we change the file permission, e.g from 777 to 755, will this be captured by ACF2? Is there any reports we can generate?
Article ID: 16783
Updated On:
Products
Issue/Introduction
We want to know in a USS environment if we change the file permission, e.g from 777 to 755, will this be captured by ACF2? Is there any reports we can generate?
Environment
Component: ACF2MS
Resolution
If the ACF2 GSO UNIXOPTS FSSEC is set a SMF record will be cut for the 'chmod' issued from OMVS.
The GSO UNIXOPTS FSSEC|NOFSSEC field controls the following.
FSSEC|NOFSSEC
Specifies whether SMF records are to be cut for UNIX system services that control the auditing of changes to the security data (FSP) for file system objects. Some of the functions that modify the FSP are chaudit, chmod, chown, chattr, write, fchaudit, fchmod, and setfacl. The Security Server callable services that control cutting of this SMF Record are R_chaudit, R_chown, R_chmod, clear_setid, and R_setfacl.
For example:
'cmod' command issued command from OMVS:
CHMOD 666 scart0.zip
ACFRPTOM report shows the following entry.
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
R_chmod USER002 TESTGRP 0 10 0 0 0
12/07/17 17.341 11.19.41 USER002 SYS8 SYS28
Successful - Logging active by Trace/Audit options
Old Permission bits - Owner: rwx Group: rwx Other: rwx
New Permission bits - Owner: rw- Group: rw- Other: rw-
Function: chmod User Type: Local
Pathname: scart0.zip
Filename: scart0.zip
File Permissions: Owner: rw- Group: rw- Other: rw-
Owning UID: 100000004 Owning GID: 10
Volume : SYSC88 File Identifier: E3E2D6C3F2F86DD00000000000030124
File Audit Options:
User : Read Failure Write Failure Exec/Search Failure
Auditor : Read None Write None Exec/Search None
Also note the ACFRPTOM report should be run the the 'DETAIL' parameter otherwise only the R_chmod will be reported on, not the file, path, old permission, new permission etc will be omitted.
Feedback
