Which ACF2 report will identify which user modified or deleted ACF2 KEYRINGS and CERTIFICATES
Article ID: 25719
Updated On:
Products
Issue/Introduction
Which ACF2 report will identify who has modified or deleted ACF2 USER profile records including certificates and keyrings
Environment
Component: ACF2MS
Resolution
The ACFRPTEL report generator processes the SMF records issued for ACF2 recovery purposes and lists each change to the Infostorage database.
These changes include updates to entry records, resource rule sets, GSO records, CERTDATA(certificate records) and
ACF2 for DB2 rule sets and records, and other types of infostorage record as well as the logonid that made the changes.
The ACFRPTEL report parameters can be specified using one of these methods:
The PARM parameter of the EXEC statement in the JCL or SYSIN input.
The ACFRPTEL report can be used to report on CERTIFICATE and KEYRING updates such as a delete of a KEYRING or CERTIFICATE or a CONNECT of a CERTIFICATE to a KEYRING.
The ACFRPTEL report uses standard CA-ACF2 report JCL like the following two examples for batch submission .
Example 1 Using PARM statement for report parameters.
//REPORT EXEC PGM=ACFRPTEL,PARM=('TITLE(SAMPLE ACFRPTEL)',
// 'DETAIL,CLASS(P),TYPE(USR)')
//SYSPRINT DD SYSOUT=*
//* THE FOLLOWING DDS SHOULD POINT TO THE SMF DATASETS
//RECMAN1 DD DISP=SHR,DSN=SYS1.MAN1
//RECMAN2 DD DISP=SHR,DSN=SYS1.MAN2
//RECMAN3 DD DISP=SHR,DSN=SYS1.MAN3
//SYSIN DD * //*
Example 2 Using SYSIN file for report parameters.
//REPORT EXEC PGM=ACFRPTEL //SYSPRINT DD SYSOUT=* //* THE FOLLOWING DDS SHOULD POINT TO THE SMF DATASETS //RECMAN1 DD DISP=SHR,DSN=SYS1.MAN4 //RECMAN2 DD DISP=SHR,DSN=SYS1.MAN5 //RECMAN3 DD DISP=SHR,DSN=SYS1.MAN6
//SYSIN DD * TITLE(SAMPLE ACFRPTEL) DETAIL
CLASS(P) TYPE(USR) //*
DD statements
RECxxxxx
These ddnames identify the files containing the input SMF records. ACFRPTEL accepts one SMF input file per ddname. Do not concatenate SMF input files.
SYSPRINT
ACFRPTEL uses the SYSPRINT file for message and summary report output.
SAMPLE OUTPUT
The following sample output examples shows the ACFRPTEL reporting for the following CERTIFICATE/KEYRING changes.
- DELETE of a keyring
- CONNECT of a CERTIFICATE to a KEYRING
- DELETE of a CERTIFICATE
- GENCERT of a CERTIFICATE
- INSERT of a CERTIFICATE
- REMOVE a CERTIFICATE from a KEYRING
Example 1: Logonid USER003 DELETE KEYRING USER002.RING:
eTrust CA-ACF2 Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1
DATE 11/03/08 (08.308) TIME 09.57 SAMPLE ACFRPTEL
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
08.308 11/03 09:36 USER003 USER003 ACF0AENT DELETE SYS1 P-USR-KEYRING USER002.RING
DEFAULT ---NULLS---
RINGNAME MMM keyring
Example 2: Logonid USER004 CONNECT of certificate CERTAUTH.DESKTOP1 to KEYRING BES.RING:
eTrust CA-ACF2 Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1
DATE 11/03/08 (08.308) TIME 09.57 SAMPLE ACFRPTEL
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
08.308 11/03 09:38 USER004 USER004 ACF0AENT REPLACE SYS1 P-USR-KEYRING BES.RING
CERTDATA ---NULLS--- P-CERTAUTH.DESKTOP1
08.308 11/03 09:38 USER004 USER004 ACF0AENT REPLACE SYS1 P-USR-CERTDATACERTAUTH.DESKTOP1
KEYRING ---NULLS--- BES.RING
Example 3: Logonid USER005 DELETE of certificate CERTDATA.DELSRV:
eTrust CA-ACF2 Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1
DATE 11/03/08 (08.308) TIME 09.57 SAMPLE ACFRPTEL
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
08.308 11/03 09:39 USER005 USER005 ACF0AENT DELETE SYS1 P-USR-CERTDATACERTDATA.DELSRV
ISSUERDN CN=MMMLocalzOSCA.OU=
Auditing Department.
O=Company Name.C=US
KEYSIZE 1,024
LABEL DELServer
SERIAL# 03
SUBJDN CN=ITOperations.OU=M
yCo.C=US
USERID ---NOT AUTH---
08.308 11/03 09:39 USER002 USER002 ACF0AENT DELETE SYS1 P-USR-CERTKEYXCERTDATA.DELSRV
Example 4: Logonid USER007 GENCERT of certificate SAMPLEX.CERT:
eTrust CA-ACF2 Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1
DATE 11/03/08 (08.308) TIME 09.57 SAMPLE ACFRPTEL
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
08.308 11/03 10:23 USER007 USER007 ACF0AENT INSERT SYS1 P-USR-CERTKEYXSAMPLEX.CERT
08.308 11/03 10:23 USER007 USER007 ACF0AENT INSERT SYS1 P-USR-CERTDATASAMPLEX.CERT
CERTNSER ---NULLS--- 0000000000000001
LABEL ---NULLS--- SAMPLEX.CERT
Example 5: USER009 INSERT of certificate CERTAUTH.LOCALMB from MVS DSN:
eTrust CA-ACF2 Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1
DATE 11/03/08 (08.308) TIME 09.57 SAMPLE ACFRPTEL
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
08.308 11/03 10:51 USER009 USER009 ACF0AENT INSERT SYS1 P-USR-CERTDATACERTAUTH.LOCALMB
*** NO FIELDS CHANGED ***
Example 6: Logonid USER006 REMOVE certificate MESRV.CERT from KEYRING MYRING.RING
eTrust CA-ACF2 Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1
DATE 11/03/08 (08.308) TIME 09.57 SAMPLE ACFRPTEL
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
08.308 11/03 12:21 USER006 USER006 ACF0AENT REPLACE SYS1 P-USR-KEYRING
CERTDATA C-CERTAUTH.MYCA, C-CERTAUTH.MYCA
P-MESRV.CERT
DEFAULT MESRV.CERT ---NULLS---
08.308 11/03 12:21 USER006 USER006 ACF0AENT REPLACE SYS1 P-USR-CERTDATA
KEYRING MYRING.RING ---NULLS---
Details on the ACFRPTEL report can be found in "Chapter 5: ACFRPTEL-Infostorage Update Log" of the CA-ACF2 Security for z/OS Report and Utilities Guide.
Feedback
