Audit Capabilities



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Audit Capabilities

Postby greenja9 » Tue Jan 11, 2011 5:18 am

Would this be an accurate statement:

The CA Top Secret application and maintained syslog file are the automated processes to capture events.

If not, what are the name of the files that are created by the CA application, i.e. the unix equivalent...

Thanks,
greenja9
greenja9
 
Posts: 1
Joined: Tue Jan 11, 2011 2:51 am
Has thanked: 0 time
Been thanked: 0 time

Re: Audit Capabilities

 

Re: Audit Capabilities

Postby Robert Sample » Tue Jan 11, 2011 5:55 am

Top Secret, like RACF and ACF2, is a security package that manages access to system resources. It may issue messags to the console log, but I'm not 100% sure what you mean by "managed syslog file". Depending upon what you mean by "event", either Top Secret or SMF (or both) will capture the "event" -- security access violaitons will be flagged by Top Secret, but in general system activity is logged by the SMF subsystem (including the security access violations). And where does Unix System Services come into this as your last sentence indicates? Which CA application is creating files? And, generally, part of the CA installation process is to customize data set names so only someone who works AT YOUR SITE (such asyour site security group) could possibly tell you what names are used for these data sets.
Robert Sample
Global moderator
 
Posts: 3367
Joined: Sat Dec 19, 2009 8:32 pm
Location: East Dubuque, Illinois
Has thanked: 1 time
Been thanked: 222 times

Re: Audit Capabilities

Postby dick scherrer » Tue Jan 11, 2011 9:28 am

Hi Robert,

And where does Unix System Services come into this as your last sentence indicates?
I suspect this is a reference to "real" unix instead of the mainframe system services. . .

If my memory is still with me, i recall HP-UX (Hewlett-Packer Unix) logged login attempts/failures and placed a bit of tcp/ip info in the logged entry. Our systems also ran several "packet sniffers" to look for people tryhing to "sneak in". Due to the nature of the systems, we checked these logs rather regularly.

Would this be an accurate statement:

The CA Top Secret application and maintained syslog file are the automated processes to capture events.
I'd vote that this is not an accurate statement - largely because the question is quite confusing. As far as i know TSS is NOT an automated process to "capture events" - it is to restrict/grant access to "things".

I've used console log (also called the system log many places) but i'm not familiar with the term "maintained syslog file".

Maybe we'll get some clarification. . .
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6304
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 91 times


Return to Mainframe Security