Help required to list the active logon Proc's



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Help required to list the active logon Proc's

Postby Viswanathchandru » Sat Oct 27, 2012 12:59 am

Dear all,

I would like to know is there a way to list the Active Logon proc's in the system which has ACF2 as the security tool. I have heard in case of RACF we can list it through the "Class(logon proc)" since we need to rdefine those logon proc's initially before giving into use. Any Suggestions/helps/links/manuals would be really helpful for me. Apologize if I or my thoughts are wrong!!


Regards,
Viswa
Viswanathchandru
 
Posts: 271
Joined: Mon Oct 25, 2010 2:24 pm
Has thanked: 25 times
Been thanked: 0 time

Re: Help required to list the active logon Proc's

 

Re: Help required to list the active logon Proc's

Postby steve-myers » Sat Oct 27, 2012 9:28 am

You are correct about using RACF, though most likely you could not use the RLIST command. I remember going to ACF2 training in 1983. The course discussed the ACF2 equivalent, and, to be honest, I couldn't make heads nor tails of the discussion. At the time I was ignorant of generalized resource security in RACF. Several years ago, in my role as a support tech for a product which utilized the security system, I learned how ACF2 did the equivalent of RACF generalized resource security. In my opinion it was screwed up in 1983, and it hasn't gotten any better.

In any event, I propose you forget about trying to drag this out of ACF2 and go to plan B. There is one thing which is unique about all LOGON procs. This is not proof it is a LOGON proc, but it reduces the number of procedures you need to inspect. Second, in most shops the LOGON procs are isolated into one library. Find out the library, and do an ISPF search in all members of the library for PGM=IKJEFT01. This will give you a list of probable LOGON procs. Armed with this list you should be able to eliminate the non-LOGON procs. The remaining procs are still subject to TSOPROC/proc-name security, of course, but at least you know what to look for.

These users thanked the author steve-myers for the post:
Viswanathchandru (Mon Oct 29, 2012 8:59 pm)
steve-myers
Global moderator
 
Posts: 1885
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 197 times

Re: Help required to list the active logon Proc's

Postby Viswanathchandru » Mon Oct 29, 2012 8:58 pm

Thanks Steve for your reply!! I will look into this.

Regards,
Viswa
Viswanathchandru
 
Posts: 271
Joined: Mon Oct 25, 2010 2:24 pm
Has thanked: 25 times
Been thanked: 0 time


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post