IBM Security Z Security

Expand all | Collapse all

Command Logger Message for No Ticket

  • 1.  Command Logger Message for No Ticket

    Posted Wed March 25, 2020 03:53 PM
    When we are running batch jobs issuing commands and we forget to issue the CKXLOGID command, we get a lot of "No Ticket Identifier" in the output of the job.  When we are in zSecure we are prompted for ticket information, so not much of a chance to see the "No Ticket Identifier" message.

    Is that message customizable, can the text be changed by the customer?

    Right now we are only running with C4RMAIN, so only commands that go through Command Verifier are being processed by Command Logger.   Is there a way that if the RACF commands are submitted from batch without a ticket, can the message be suppressed?   Typically if you are using batch to make changes, it could be hundreds of thousands of changes.  I may not want to see all those messages because I forgot the CKXLOGID command at the top of my job.


    ------------------------------
    Linnea Sullivan
    ------------------------------


  • 2.  RE: Command Logger Message for No Ticket

    Posted Thu March 26, 2020 10:21 AM
    Edited by Rob van Hoboken Thu March 26, 2020 10:21 AM
    As a work-around you could permit the user IDs that use the batch interface UPDATE to C4R.*.=CKXLOG, because access to these profiles is interpreted as:

    NONE
    This control is not active for the terminal user. The command is not logged through CKXLOG.

    READ
    The command as optionally modified and approved by zSecure Command Verifier is logged through CKXLOG. If no ticket information is present, or if the CKXLOG server is not active, a warning message is issued.

    UPDATE
    The command as optionally modified and approved by zSecure Command Verifier is logged through CKXLOG. Warning messages about missing ticket information or an inactive CKXLOG server are suppressed.

    CONTROL
    Same as UPDATE.


    See last page of pdf.


    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 3.  RE: Command Logger Message for No Ticket

    Posted Thu March 26, 2020 10:27 AM

    Thanks, that actually resolved another concern I had.

     

     

    Linnea G Sullivan Jr

    VP, Information Security Engineer 6

    zSeries Security Strategy

     

    809 4 ½ Street | Winston-Salem, NC 27101

    MAC D9635-010

    Tel 336-595-2831 | Cell 336-413-2080

    Linnea.G.Sullivan@wellsfargo.com

     

    This transmission may contain information that is confidential and/or proprietary. If you are not the individual or entity to which it is addressed, note that any review, disclosure, copying, retransmission, or other use is strictly prohibited. If you received this transmission in error, please notify the sender immediately and delete the material from your system. This transmission is for informational purposes only and is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Any information regarding specific investments or other products is not warranted for completeness or accuracy and is subject to change without notice.