IBM Security Z Security

 View Only
  • 1.  Cmd Verifier Audit trail -- Group / Connect

    Posted Wed November 29, 2023 02:33 PM

    Hello - working with the Command Verifier Command Audit Trail for the first time. While some tests are working (USER profile-identification profiles =SEGMENT tests), I can not get the GROUP =CONNECT working, for example:

    XFACILIT C4R.GROUP.=CMDAUD.=CONNECT.SYS1.EZ  

    EZ is the group, SYS1 is the owner, refresh was done, i connected and removed users from EZ but I am not seeing an audit trail of the users connected or removed from EZ.

    I have the appropriate =MAINT profile in place and using the C4RCATMN command. Everything looks good but am not sure why I am not seeing a trail of users connected or removed from the group. (Testing under 2.5)

    thanks, Joe



    ------------------------------
    Joseph Sumi
    ------------------------------


  • 2.  RE: Cmd Verifier Audit trail -- Group / Connect

    Posted Thu November 30, 2023 03:37 AM
    Edited by Mike Riches Thu November 30, 2023 05:50 AM

    Hello Joe,

    The documentation here: https://www.ibm.com/docs/en/szs/2.5.0?topic=trail-format-command-audit-data-display for "The Connects section" explains:

    "Contains the Groups, the Authorizations, and the UACC together with information about the last change to the connect.

    Collection is controlled by the policy profile
    C4R.class=CMDAUD.=CONNECT.profile-identification

    The Connects section is only present for USER profiles. It is not included for GROUP profiles."

    Therefore you will need to look at the user profiles to see the relevant connect entries in the Command Audit Trail.

    UPDATE: I should also mention that the format of this Command Verifier policy profile is like this:

    C4R.USER.=CMDAUD.=CONNECT.CKRUSER.CRMBMJ9

    where CKRUSER is the owner of the user ID CRMBMJ9, and the presence of this policy profile causes the Command Audit Trail to be updated for CRMBMJ9 when it is added or removed from a group.

    Regards, Mike



    ------------------------------
    Mike Riches
    ------------------------------



  • 3.  RE: Cmd Verifier Audit trail -- Group / Connect

    Posted Fri December 01, 2023 04:02 PM

    Ok, thank you. Joe



    ------------------------------
    Joseph Sumi
    ------------------------------