List of Contributions

Adam Klinger

Contact Details

My Content

1 to 20 of 50+ total

RE: zSecure CARLa: Checking WHEN(PROGRAM) Permits

Posted By Adam Klinger Tue March 02, 2021 11:59 AM
Found In Egroup: IBM Security Z Security \ view thread
Thanks Tom! For some reason I glossed over AU.V.. the answer to the CARLa question would be interesting nonetheless :) Options "2" and "3" seem to behave as expected however attempting Option "1" returned 0 results selected, yet in my own analysis using the above r_pgm methodology I found several ...

zSecure CARLa: Checking WHEN(PROGRAM) Permits

Posted By Adam Klinger Tue March 02, 2021 10:57 AM
Found In Egroup: IBM Security Z Security \ view thread
Greetings, I have gone down the path of using CARLa to check WHEN(PROGRAM) Permits, with the goals of checking things such as: Ensuring the PROGRAM specified on the permit actually exists somewhere on the system Ensuring the Dataset(s) the PROGRAM reside(s) in are defined as members in the ...

RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

Posted By Adam Klinger Wed February 24, 2021 07:39 AM
Found In Egroup: IBM Security Z Security \ view thread
Thank you Rob.. the key piece I was overlooking is the ability to specify min / max on the summary statement itself! ------------------------------ Adam Klinger ------------------------------

RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

Posted By Adam Klinger Tue February 23, 2021 08:18 AM
Found In Egroup: IBM Security Z Security \ view thread
Bumping an old Thread since my question is an extension to the good information already in here. Can this method be used to convert a date returned from functions such as max/min? One example of this is the newlist type=racf_access which AM.4 uses and a snippet is below: define lastuse(7,"LastUse",noprop) ...

RE: Access Monitor dataset profile records

Posted By Adam Klinger Wed February 17, 2021 04:57 PM
Found In Egroup: IBM Security Z Security \ view thread
One thing I'd check is if your Access Monitor STC is starting before the "NET" Started Task -- sounds like it may be not if you are seeing no records at all. Ideally you want the Access Monitor STC to come up as early as possible in the IPL process to capture maximum data. Keep in mind that there ...

RE: zSecure CARLa Newlist Type=Sensdsn Filtering

Posted By Adam Klinger Tue February 09, 2021 01:09 PM
Found In Egroup: IBM Security Z Security \ view thread
Thanks Rob, newlist type=trusted seems like the way to go for my needs. ------------------------------ Adam Klinger ------------------------------

RE: zSecure CARLa Newlist Type=Sensdsn Filtering

Posted By Adam Klinger Mon February 08, 2021 04:20 PM
Found In Egroup: IBM Security Z Security \ view thread
Yes, thanks Hans! Looking at it from that direction I was able to put something similar together: newlist type=racf_access required retain pl=0, esm=racf nopage header=column nodup select exists(priv_senstype) DEFINE id_type('Id_Type',8) as id:id.id.class sortlist, complex, class, resource, ...

RE: Access Monitor dataset profile records

Posted By Adam Klinger Mon February 08, 2021 04:11 PM
Found In Egroup: IBM Security Z Security \ view thread
For this I'd say use Access Monitor option 1 (Access), specifying the SAF resource class "DATASET" and SAF resource name "SYS3.VENDOR.APFLIB". If you instead wanted to look at this from the RACF profiles perspective , you could key in "SYS3.VENDOR.**" for the "RACF match on" field and leave the "SAF ...

zSecure CARLa Newlist Type=Sensdsn Filtering

Posted By Adam Klinger Mon February 08, 2021 11:39 AM
Found In Egroup: IBM Security Z Security \ view thread
Greetings, I am looking for some advice on how I can do filtering on the newlist type=sensdsn racf_acl field, since it does not support subselect like the "acl" version under newlist type=racf. The goal is to only display racf_acl entries where the racf_acl access "subfield" is >= priv_access. Here ...

RE: We don't want run C2PACMON STC per system in SYSPLEX.

Posted By Adam Klinger Fri January 29, 2021 10:48 AM
Found In Egroup: IBM Security Z Security \ view thread
Yes, these are all valid points and concerns one has to be very aware of before considering and using -- it's certainly a "your mileage may vary" approach, that you should not consider without solid reason. The "SIMULATE ACCESS_FALLBACK_DEFAULT" statement can be added in the SE.D.3 preamble, for example. ...

RE: We don't want run C2PACMON STC per system in SYSPLEX.

Posted By Adam Klinger Fri January 29, 2021 08:45 AM
Found In Egroup: IBM Security Z Security \ view thread
To add on to what Rob said, I have used the technique of combining the individual LPAR Access Monitor files into one per SYSPLEX daily as I've found it useful when you have many LPARs sharing one RACFDB, for example. You can open a ticket with zSecure support to potentially provide you full details ...

RE: zSecure Alerts & Command Logger

Posted By Adam Klinger Wed January 13, 2021 09:09 AM
Found In Egroup: IBM Security Z Security \ view thread
Thanks Rob for the response, if there is no current support then that saves me the hassle of attempting! I'd most be interested in cross-referencing the related CKXLOG record to find the potential "why" on a command was issued, but in lieu of that support someone can always log into the applicable ...

zSecure Alerts & Command Logger

Posted By Adam Klinger Thu January 07, 2021 08:23 AM
Found In Egroup: IBM Security Z Security \ view thread
Greetings, While using zSecure Alert, I noticed that some of the built-in alert IDs based around SMF events for RACF Commands (for example, #1119​ / Non-expiring password enabled) do not have Command Logger information build-in the alert body text. Thinking about attempting to have this information, ...

CKRCARLA Return Code Manipulation

Posted By Adam Klinger Wed December 09, 2020 07:51 AM
Found In Egroup: IBM Security Z Security \ view thread
I'm wondering if there's a way to manipulate the return code from the CKRCARLA program based on results from the query executed. One use-case I've came up with would be that I'd want a certain CARLA query to return a RC=8 if any results are returned and if not, a RC=0. Is this possible, through ...

RE: zSecure "FORALL" Command in RA.5.1 (Certificates)

Posted By Adam Klinger Tue October 13, 2020 07:59 AM
Found In Egroup: IBM Security Z Security \ view thread
Sure Rob, one use-case which came up was mass deleting expired certificates, such as using RA.5.1 to filter on certificates which expired past a certain date, then using the "Forall" command to generate Deletes. Block "DD" support would work just as well for this one really. I can see using this technique ...

RE: zSecure "FORALL" Command in RA.5.1 (Certificates)

Posted By Adam Klinger Fri October 09, 2020 11:08 AM
Found In Egroup: IBM Security Z Security \ view thread
Thanks Jeroen, figured that was the case. I will think about if an RFE is warranted and how to word that. For now, some stand-alone CARLa did the trick to build commands based on similar panel-driven criteria. ------------------------------ Adam Klinger ------------------------------

zSecure "FORALL" Command in RA.5.1 (Certificates)

Posted By Adam Klinger Fri October 09, 2020 09:42 AM
Found In Egroup: IBM Security Z Security \ view thread
Greetings, I'm trying to see if the "FORALL" zSecure Command can be used to generate RACDCERT DELETE commands based on the results of a query in RA.5.1 (RACF --> RACDCERT --> Certificates) and the "Digital certificate labels" field as it's needed for the commands. When trying to use !KEY, this ...

zSecure CARLa: Newlist type=racf "acl" field type?

Posted By Adam Klinger Mon September 28, 2020 11:47 AM
Found In Egroup: IBM Security Z Security \ view thread
Greetings, The "ACL" field in newlist type=RACF has these 4 Output fields: User Access ACL id When. I'm looking to extract these into individual fields. What's the best way to go about this? I've been able to do something like below to get two of the fields (aclid and aclaccess); define sub_acl ...

RE: Command Verifier -- r_admin Authorization?

Posted By Adam Klinger Fri September 11, 2020 08:04 AM
Found In Egroup: IBM Security Z Security \ view thread
Thanks Guus, you confirmed my thinking in that Command Verifier wouldn't be involved in the EXTRACT function of IRRXUTIL ------------------------------ Adam Klinger ------------------------------

Command Verifier -- r_admin Authorization?

Posted By Adam Klinger Thu September 10, 2020 08:46 AM
Found In Egroup: IBM Security Z Security \ view thread
Greetings, We are looking to see if Command Verifier profiles such as C4R.LISTUSER.=AUDITOR can be used for r_admin extract function authorization, such as issuing: myrc=IRRXUTIL("EXTRACT","USER","BOBSID","USR") Instead of needing a RACF attribute such as ROAUDIT / AUDITOR / SPECIAL, ...