IBM Security Z Security

 View Only

  • 1.  zSecure File integrity monitoring

    Posted Wed February 07, 2024 04:07 AM

    Hi all,
    I am trying to use the zSecure File integrity monitoring but I am struggling to do the setup. I built a CKFREEZE using CHECK=YES and SYMKEYTEST=Y but I am missing something. How do I proceed from here?
    Thank you all for your help
    Regards
    Jack



    ------------------------------
    Jack Zukt
    ------------------------------


  • 2.  RE: zSecure File integrity monitoring

    Posted Wed February 07, 2024 04:42 AM

    Hi,

    I should have added more info. I added two CKFREEZE files built at slightly different times as version "0" and version "1". When I press "PF03" I get this message:

    Unlike BASE/MAIN types

    an additional "PF01" gets this result:

    Input file types of main and baseline sets should be identical. E.g. when  the baseline set contains a security database and a CKFREEZE file, the main set should also contain a security database and a CKFREEZE file.      

    What does this mean? Do I have to setup different RACF database as well?

    Regards
    Jack   



    ------------------------------
    Jack Zukt
    ------------------------------

    Original Message


  • 3.  RE: zSecure File integrity monitoring

    Posted Wed February 07, 2024 05:06 AM

    Hi
    A bit more information as I am struggling to understand how to make this work.
    I tried using two different CKFREEZE verisions, "0" and "1", and two ZSEC UNLOAD RACF as versions "0" and "1" as well. When I press "PF03" I get this message:

    Unlike BASE/MAIN types

    with the extended format one being:

    Input file types of main and baseline sets should be identical. E.g. when  the baseline set contains a security database and a CKFREEZE file, the main set should also contain a security database and a CKFREEZE file.           

    I feel like I am going around in circles.
    Regards
    Jack



    ------------------------------
    Jack Zukt
    ------------------------------

    Original Message


  • 4.  RE: zSecure File integrity monitoring

    IBM Champion
    Posted Wed February 07, 2024 07:33 AM
    Edited by Rob van Hoboken Wed February 07, 2024 07:35 AM

    Is it possible you also have your primary RACF database still selected in SE.1?  The Show differences option expects 2 set of input files, both containing a RACF source and a CKFREEZE.  One should be marked with the C line command (to identify the Compare baseline input), the other with the S line command (to Select the variant(s) that must match the baseline).  There should be no extraneous sets selected.  This is needed only for all the Show differences analyses.  The version field on the set details panel can be used  to make the complex values different from another (if you want to have the same 8 character string in the complex field.

    I assume that RE.F works OK for you if you only have one set selected with the S line command (enter a U in front of the one with the Baseline selection), and the Show difference option unselected.

    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 5.  RE: zSecure File integrity monitoring

    Posted Wed February 07, 2024 08:43 AM

    Hi Rob,
    You were right. I still had the RACF primary database selected. Deselecting it allowed me to proceed.
    Many thanks
    Regards



    ------------------------------
    Jack Zukt
    ------------------------------

    Original Message