Hi Richard.
Access Monitor is an excellent tool for keeping things tidy. I have used it on several occasions when having to figure out who accesses a particular resource, e.g. dataset profiles, DSNR resources, CICS transactions, etc.
Alert provides capabilities to monitor events that could potentially be a concern, e.g. if a user is assigned system level privileges or if someone updates SYS1.UADS.
Command Verifier is a favorite of mine. With Command Verifier you can introduce naming conventions (e.g. limit the capability of a group special to create and manage groups that do not follow your installations naming conventions), allow a user specific actions that require system special or system auditor (e.g. allowing a system programmer to set UAUDIT on a specific subset of users) and a lot more.
You might also want to consider zSecure Audit. This will allow you to create reports that looks way beyond your ESM. A couple of use case examples could be improper TLS settings on MQ channels or undefined authorisation ids in DB2 (if you are using DB2 and the internal security in DB2).
Different tools that can help you mitigate risks from different angles. Do enjoy.
Best regards
Mikael Rasmussen
------------------------------
Mikael Rasmussen
Senior Mainframe Security Engineer
Danske Bank
Brabrand
+4540766221
------------------------------
Original Message:
Sent: Tue November 22, 2022 04:21 PM
From: Richard McIntosh
Subject: zsecure implementation
Hello, I'm from a fairly new shop using zsecure and RACF (less than 6 months) and I have the basic zsecure admin installed and have setup some simple Audit reports. I was looking at other pieces and am still trying to grasp all of the pieces and what they are for and do others install all of them.
Access Monitor
RACF Offline
Command Verifier
Alert
Are there others??
Also of the CKFREEZE file and how many are really needed and what types. I have 5 sysplex's with 16 lpars.
Is there anything else beside the install guide that helps explain more and sample setups with multiple lpars.
Thanks
Richard McIntosh