Systems Administration (Security)
Part Three - Challenge #09

Background:

Security Administration roles and security best practices have always been critical. The internet has enabled public's indirect access to critical data sources. This has increased the intensity around security. Audit functions are also critical. The security administer will typically conduct audit functions in an attempt to find and address problems before auditors discover issues which must be reported.

Your challenge:

You (the new security administrator) were asked to provide "all audit records for a specific user", TEST003.

RACF data base activity and z/OS SMF system activity records are collected routinely to produce reports such as this one.

The senior security administrator gave you the instructions below to print the requested report. The senior security administrator told you that many reports exist and each unique report as a unique 4 character value. The senior security administrator does not remember which 4 character value is associated with the "all audit records for a specific user" report. You will need to identify that 4 character value.

  • Copy ZOS.PUBLIC.RACFICE.CNTL($$CNTL$$) to CC#####.JCL(RACFRPT)
  • The copied JCL(RACFRPT) member is a JOB card with lots of commented JCL statements
  • Review the CC#####.JCL(RACFRPT) comments to find the 4_char_value associated with the requested report.
  • Once the 4 character RACF report is identified, then:
    1. Copy ZOS.PUBLIC.RACFICE.CNTL(4_char_value) to CC#####.JCL(4_char_value)
    2. Copy ZOS.PUBLIC.RACFICE.CNTL(4_char_valueCNTL) to CC#####.JCL(4_char_valueCNTL)
    3. Edit CC#####.JCL(4_char_valueCNTL) and change IBMUSER to TEST003
  • Edit CC#####.JCL(RACFRPT) then:
    1. Delete the JCLLIB statement
    2. Change existing JCL statement to read SET ADUDATA=ZOS.PUBLIC.RACF.SMFUNLD
    3. Change existing JCL statement to read SET DBUDATA=ZOS.PUBLIC.RACF.UNLOAD
    4. Change existing JCL statement to read SET ICECNTL=CC#####.JCL
    5. Uncomment only one EXEC RACFICE,REPORT= statement (the one with the appropriate 4_char_value)
    6. Submit the JCL

If the instructions were followed accurately, then RACFPRT output will include the report in PRINT DDNAME.

Enter XDC to the left of the PRINT DDNAME output. An SDSF Open Print Data Set panel will appear. Type P3.OUTPUT(#09) in the Data set name field, then enter SHR in the Disposition field. This will write PRINT DDNAME report into P3.OUTPUT(#09).

Next: Challenge #10