> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gilmartin > Sent: Saturday, March 17, 2007 7:22 PM > To: [email protected] > Subject: Re: Zos Maintenance and pax format
<snip> > To be secure, his administrators should remove GIMZIP and > AMASPZAP from his system, and make sure he has neither the > tools nor the authority to modify APF authorized libraries. > > In fact, any modification to the download is readily detected > by verifying the checksums against the originals at the IBM > site. This verification would be easier if SMP/E logged the > checksums during the RECEIVE. But you would need to make > sure he doesn't counterfeit the logs. Or do a MITM intrusion > to the checksum verification. > > Etc. > > -- gil And if "they" do that, then how in the world do I do maintenance? Not that "they" can at present. I __am__ "they". That is, I also the main RACF security person as well as the senior z/OS sysprog. Small shop. In a different shop, I was more restricted. <shrug>. It just took longer to get anything done. The security person there acknowledge that she couldn't verify what I was doing anyway. And knew that if I wanted to, I could set things up to do literally anything that I wanted and never even trip an alarm that she would see. But I am relatively trustworthy. At least when it comes to MY system! Just don't leave the chocolate unguarded! <grin>. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
