John, I guess some places do not have a need or interest in RACF violations which I don't understand, maybe I'm too old cool system programming
Scott ford www.identityforge.com Tell me and I'll forget; show me and I may remember; involve me and I'll understand. - Chinese Proverb On Sep 23, 2012, at 12:49 PM, John McKown <[email protected]> wrote: > When we do the SMF processing, we use create the IRRADU00 output. We use > Easytrieve Plus to read that to create report. We don't do much reporting. > Nobody really cares anymore. I also download the data to my Linux desktop > and compress it. I do ad-hoc reports from that. I also upload the > compressed data back to a tape resident dataset, for backup. > On Sep 23, 2012 11:41 AM, "Scott Ford" <[email protected]> wrote: > >> John, >> >> How do you track RACF violations and report on them ? >> >> Scott ford >> www.identityforge.com >> >> Tell me and I'll forget; show me and I may remember; involve me and I'll >> understand. - Chinese Proverb >> >> >> On Sep 23, 2012, at 12:38 PM, John McKown <[email protected]> >> wrote: >> >>> Took the easy way out. Superseded all ICH408I messages from SYSLOG which >>> have USER( at the front of word two. I see no need for them. We use SMF >>> records for reporting. >>> On Sep 18, 2012 10:18 AM, "McKown, John" <[email protected]> >>> wrote: >>> >>>> I have seen that. And other strange keying errors. PEBKAC. Now that you >>>> mention it, I may use a CA-OPS/MVS rule to "blank out" portions of the >>>> ICH408I messages. Say in the USER(...), GROUP(...) and NAME(...) >> portions. >>>> I don't use them anyway. I use the SMF records. >>>> >>>> -- >>>> John McKown >>>> Systems Engineer IV >>>> IT >>>> >>>> Administrative Services Group >>>> >>>> HealthMarkets® >>>> >>>> 9151 Boulevard 26 • N. Richland Hills • TX 76010 >>>> (817) 255-3225 phone • >>>> [email protected] • www.HealthMarkets.com >>>> >>>> Confidentiality Notice: This e-mail message may contain confidential or >>>> proprietary information. If you are not the intended recipient, please >>>> contact the sender by reply e-mail and destroy all copies of the >> original >>>> message. HealthMarkets® is the brand name for products underwritten and >>>> issued by the insurance subsidiaries of HealthMarkets, Inc. –The >> Chesapeake >>>> Life Insurance Company®, Mid-West National Life Insurance Company of >>>> TennesseeSM and The MEGA Life and Health Insurance Company.SM >>>> >>>> >>>>> -----Original Message----- >>>>> From: IBM Mainframe Discussion List [mailto:[email protected]] >>>>> On Behalf Of Paul Gilmartin >>>>> Sent: Tuesday, September 18, 2012 10:13 AM >>>>> To: [email protected] >>>>> Subject: Re: z/OS SYSLOG - why not let everybody read? >>>>> >>>>> On Tue, 18 Sep 2012 09:21:11 -0500, Elardus Engelbrecht wrote: >>>>> >>>>>> Ed Gould wrote: >>>>>> >>>>>>> 1. I have seen passwords on the syslog. >>>>>> >>>>>> Can you show any example(s) of such messages? Of course you can mask >>>>> out the passwords before posting. ;-) >>>>>> Was that by design [1] or by operator error? Was that a verbatim copy >>>>> of some command? >>>>> It's easy for a user to tab to the wrong field and inadvertently >>>>> type a password in the user ID field. The user may correct the >>>>> error and continue, not realizing that the password may now >>>>> appear in SYSLOG. >>>>> >>>>> Mistake? Sure. Process violation? Sure. Security exposure >>>>> nonetheless. >>>>> >>>>> -- gil >>>>> >>>>> ---------------------------------------------------------------------- >>>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>>> send email to [email protected] with the message: INFO IBM-MAIN >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
