As part of a recent audit, we have been goaded into updating the permission and/or audit bits on certain Unix directories per the DISA STIG (which we use as our risk model). Those directories include many that are shipped by IBM and it's a fair bit of research/work. So... you can easily imagine the problem here--when IBM ships a new release of z/OS or makes changes to either the directory structure or to the existing directories, our changes are backed out. We have been trying to figure out a semi-automated "best practice" that would satisfy the Audit requirement, but have not had much success. So... we started to wonder if anybody else is doing this and if so, how do they manage to keep track of directory changes and keep them updated per the STIG. Any advice would be gratefully appreciated...
Thanks. Larre Shiller US Social Security Administration “The opinions expressed in this e-mail are mine personally and do not necessarily reflect the opinion of the US Social Security Administration and/or the US Government.” ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
