I started thinking about that too. How about modifying the class for SET SHARE and allowing only OPERATOR to do it. If PROP or VM:Operator is running process an audit record whenever executing the command. Bob -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of Schuh, Richard Sent: Wednesday, December 06, 2006 1:34 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Are priv CP commands logged somewhere?
You are on the right track. Instead of relying on an EXEC, CP Exit code or altered commands might be a better path to take. One can almost always find a way of circumventing or subverting an EXEC if bypassing the logging is desired. _____ From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Zoltan Balogh Sent: Wednesday, December 06, 2006 11:27 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Are priv CP commands logged somewhere? i know world of VM's is very new for me but if i were under linux or windows i would rename the application, and i place (in this case) an EXEC what calls the original program with all of the given parameters, but then you can put some logging/any function for traces.. I dont know here is it a good way too or not On 12/6/06, Jim Vincent < [EMAIL PROTECTED]> wrote: According to my monitoring configurator (aka, Rick B) the CP VARY PROC would be system config change and gets monitored. CP SET SHARE is another puppy. We need to know (without an ESM) when someone enters a command like that to be able to audit when, who and to what it was done. _______________________________________ James Vincent Systems Engineering Consultant Nationwide Services Co., Technology Solutions Mainframe, z/VM and z/Linux Support One Nationwide Plaza 3-20-13 Columbus OH 43215-2220 U.S.A Voice: (614) 249-5547 Fax: (614) 677-7681 mailto: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] The IBM z/VM Operating System < IBMVM@LISTSERV.UARK.EDU> wrote on 12/06/2006 02:16:36 PM: > IBMVM@LISTSERV.UARK.EDU > > Are configuration monitor records cut for these events? > > Neale > On Wednesday, 12/06/2006 at 01:58 EST, Jim Vincent > < <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]> wrote: > > I am just starting to dig, but thought I would toss this out to the > list. > > If someone enters a command like CP SET SHARE or CP VARY PROCESSOR, are > > those logged anywhere? Are they in the monitor data or accounting data?
