Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

What ever your security server may be (RACF, CA-ACF2, CA-TSS) audit the 
successful use of the program IND$FILE so that all executions are logged.

This still does not address the issue.
Logging the use of IND$FILE (obsolete) does not manage all methods of moving 
files from the mainframe to PC's.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Daniel McLaughlin]

Was doing an interview audit one time. Subject was control of system 
libraries and protecting them. Then I shocked the auditor by asking this 
question.

Why are you so intent on protecting the system from me, whose livelihood 
is dependent on keeping it healthy? What about that hourly operator or 
tape librarian on the third shift who gets pissed off and trashes the 
system physically and then skips out the door?

Blank stare in response.

Daniel McLaughlin
Z-Series Systems Programmer
Information  Communications Technology
Crawford  Company
4680 N. Royal Atlanta
Tucker GA 30084 
phone: 770-621-3256 
fax: 770-621-3237
email: [EMAIL PROTECTED]
web: www.crawfordandcompany.com 




Best Overall Third-Party Claims Administrator - 2007 Business Insurance 
Readers Choice Awards
 
Consider the environment before printing this message.

This transmission is intended exclusively for the individual or entity to which 
it is addressed. This communication may contain information that is 
confidential, proprietary, privileged or otherwise exempt from disclosure. If 
you are not the named addressee, you are NOT authorized to read, print, retain, 
copy or disseminate this communication, its attachments or any part of them. If 
you have received this communication in error, please notify the sender 
immediately and delete this communication from all computers.  This 
communication does not form any contractual obligation on behalf of the sender, 
the sender's employer, or the employer's parent company, affiliates or 
subsidiaries.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Barry Merrill]

The SMF 30 contains no TSO COMMAND usage information
by command name, but any DDNAMEs allocated during the
TSO session are recorded in the SMF 30s, so you can
often/sometimes recognize what TSO command was used
from recognizable unique DDNAMEs in the SMF 30,
but without 100% accuracy.

And you could map the JOB/JESNR/READTIME triplet to
select the TYPE1415 for non-VSAM or TYPE64 for VSAM
and identify the DSNAME of that DDNAME, which often
is needed to identify which version.

Barry

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Kenneth E Tomiak]

This post: Use of SPFEDIT in my own program   Bob Rutledge 
[EMAIL PROTECTED] is a fine example of how to educate the OP 
instead of doing their work for them.



On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak 
[EMAIL PROTECTED] wrote:

After awhile I start to spot a trend from some people posting here that they
are not trying to learn how to do something, they have figured out how to 
get
IBM-MAIN to do their job for them.

So if someone asks how to audit a program 'A' and then later asks how to
audit program 'B', did they learn anything the first time? If they ask for a
program to use the SMF data and someone directs them to a working
assembler sample on cbttape.org but it isn't the exact report they want, 
fixing
the program for them makes the fixer an enabler and unpaid-consultant. That
goes beyong sharing knowledge. Showing how to fix a few lines of code is
sharing, rewriting the program is doing their job for them. Feeling like a hero
for providing the answer does not mean they original poster learned anything.

If the auditors are truly coming up with all of these problems, maybe they
need to provide the solution for the fee they are paid, too.

Is the LISTSERV to share information or do the job for someone else for free?



On Fri, 18 Apr 2008 12:27:00 -0500, Tom Schmidt
[EMAIL PROTECTED] wrote:


We all read  post here to both seek  share our knowledge, don't we?  Or
have I completely misunderstood ibm-main's purpose?

--
Tom Schmidt


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Tony B.]

agree 100%.  I was especially insulted by a post a few weeks ago where the
subject line
contained verbiage similar to what our tech  support group sees, Emergency,
High Priority
Application Failure!Like we drop what we're doing to help them
out...

We should quit being baby sitters for those who won't exhaust their own
channels before dealing
with this group.


-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Kenneth E Tomiak
Sent: Sunday, April 20, 2008 10:29 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: how to audit the usage of IND$FILE

After awhile I start to spot a trend from some people posting here that they

are not trying to learn how to do something, they have figured out how to
get 
IBM-MAIN to do their job for them.

So if someone asks how to audit a program 'A' and then later asks how to 
audit program 'B', did they learn anything the first time? If they ask for a

program to use the SMF data and someone directs them to a working 
assembler sample on cbttape.org but it isn't the exact report they want,
fixing 
the program for them makes the fixer an enabler and unpaid-consultant. That 
goes beyong sharing knowledge. Showing how to fix a few lines of code is 
sharing, rewriting the program is doing their job for them. Feeling like a
hero 
for providing the answer does not mean they original poster learned
anything. 

If the auditors are truly coming up with all of these problems, maybe they 
need to provide the solution for the fee they are paid, too.

Is the LISTSERV to share information or do the job for someone else for
free?



On Fri, 18 Apr 2008 12:27:00 -0500, Tom Schmidt 
[EMAIL PROTECTED] wrote:


We all read  post here to both seek  share our knowledge, don't we?  Or
have I completely misunderstood ibm-main's purpose?

--
Tom Schmidt


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

No virus found in this incoming message.
Checked by AVG. 
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 4/19/2008
11:31 AM
 

No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 4/19/2008
11:31 AM
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Barry Merrill]

I believe IND$FILE is implemented as a Command Processor 
(and not a CLIST that CALLs a program); therefore you
can create an SMF type 32 record for each use of the 
command.


The SMF Manual discusses enablement in Chapter 4.

Barry


Barry Merrill
Herbert W. Barry Merrill, PhD
President-Programmer
Merrill Consultants
MXG Software
10717 Cromwell Drive
Dallas, TX 75229

 [EMAIL PROTECTED]
 http://www.mxg.com 
   admin questions:   [EMAIL PROTECTED]
   technical questions:  [EMAIL PROTECTED]
 tel: 214 351 1966
 fax: 214 350 3694

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ed Finnell]

 
In a message dated 4/20/2008 12:05:33 P.M. Central Daylight Time,  
[EMAIL PROTECTED] writes:

(and not a CLIST that CALLs a program); therefore you
can create an  SMF type 32 record for each use of the 
command.



But aren't they already cut in type 30? I  think I stumbled on this while 
looking at ANAL30DD(slightly modified) after we  went to mostly TN3270 and was 
trying to looking at FTP statistics or something  and discovered high use of 
IND$FILE. Turns out the emulators didn't trust FTP  back then.







**Need a new ride? Check out the largest site for U.S. used car 
listings at AOL Autos.  
(http://autos.aol.com/used?NCID=aolcmp0030002851)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Lindy Mayfield]

Are you referring to me?

If so it doesn't take much.  I feel like a hero every time I come home
and my cats recognize me.  If I can get an assembler program to make it
to the linkedit step, I feel like a demigod.

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Kenneth E Tomiak
Sent: 20. huhtikuuta 2008 18:29
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: how to audit the usage of IND$FILE

If they ask for a program to use the SMF data and someone directs them
to a working assembler sample on cbttape.org but it isn't the exact
report they want, fixing the program for them makes the fixer an enabler
and unpaid-consultant. That goes beyond sharing knowledge. Showing how
to fix a few lines of code is sharing, rewriting the program is doing
their job for them. Feeling like a hero for providing the answer does
not mean they original poster learned anything. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Rick Fochtman]

-snip--


Are you referring to me?

If so it doesn't take much.  I feel like a hero every time I come home
and my cats recognize me.  If I can get an assembler program to make it
to the linkedit step, I feel like a demigod.
 


-unsnip-
You took the time and effort to make the change yourself. In so doing, 
I'm sure that you learned something. That, to me, demonstrates that 
you're willing to take some initiative for yourself. It's called self 
help and we like to see that. We mostly all came up to where we are by 
the same route.


Dogs have owners; cats have staff (I'm a former cat staffer myself.  
:-)  )


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Patrick O'Keefe]

On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak
[EMAIL PROTECTED] wrote:

After awhile I start to spot a trend from some people posting here that they
are not trying to learn how to do something, they have figured out how to get
IBM-MAIN to do their job for them.
...

Let me present another interpretation of some of those trends (but
not, I think, applicable to the original poster of this thread).

I'm not knew to system programming - I chased my first CDE chain 
in about 1970 (on MVT) - but I've been involved in communication-
related software for so long that nobody would mistake me for an
experienced MVS system programmer any more.  I'm woefully out
of date regarding anything but very basic MVS concepts.  So I
sometimes ask really bonehead questions.  And if you search the 
archives you may find that I've asked the same bonehead questions
years earlier.  

Does that mean I'm lazy and am trying to get IBM-Main to do my
work?  I hope not.   It might mean I didn't incorporate the answers
into my working knowledge because the topic was too peripheral to 
my usual work.  Or it might be an indication of a failing memory.  (And
it definitely means I'm to lazy or forgetful to have searched the 
archives.) 


So if someone asks how to audit a program 'A' and then later asks how to
audit program 'B', did they learn anything the first time? ...

If this happens too many times (and twice is too many) my paranoia
kicks in.  Many of the responses to How do I audit IND$FILE? have
been That isn't sufficient because   I can just picture someone 
taking notes:  I can avoid the auditing if 

Far fetched?  Sure.  I said it was my paranoia.  But it's something to
consider when answering questions like that.

Pat O'Keefe

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Tommy Tsui]

Thanks all your information and sharing. Actually, there are so many ways to
transfer files from HOST system but we still have to cope with
the internal/external auditor each year. We can't say nothing we can do.
Nothing is prefect, but taking notes/remember the coding and picture some
photo we can stop it. We can just try our best to protect the shop
resources. To be a system programmer, we have responsibility to deal with
it.
Frankly, we have many communication path, AFTP (protect by program) , FTP
(we are not open yet),  Ind$file (I create a dummy program on top of it),
HDS (rapidxchange disk/share open  host, can trace on SMF log volume).
* I think we have to stop the way that they can get the files more easily
and we are not aware, such as ind$file path. How many pictures you have to
take or remember if there are thousand of program coding?

regards



On 4/21/08, Patrick O'Keefe [EMAIL PROTECTED] wrote:

 On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak
 [EMAIL PROTECTED] wrote:

 After awhile I start to spot a trend from some people posting here that
 they
 are not trying to learn how to do something, they have figured out how to
 get
 IBM-MAIN to do their job for them.
 ...

 Let me present another interpretation of some of those trends (but
 not, I think, applicable to the original poster of this thread).

 I'm not knew to system programming - I chased my first CDE chain
 in about 1970 (on MVT) - but I've been involved in communication-
 related software for so long that nobody would mistake me for an
 experienced MVS system programmer any more.  I'm woefully out
 of date regarding anything but very basic MVS concepts.  So I
 sometimes ask really bonehead questions.  And if you search the
 archives you may find that I've asked the same bonehead questions
 years earlier.

 Does that mean I'm lazy and am trying to get IBM-Main to do my
 work?  I hope not.   It might mean I didn't incorporate the answers
 into my working knowledge because the topic was too peripheral to
 my usual work.  Or it might be an indication of a failing memory.  (And
 it definitely means I'm to lazy or forgetful to have searched the
 archives.)


 So if someone asks how to audit a program 'A' and then later asks how to
 audit program 'B', did they learn anything the first time? ...

 If this happens too many times (and twice is too many) my paranoia
 kicks in.  Many of the responses to How do I audit IND$FILE? have
 been That isn't sufficient because   I can just picture someone
 taking notes:  I can avoid the auditing if 

 Far fetched?  Sure.  I said it was my paranoia.  But it's something to
 consider when answering questions like that.

 Pat O'Keefe

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[McKown, John]

Hum, I just had another idea about this sort of thing to bounce around.
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That way, the emulator is running on the server, not on the
user's desktop. That stops IND$FILE and ftp transfers directly to the
user's desktop. I am fairly sure that it stops doing cut'n'paste as
well. What it does not stop is ftp to their share on the server, then
email the code to themselves. But this is becoming more of a PITA to the
user, which does help to discourage them. It all depends on why they are
doing it. (cost vs. benefit to them).

This same concept can be applied to other systems such as Linux.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

The information contained in this e-mail message may be privileged
and/or confidential.  It is for intended addressee(s) only.  If you are
not the intended recipient, you are hereby notified that any disclosure,
reproduction, distribution or other use of this communication is
strictly prohibited and could, in certain circumstances, be a criminal
offense.  If you have received this e-mail in error, please notify the
sender by reply and delete this message without copying or disclosing
it. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Don Leahy]

On Fri, Apr 18, 2008 at 1:47 AM, Kenneth E Tomiak
[EMAIL PROTECTED] wrote:
 Do you strip search them as they leave the building to ensure paper is not in
  their posession? Ignoring the possibility of print-screen like functions, I 
 can
  take a pen and a piece of paper and copy a file byte by byte and get a copy.
  Let me memorize a few lines of code every day and I can write them down
  when I get to my car. It isn't always about stopping someone, sometimes it is
  having data to show you know who did access the data and how. Even when
  they are allowed to access the data.

How about stealing an idea from the movie Paycheck.   We could wipe
the memory of the programmer as soon as the engagement is over.  :-)

This thread has started to get sillybut it is Friday.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[R.S.]

Don Leahy wrote:
[...]

How about stealing an idea from the movie Paycheck.   We could wipe
the memory of the programmer as soon as the engagement is over.  :-)

This thread has started to get sillybut it is Friday.


Not necessarily.
There is big difference between memorizing few lines of code and 
downloading all the code repository (many megabytes). In first case some 
specific idea can be stolen, in second whole application.


From business point of view IT IS big difference.
However:
- we don't know effective method to prevent it.
- it is hard to say where's the border between those two cases.


--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2008 r. kapita zakadowy BRE Banku SA  wynosi 
118.642.672 zote i zosta w caoci wpacony.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[McKown, John]

Oh, another possibility is to use RACF and PADS, but I don't know if
that will work to allow ISPF EDIT but disallow basically everything
else, such as IND$FILE.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

The information contained in this e-mail message may be privileged
and/or confidential.  It is for intended addressee(s) only.  If you are
not the intended recipient, you are hereby notified that any disclosure,
reproduction, distribution or other use of this communication is
strictly prohibited and could, in certain circumstances, be a criminal
offense.  If you have received this e-mail in error, please notify the
sender by reply and delete this message without copying or disclosing
it. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Tom Schmidt]

On Fri, 18 Apr 2008 00:47:29 -0500, Kenneth E Tomiak ranted:

Tommy Tsui has had posts before, IIRC, that indicate a complete lack of
knowledge about how an operating system works. I believe he has been 
asking
how to audit just about everything. Ignorant of what SMF can record, how to
process SMF data, and how to report on the data. There are lots of manuals
that discuss this stuff.
 
 
I believe that Tommy's past posts have shown an incomplete knowledge but I 
do NOT believe that they have indicated a complete lack of knowledge about 
how an operating system works.  
 
I believe that you, Kenneth, have been overly harsh in your judgement of 
Tommy.  

I agree that there are lots of manuals that discuss this stuff... so many, in 
fact, that they become a problem for someone who is new to this particular 
operating system (and apparently new to computing).  

Tommy's posts have, IIRC, been on-topic to this particular LISTSERV and 
ought to be welcome here.  Whether you chose to respond to them is, as 
always, up to you.  How you respond might be a wee bit more tempered.  
 
  
On Thu, 17 Apr 2008 17:11:13 -0400, J R [EMAIL PROTECTED] 
responded to Ted's earlier post:

 It is better to protect the data, rather than the method of copying.

That doesn't help if you want the programmer to work on a program
but you don't want him to take it with him.
 
 
...and that is the bottom line: If you hire a creative programmer to work on 
your software then you need to carefully assess and perhaps accept the risk 
that his creativity might include a method of capturing the work product for 
himself.  There are so many ways to skin that cat that auditing any one is 
pointless.  (Besides, someday you might lose the source and his will become 
the backup.)  
 
Perhaps this is more of a contract issue with the creative programmer and not 
so much a technical contest?  
  
 
We all read  post here to both seek  share our knowledge, don't we?  Or 
have I completely misunderstood ibm-main's purpose?  
 
-- 
Tom Schmidt 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

how to audit the usage of IND$FILE

[John McKown]

Hum, I just had another idea about this sort of thing to bounce around.
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That way, the emulator is running on the server, not on the
user's desktop. That stops IND$FILE and ftp transfers directly to the
user's desktop. I am fairly sure that it stops doing cut'n'paste as
well. What it does not stop is ftp to their share on the server, then
email the code to themselves. But this is becoming more of a PITA to the
user, which does help to discourage them. It all depends on why they are
doing it. (cost vs. benefit to them).

This same concept can be applied to other systems such as Linux.

--
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Tom Schmidt]

On Fri, 18 Apr 2008 12:44:24 -0500, John McKown wrote:
 
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That way, the emulator is running on the server, not on the
user's desktop. That stops IND$FILE and ftp transfers directly to the
user's desktop. I am fairly sure that it stops doing cut'n'paste as
well. What it does not stop is ftp to their share on the server, then
email the code to themselves. But this is becoming more of a PITA to the
user, which does help to discourage them. It all depends on why they are
doing it. (cost vs. benefit to them).

This same concept can be applied to other systems such as Linux.
 
 
I think that a determined programmer would just take screen shots to a file - 
or just take snapshots with a camera (or continuous video) to capture the 
data for post-processing by OCR software.  (I do something very similar with 
my genealogy hobby... not terribly difficult or expensive if you are 
determined.)  
 
-- 
Tom Schmidt 
(BTW, I know of a company nearby that has a policy prohibiting cellphones 
with cameras but they have no prohibition regarding cameras without 
cellphones.  You may bring in a digital camera - as long as it isn't part of a 
cell 
phone!)  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[George Fogg]

 Tom Schmidt
 (BTW, I know of a company nearby that has a policy prohibiting cellphones
 with cameras but they have no prohibition regarding cameras without
 cellphones.  You may bring in a digital camera - as long as it isn't part of
a cell phone!)

My comapny won't allow cameras without a camera permit which you have to wear
around your neck along with our comany badge. Enven then, you need to fill out
paper work to describe what you are taking a pictures of and get approval. I
think they gave up on PDA and cell phones but you cannot take pictures with
any camera enabled device. Even pics of your friends in the parking lot.
George Fogg

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

how to audit the usage of IND$FILE

[Tommy Tsui]

Hi all,

Is there any way that can keep track the usage of IND$FILE, if the user
rename the IND$FILE to ther own location and call it with TN3270, how can we
check this case.

regards

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Binyamin Dissen]

On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:

:Is there any way that can keep track the usage of IND$FILE, if the user
:rename the IND$FILE to ther own location and call it with TN3270, how can we
:check this case.

WHy do you want to do this? What is your business case?

--
Binyamin Dissen [EMAIL PROTECTED]
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Tommy Tsui]

because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.

On 4/17/08, Binyamin Dissen [EMAIL PROTECTED] wrote:

 On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:

 :Is there any way that can keep track the usage of IND$FILE, if the user
 :rename the IND$FILE to ther own location and call it with TN3270, how
 can we
 :check this case.

 WHy do you want to do this? What is your business case?

 --
 Binyamin Dissen [EMAIL PROTECTED]
 http://www.dissensoftware.com

 Director, Dissen Software, Bar  Grill - Israel


 Should you use the mailblocks package and expect a response from me,
 you should preauthorize the dissensoftware.com domain.

 I very rarely bother responding to challenge/response systems,
 especially those from irresponsible companies.

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Binyamin Dissen]

On Thu, 17 Apr 2008 22:07:11 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:

:because our audit want to check the unauthorized user (outsource
:programmer) download the source program from our shop.

How will this prevent screen scraping?

There are other ways to download  upload.

:On 4/17/08, Binyamin Dissen [EMAIL PROTECTED] wrote:

: On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:

: :Is there any way that can keep track the usage of IND$FILE, if the user
: :rename the IND$FILE to ther own location and call it with TN3270, how
: can we
: :check this case.

: WHy do you want to do this? What is your business case?

--
Binyamin Dissen [EMAIL PROTECTED]
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[McKown, John]

 -Original Message-
 From: IBM Mainframe Discussion List 
 [mailto:[EMAIL PROTECTED] On Behalf Of Tommy Tsui
 Sent: Thursday, April 17, 2008 9:07 AM
 To: IBM-MAIN@BAMA.UA.EDU
 Subject: Re: how to audit the usage of IND$FILE
 
 
 because our audit want to check the unauthorized user (outsource
 programmer) download the source program from our shop.
 

I had a similar requirement, but just for internal use. What I did was
write a small program which front ended 
IND$FILE. I composite link'ed it into the load module, so it would still
work if somebody copied it to another library. Of course a smart enough
person could simply delink my front end. My code is 156 lines of
assembler. Also, the front end made the TSO session non-swappable for
the duration of the transfer. This was due to some timing problems due
to lack of CPU resources. This required that the program be APF
authorized and listed in IKJTSOnn as an authorized program. Well, if you
forgot to do that last step, the program was smart enough to detect it
and bypass the portion that required APF authorization. But all that I
did to 'audit' the use was to put out a WTO with ROUTCDE=11 so that it
would go on the SYSLOG. I did not write an SMF record (which also
requires APF authorization, in general).

If you would like the code, please email me off-line at
mailto:[EMAIL PROTECTED] . Same for anybody else.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

The information contained in this e-mail message may be privileged
and/or confidential.  It is for intended addressee(s) only.  If you are
not the intended recipient, you are hereby notified that any disclosure,
reproduction, distribution or other use of this communication is
strictly prohibited and could, in certain circumstances, be a criminal
offense.  If you have received this e-mail in error, please notify the
sender by reply and delete this message without copying or disclosing
it. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Lizette Koehler]

Tommy,

Why don't you put AUDIT on the source file and see who touches it for READ?

IIRC,  IND$FILE might be possible to track if you had a product like MXG or 
SOFTAUDT or MICS and the access was to the mainframe.  Is there a specific way 
they are invoking IND$FILE?  From a PC or from the mainframe?

Lizette




because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.


 :Is there any way that can keep track the usage of IND$FILE, if the user
 :rename the IND$FILE to ther own location and call it with TN3270, how
 can we
 :check this case.

 WHy do you want to do this? What is your business case?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Hunkeler Peter (KIUK 3)]

As someone else already pointed out, although cumbersome, you can 
always cutpaste what you see on your 3270 screen.

Don't grant people access to data they don't need.
Don't grant people access to the system if you don't trust them. 

Of what value is an audit record that says the data has been read
by xyz? Doesn't tell you if only the first few lines have been
browsed or if the comlete data has been copied by whatever
means.

-- 
Peter Hunkeler
CREDIT SUISSE

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

Is there any way that can keep track the usage of IND$FILE, if the user rename 
the IND$FILE to ther own location and call it with TN3270, how can we
check this case.

Why do you want to audit it?
There are many ways to transfer files around besides that method.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[McKown, John]

 -Original Message-
 From: IBM Mainframe Discussion List 
 [mailto:[EMAIL PROTECTED] On Behalf Of Ted MacNEIL
 Sent: Thursday, April 17, 2008 1:54 PM
 To: IBM-MAIN@BAMA.UA.EDU
 Subject: Re: how to audit the usage of IND$FILE
 
 
 Is there any way that can keep track the usage of IND$FILE, 
 if the user rename the IND$FILE to ther own location and call 
 it with TN3270, how can we
 check this case.
 
 Why do you want to audit it?
 There are many ways to transfer files around besides that method.

Why? Because some deaf auditor is yelling his head off, most likely. And
it is sometimes easier to placate them than to try to educate them.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

The information contained in this e-mail message may be privileged
and/or confidential.  It is for intended addressee(s) only.  If you are
not the intended recipient, you are hereby notified that any disclosure,
reproduction, distribution or other use of this communication is
strictly prohibited and could, in certain circumstances, be a criminal
offense.  If you have received this e-mail in error, please notify the
sender by reply and delete this message without copying or disclosing
it. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Don Leahy]

On Thu, Apr 17, 2008 at 10:19 AM, Binyamin Dissen
[EMAIL PROTECTED] wrote:
 On Thu, 17 Apr 2008 22:07:11 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:

  :because our audit want to check the unauthorized user (outsource

 :programmer) download the source program from our shop.

  How will this prevent screen scraping?

  There are other ways to download  upload.


Indeed there are.  If your company doesn't trust* the outsourced
programmer, then perhaps they shouldn't have hired him/her.

*Where trust = bound by strict non-disclosure and intellectual
property agreements in a contract signed in blood.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Walt Farrell]

On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui [EMAIL PROTECTED] wrote:

because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.

On 4/17/08, Binyamin Dissen [EMAIL PROTECTED] wrote:

 On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:

 :Is there any way that can keep track the usage of IND$FILE, if the user
 :rename the IND$FILE to ther own location and call it with TN3270, how
 can we
 :check this case.

 WHy do you want to do this? What is your business case?

The problem, Tommy, is that IND$FILE is but one of many ways someone could
download to a PC.  The user could trivially use FTP to do that, if you have
an FTP server active, or scp if you have SSH active.  Or he could, as you
mentioned, copy and rename IND$FILE to something else.  Or he could bring in
a program from another system.  Or he could write a REXX exec to use TCP/IP
functions to talk to a program on the PC.  Etc.  

Auditing use of IND$FILE itself is but one way, though perhaps a simple one.
 But the exposure exists because you gave the user READ access to the data.
 Having that, there's little you can do to prevent him from copying it
somewhere.

-- 
  Walt Farrell, CISSP
  IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Paul Gilmartin]

On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui wrote:

because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.

First, have you protected it with RACF?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

because our audit want to check the unauthorized user (outsource programmer) 
download the source program from our shop.

What about ftp? Copy  Paste?

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

But the exposure exists because you gave the user READ access to the data.

This has been discussed before on the RACF-L forum.
It is better to protect the data, rather than the method of copying.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[J R]

 It is better to protect the data, rather than the method of copying.  
 
That doesn't help if you want the programmer to work on a program 
but you don't want him to take it with him.  
 
 
 Date: Thu, 17 Apr 2008 20:41:35 +
 From: [EMAIL PROTECTED]
 Subject: Re: how to audit the usage of IND$FILE
 To: IBM-MAIN@BAMA.UA.EDU
 
 But the exposure exists because you gave the user READ access to the data.
 
 This has been discussed before on the RACF-L forum.
 It is better to protect the data, rather than the method of copying.
 
 -
 Too busy driving to stop for gas!
 
 
 
_
Get in touch in an instant. Get Windows Live Messenger now.
http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_getintouch_042008
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

That doesn't help if you want the programmer to work on a program but you 
don't want him to take it with him.  

If he can read it, he can copy it.
And, how protecting IND$FILE will not be enough.
There are many methods, but the crudest one cannot be protected except by 
giving the programmer an old 3270 green screen (actually, take the PC away from 
him (8-{}).

The crude method is to copy and paste from a TN3270 session into notepad.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Doug Fuerst]

Is JK Rowling the auditor?

Tommy Tsui wrote:

because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.

  

snip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Tom Schmidt]

On Thu, 17 Apr 2008 21:30:43 +, Ted MacNEIL wrote:
 
That doesn't help if you want the programmer to work on a program but you 
don't want him to take it with him.

If he can read it, he can copy it.
And, how protecting IND$FILE will not be enough.
There are many methods, but the crudest one cannot be protected except 
by giving the programmer an old 3270 green screen (actually, take the PC 
away from him (8-{}).

The crude method is to copy and paste from a TN3270 session into notepad.
  
 
...and, lest anyone think that Ted's crude method would be too crude to be 
useful, it is trivial to create a VB program that steps through the source, 
screen-by-screen, while taking snapshots that it copies to notepad (or 
straight to a PC file).  Grabbing several thousand lines of source wouldn't 
take 
any more time than it would to page through several thousand lines of source 
on the screen.  Many TN3270 packages may even provide sample code with 
the distribution.  
 
Either you trust your programmer's ethics or you shouldn't provide access to 
the treasured source.  There is no in between.  
 
-- 
Tom Schmidt 
  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

Either you trust your programmer's ethics or you shouldn't provide access to 
the treasured source.  There is no in between.

Exactly! Everytime you work with an 'outsider' (contractor, outsourcer, 
consultant, etc.), you have a risk evaluation to do.
You either trust them, or you don't.
If you don't, then keep it in-house.
BUT! Even that is a risk due to disgruntled employees.


-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Len Rugen]

Or modularize the design so that no one part is known by everyone.  I 
think that's why Windows works so well.


Ted MacNEIL wrote:

Either you trust your programmer's ethics or you shouldn't provide access to the 
treasured source.  There is no in between.



Exactly! Everytime you work with an 'outsider' (contractor, outsourcer, 
consultant, etc.), you have a risk evaluation to do.
You either trust them, or you don't.
If you don't, then keep it in-house.
BUT! Even that is a risk due to disgruntled employees.


-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

  


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[George Fogg]

 Or modularize the design so that no one part is known by everyone.  I
 think that's why Windows works so well.

LOL!  :-)

George Fogg

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Don Leahy]

On Thu, Apr 17, 2008 at 5:30 PM, Ted MacNEIL [EMAIL PROTECTED] wrote:
 That doesn't help if you want the programmer to work on a program but you 
 don't want him to take it with him.

  If he can read it, he can copy it.
  And, how protecting IND$FILE will not be enough.
  There are many methods, but the crudest one cannot be protected except by 
 giving the programmer an old 3270 green screen (actually, take the PC away 
 from him (8-{}).

Even a green screen is no guarantee if the programmer smuggles a
camera into the office and takes pictures as he scrolls.  Tedious
perhaps, but it would work.

Or, he could just write down on paper everything he sees on the screen.

Or, maybe he could just memorize it.

:-)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Lizette Koehler]

If you have a cell phone camera, it is not that big of an issue - no one
really thinks there is a camera in the building when it is in a cell phone.

Lizette

 That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.

  If he can read it, he can copy it.
  And, how protecting IND$FILE will not be enough.
  There are many methods, but the crudest one cannot be protected except by
giving the programmer an old 3270 green screen (actually, take the PC away
from him (8-{}).

Even a green screen is no guarantee if the programmer smuggles a
camera into the office and takes pictures as he scrolls.  Tedious
perhaps, but it would work.

Or, he could just write down on paper everything he sees on the screen.

Or, maybe he could just memorize it.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Ted MacNEIL]

If you have a cell phone camera, it is not that big of an issue - no one 
really thinks there is a camera in the building when it is in a cell phone.

It depends where you work.
Th company I recently got downsized from actually had a policy against cell 
cameras.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Edward Jaffe]

Don Leahy wrote:

Even a green screen is no guarantee if the programmer smuggles a
camera into the office and takes pictures as he scrolls.  Tedious
perhaps, but it would work.
  


Camera? I have a VBS macro for IBM's PCOMM that scrolls forward and 
appends each screen's worth of data to a text file. It does this 
repeatedly until a pre-determined sequence -- signifying EOF -- is 
detected. I assume a similar macro can be authored with any of the 
popular emulators.


--
Edward E Jaffe
Phoenix Software International, Inc
5200 W Century Blvd, Suite 800
Los Angeles, CA 90045
310-338-0400 x318
[EMAIL PROTECTED]
http://www.phoenixsoftware.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Don Leahy]

On Thu, Apr 17, 2008 at 11:00 PM, Edward Jaffe
[EMAIL PROTECTED] wrote:
 Don Leahy wrote:

  Even a green screen is no guarantee if the programmer smuggles a
  camera into the office and takes pictures as he scrolls.  Tedious
  perhaps, but it would work.
 
 

  Camera? I have a VBS macro for IBM's PCOMM that scrolls forward and appends
 each screen's worth of data to a text file. It does this repeatedly until a
 pre-determined sequence -- signifying EOF -- is detected. I assume a similar
 macro can be authored with any of the popular emulators.

  --
I meant a real green screen3278 dumb terminal.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: how to audit the usage of IND$FILE

[Kenneth E Tomiak]

Do you strip search them as they leave the building to ensure paper is not in 
their posession? Ignoring the possibility of print-screen like functions, I can 
take a pen and a piece of paper and copy a file byte by byte and get a copy. 
Let me memorize a few lines of code every day and I can write them down 
when I get to my car. It isn't always about stopping someone, sometimes it is 
having data to show you know who did access the data and how. Even when 
they are allowed to access the data.

Tommy Tsui has had posts before, IIRC, that indicate a complete lack of 
knowledge about how an operating system works. I believe he has been asking 
how to audit just about everything. Ignorant of what SMF can record, how to 
process SMF data, and how to report on the data. There are lots of manuals 
that discuss this stuff.

On Thu, 17 Apr 2008 17:11:13 -0400, J R [EMAIL PROTECTED] wrote:

 It is better to protect the data, rather than the method of copying.  
 
That doesn't help if you want the programmer to work on a program 
but you don't want him to take it with him.  
 
 
 Date: Thu, 17 Apr 2008 20:41:35 +
 From: [EMAIL PROTECTED]
 Subject: Re: how to audit the usage of IND$FILE
 To: IBM-MAIN@BAMA.UA.EDU
 
 But the exposure exists because you gave the user READ access to the 
data.
 
 This has been discussed before on the RACF-L forum.
 It is better to protect the data, rather than the method of copying.
 
 -
 Too busy driving to stop for gas!
 
 
 
_
Get in touch in an instant. Get Windows Live Messenger now.
http://www.windowslive.com/messenger/overview.html?
ocid=TXT_TAGLM_WL_Refresh_getintouch_042008
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html