Re: permissions to /bin/sh

[Robert Hansel]

Itschak and Radoslaw,

I believe the permissions for /bin/sh should be 1755, displayed as rwxr-xr-t. 
Note the 1 for the attribute, displayed as 't', activates the Sticky Bit. This 
causes Unix to execute an MVS program by the name of SH instead of trying to 
execute file sh in the /bin directory. SH exists in SYS1.LPALIB as an alias for 
FSUMUSSH. I've never seen the permission bits set to anything else. Admittedly, 
I have not tried turning off the Sticky Bit in order to execute file sh in the 
/bin directory, so perhaps it would still function properly. Is there a 
compelling reason to turn off the Sticky Bit?

Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com

-Original Message-
Date:Mon, 21 Aug 2017 12:34:34 +0300
From:ITschak Mugzach 
Subject: Re: permissions to /bin/sh

0755 or less

בתאריך 21 באוג 2017 11:12,‏ "R.S."  כתב:

> What is default (suggested, typical) permission to /bin/sh ?
> Of course I mean z/OS UNIX (2.2 if it makes a difference)
> Is it rwxr-xr-t ?
>
> --
> Radoslaw Skorupka
> Lodz, Poland
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: grabbing JES output via FTP

[Robert Hansel]

Hi Tony,

The article "FTP and JES" in the April 2010 edition of our RSH RACF Tips 
newsletter might be of help.

http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2010.pdf

Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com

Upcoming RSH RACF Training - WebEx
- RACF Audit & Compliance Roadmap - SEPT 11-15, 2017
- RACF Level I Administration - DEC 5-8, 2017
- RACF Level II Administration - NOV 13-17, 2017
- RACF Level III Admin, Audit, & Compliance - OCT 2-6, 2017
- RACF - Securing z/OS UNIX  - OCT 23-27, 2017



-Original Message-
Date:Sat, 19 Aug 2017 21:34:57 -0400
From:Tony Thigpen 
Subject: grabbing JES output via FTP

I am attempting to use FTP under VM to grab some job output from JES2. I 
am getting a strange error that I don't know where to start trying to 
resolve it. I also get the same messages when I try to ftp from a local pc.

Command:
site filetype=jes
 >>>SITE filetype=jes
200 SITE command was accepted
Command:
get JOB01106.2
 >>>EPRT |1|10.10.50.141|1170|
500 unknown command EPRT
 >>>PORT 10,10,50,141,4,146
200 Port request OK.
 >>>RETR JOB01106.2
451 Nlst failed due to internal error
Command:


thoughts?

-- 
Tony Thigpen

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe's security assessments costs

[Robert Hansel]

Steve,

I would agree that software with human checking is the way is _should_ be done, 
but I've had a client tell me they were handed nothing more than software 
output and a large bill. That is why I advised Filip not to assume anything and 
to ask questions.

Regards, Bob

-Original Message-
Date:Mon, 15 Aug 2016 09:33:11 -0500
From:Steve Beaver <st...@stevebeaver.com>
Subject: Re: Mainframe's security assessments costs

Vanguard has their VCM that will handle a lot of the checking you are looking 
for,
But no one handles it all without some human checking

Steve  

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Robert Hansel
Sent: Monday, August 15, 2016 9:29 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe's security assessments costs

Hi Filip,

I'm not sure asking others about pricing would be of much benefit because such 
pricing is likely to be based on their unique configuration and the type of 
assessment, and besides, they probably can't disclose such pricing because it 
is likely to be protected by a confidentiality agreement. Some of the factors 
we consider in pricing an assessment are the number of RACF databases to be 
reviewed, number of z/OS system images (a.k.a. LPARs) sharing each set of RACF 
databases, number of profiles defined by class in each database, number of CICS 
regions (SIT PARM analysis), whether Unix File System security permissions are 
to be examined, and whether the assessment can be performed remotely. To 
compare offers, you need to look closely as nature and depth of the review. 
Some will simply run a software tool and issue findings that in some cases are 
based on arbitrary thresholds (e.g., 'n' number of IDs with NOINTERVAL or 
OPERATIONS). Others will bore into the details and attempt to identify IDs that 
perhaps shouldn't have NOINTERVAL or look for SURROGAT profiles that allow 
unprivileged users inappropriate use of OPERATIONS IDs. Don't assuming 
anything. Ask questions.

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com

-Original Message-
Date:Mon, 15 Aug 2016 09:51:48 +1000
From:x ksi <s3...@pjwstk.edu.pl>
Subject: Mainframe's security assessments costs

Hey group. I was wondering if some of you could share some information about 
the costs various companies charged you for performing security assessment of 
your mainframes? At this point literally any information will be valuable (e.g. 
hourly rate, particular engagement cost, order of magnitude for this type of 
engagements etc.). From what I can tell there are companies providing such 
services but their prices seem to be a one big mystery. Having even a rough 
estimation would allow to better choose between various providers. Thank you in 
advance.


Kind regards,
Filip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe's security assessments costs

[Robert Hansel]

Hi Filip,

I'm not sure asking others about pricing would be of much benefit because such 
pricing is likely to be based on their unique configuration and the type of 
assessment, and besides, they probably can't disclose such pricing because it 
is likely to be protected by a confidentiality agreement. Some of the factors 
we consider in pricing an assessment are the number of RACF databases to be 
reviewed, number of z/OS system images (a.k.a. LPARs) sharing each set of RACF 
databases, number of profiles defined by class in each database, number of CICS 
regions (SIT PARM analysis), whether Unix File System security permissions are 
to be examined, and whether the assessment can be performed remotely. To 
compare offers, you need to look closely as nature and depth of the review. 
Some will simply run a software tool and issue findings that in some cases are 
based on arbitrary thresholds (e.g., 'n' number of IDs with NOINTERVAL or 
OPERATIONS). Others will bore into the details and attempt to identify IDs that 
perhaps shouldn't have NOINTERVAL or look for SURROGAT profiles that allow 
unprivileged users inappropriate use of OPERATIONS IDs. Don't assuming 
anything. Ask questions.

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com

-Original Message-
Date:Mon, 15 Aug 2016 09:51:48 +1000
From:x ksi 
Subject: Mainframe's security assessments costs

Hey group. I was wondering if some of you could share some information
about the costs various companies charged you for performing security
assessment of your mainframes? At this point literally any information
will be valuable (e.g. hourly rate, particular engagement cost, order
of magnitude for this type of engagements etc.). From what I can tell
there are companies providing such services but their prices seem to
be a one big mystery. Having even a rough estimation would allow to
better choose between various providers. Thank you in advance.


Kind regards,
Filip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN