> On Mar 22, 2018, at 7:14 PM, Jesse 1 Robinson wrote:
>
> Tom raised the possibility of someone using a mechanism (like Python) to
> spoof an NJE node from within the closed network.
We’ve creating an entire NJE node emulator written in REXX and CMS Pipelines
(to replace the NJE functions in
nder immediately and delete this
message.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Styles, Andy (ITS zPlatform Services)
Sent: Friday, March 23, 2018 2:50 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXT] Re: Health Check JES_NJE_SECU
Services)
Sent: 23 March 2018 06:50
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: Health Check JES_NJE_SECURITY
This is a real possibility - I've seen it in action; a connection via NJE was
established and an unauthenticated user was able to submit a batch job under
the id of someone i
port 175.
Andy Styles
z/Series System Programmer
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Jesse 1 Robinson
Sent: 22 March 2018 23:14
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Health Check JES_NJE_SECURITY
-- This emai
ssage-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Robert S. Hansel (RSH)
Sent: Friday, March 02, 2018 6:25 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Health Check JES_NJE_SECURITY
Hi Skip,
If you define &RACLNDE and add the name of a node t
---
-Original Message-
Date:Wed, 28 Feb 2018 19:38:33 +
From:Jesse 1 Robinson
Subject: Health Check JES_NJE_SECURITY
APAR OA49171 introduces a new health check called
Date:Thu, 1 Mar 2018 03:14:36 +000
LISTSERV.UA.EDU
Subject: (External):Re: Health Check JES_NJE_SECURITY
On Thu, 1 Mar 2018 12:46:43 -0600, David Magee wrote:
>Is is possible to add the &RACLNDE profile (with possibly a dummy MEMBER
>subentry) as WARNING to the RACFVARS Class? Then monitor for the >Temporary
>Access
On Thu, 1 Mar 2018 12:46:43 -0600, David Magee wrote:
>Is is possible to add the &RACLNDE profile (with possibly a dummy MEMBER
>subentry) as WARNING to the RACFVARS Class? Then monitor for the >Temporary
>Access Allowed condition and use that information to build your ADDMEMs to the
>&RACLN
On Thu, 1 Mar 2018 03:14:36 +, Jesse 1 Robinson
wrote:
>Ouch. I never saw Walt's proviso mentioned in the doc. Yes, these nodes are
>all totally under our control. However each node (sysplex) constitutes a
>different business environment supported by a different RACF data base. A
>person
Hi David,
The problem with that approach is that checks against the &RACLNDE profile
will also be made for NJE jobs that are not local to the RACF database.
The purpose of the profile is to allow JES/RACF to make a decision as to
whether the submitter is a local user.
Lou
--
Artificial Intelligen
Is is possible to add the &RACLNDE profile (with possibly a dummy MEMBER
subentry) as WARNING to the RACFVARS Class? Then monitor for the Temporary
Access Allowed condition and use that information to build your ADDMEMs to the
&RACLNDE profile over time?
--
frame Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of R.S.
Sent: Thursday, March 01, 2018 5:47 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Health Check JES_NJE_SECURITY
W dniu 2018-02-28 o 20:38, Jesse 1 Robinson pisze:
> APAR OA49171 introduces a new health chec
W dniu 2018-02-28 o 20:38, Jesse 1 Robinson pisze:
APAR OA49171 introduces a new health check called JES_NJE_SECURITY . I understand
the motivation for it but I can't figure out how to satisfy the check's
requirements. There's plenty of write-up available, but there lots of IFs and BUTs.
Furt
>Ouch. I never saw Walt's proviso mentioned in the doc. Yes, these nodes are
>all totally under our control. However each node (sysplex) constitutes a
>different business environment supported by a different RACF data base. A
>person may have the same userid on sandbox and on production, but the
6-543-6132 Office ⇐=== NEW
robin...@sce.com
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Walt Farrell
Sent: Wednesday, February 28, 2018 5:21 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Health Check JES_NJE_SECURITY
O
On Wed, 28 Feb 2018 18:21:03 -0500, Tom Conley
wrote:
>I ran these on 1/5/18 to fix this check:
>
>RDEFINE RACFVARS &RACLNDE UACC(NONE) OWNER()
>RALTER RACFVARS &RACLNDE ADDMEM() (add one for each
>node)
>SETROPTS CLASSACT(RACFVARS) RACLIST(RACFVARS)
You should be careful with that, Tom. &RAC
@LISTSERV.UA.EDU] On Behalf
Of Tom Conley
Sent: Wednesday, February 28, 2018 3:21 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Health Check JES_NJE_SECURITY
On 2/28/2018 2:37 PM, Jesse 1 Robinson wrote:
> APAR OA49171 introduces a new health check called JES_NJE_SECURITY . I
> understa
On 2/28/2018 2:37 PM, Jesse 1 Robinson wrote:
APAR OA49171 introduces a new health check called JES_NJE_SECURITY . I understand
the motivation for it but I can't figure out how to satisfy the check's
requirements. There's plenty of write-up available, but there lots of IFs and BUTs.
Furthermo
Allan Staller
Sent: Wednesday, February 28, 2018 13:41
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Health Check JES_NJE_SECURITY
I just disabled the check. I have no external NJE connections.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of
I just disabled the check. I have no external NJE connections.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Jesse 1 Robinson
Sent: Wednesday, February 28, 2018 1:39 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Health Check
APAR OA49171 introduces a new health check called JES_NJE_SECURITY . I
understand the motivation for it but I can't figure out how to satisfy the
check's requirements. There's plenty of write-up available, but there lots of
IFs and BUTs. Furthermore, there's reference to the &RACLNDE profile in
21 matches
Mail list logo