John, How do you track RACF violations and report on them ?
Scott ford www.identityforge.com Tell me and I'll forget; show me and I may remember; involve me and I'll understand. - Chinese Proverb On Sep 23, 2012, at 12:38 PM, John McKown <john.archie.mck...@gmail.com> wrote: > Took the easy way out. Superseded all ICH408I messages from SYSLOG which > have USER( at the front of word two. I see no need for them. We use SMF > records for reporting. > On Sep 18, 2012 10:18 AM, "McKown, John" <john.mck...@healthmarkets.com> > wrote: > >> I have seen that. And other strange keying errors. PEBKAC. Now that you >> mention it, I may use a CA-OPS/MVS rule to "blank out" portions of the >> ICH408I messages. Say in the USER(...), GROUP(...) and NAME(...) portions. >> I don't use them anyway. I use the SMF records. >> >> -- >> John McKown >> Systems Engineer IV >> IT >> >> Administrative Services Group >> >> HealthMarkets® >> >> 9151 Boulevard 26 • N. Richland Hills • TX 76010 >> (817) 255-3225 phone • >> john.mck...@healthmarkets.com • www.HealthMarkets.com >> >> Confidentiality Notice: This e-mail message may contain confidential or >> proprietary information. If you are not the intended recipient, please >> contact the sender by reply e-mail and destroy all copies of the original >> message. HealthMarkets® is the brand name for products underwritten and >> issued by the insurance subsidiaries of HealthMarkets, Inc. –The Chesapeake >> Life Insurance Company®, Mid-West National Life Insurance Company of >> TennesseeSM and The MEGA Life and Health Insurance Company.SM >> >> >>> -----Original Message----- >>> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] >>> On Behalf Of Paul Gilmartin >>> Sent: Tuesday, September 18, 2012 10:13 AM >>> To: IBM-MAIN@LISTSERV.UA.EDU >>> Subject: Re: z/OS SYSLOG - why not let everybody read? >>> >>> On Tue, 18 Sep 2012 09:21:11 -0500, Elardus Engelbrecht wrote: >>> >>>> Ed Gould wrote: >>>> >>>>> 1. I have seen passwords on the syslog. >>>> >>>> Can you show any example(s) of such messages? Of course you can mask >>> out the passwords before posting. ;-) >>>> Was that by design [1] or by operator error? Was that a verbatim copy >>> of some command? >>> It's easy for a user to tab to the wrong field and inadvertently >>> type a password in the user ID field. The user may correct the >>> error and continue, not realizing that the password may now >>> appear in SYSLOG. >>> >>> Mistake? Sure. Process violation? Sure. Security exposure >>> nonetheless. >>> >>> -- gil >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
