On Wednesday, 12/06/2006 at 08:16 CET, Zoltan Balogh <[EMAIL PROTECTED]> wrote: > sorry i ask back, but i thought well? If there is racf then logged, otherwise > not? (sorry but my english was not enough understand the meaning of your
> sentence) If you have an External Security Manager (ESM) such as IBM's RACF, CA's Top Secret, VM:Secure, or ACF2, then the ESM can *audit* any user, diagnose, CP command, or system function. A subset of those things can be *controlled* by the ESM. For example, an ESM can audit (log) who issued CP SHUTDOWN, but it can't stop it. It can, however, control the use of CP STORE HOST. CP decides what the ESM *may* control; the ESM decides which of those it *will* control. As you might imagine, auditing *everything* on the system would bring it to its knees. > And if yes, can user check what is under monitoring? (i think no, but perhaps..) That's up to the ESM to decide. In RACF, the SETEVENT LIST command requires special privileges. (See the RACF System Administrator's Guide.) When you are watching for Bad Guys, it is best not to tell them in advance where you will be looking! :-) Alan Altmark z/VM Development IBM Endicott
