does anybody know system abend code 9D5?
hi all, we receive the following abend in the context of data space creation, and we do not find any documentation on that in ibm's literature: SYSTEM COMPLETION CODE = 9D5 SYSTEM REASON CODE = 000C any help and info is welcome. thanks! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
just an option for additional statements/infos on that important concern: www.fedtke.com -> select english -> click on "IT SECURITY FORUM" best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ At 10:06 27.03.2012 -0500, you wrote: >Dear IBM-MAINers, > >Our auditors are insisting that we install a product that protects against malicious software (viruses, worms, trojans, etc.). > >Does anyone know of a product that does this? I heard that McAfee is coming out with a z/OS product "later this year", but I called them and they had no idea what I was talking about. > >z/OS, with proper security controls (and believe me - we have LOTS!) should not have to worry about such things, at least that's what I've always heard. > >Any input on this topic would be GREATLY appreciated!! > >Thanks, >Greg Dorner, WPS Insurance Corp. > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
issuing console command via CONSOLE+GETMSG without occurring in the syslog
hi all, is it possible to issue a console command via CONSOLE+GETMSG in a rexx without the resulting messages occurring in the syslog? thanks for your help stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
documentation/manual with all HMC log messages
hi all, we are unable to identify the manual/documenation including and explaining all HMC log messages. it concerns messages like Fri Sep 12 07:08:55 CEST 20yy xx Starting remote support call 20xx-xx-xx 07:08:54 AM for console HMC11(xx). Type: ACT01693I Requesting MCLs for HMC. thanks for your help stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
LISTCAT output "breaks out" even OUTFILE(xxx) was used
hi TSO specialists, we use LISTCAT OUTFILE(CATLWORK) ALL CAT() and LISTCAT OUTFILE(CATLWORK) ALL LE() tso commands in a REXX, and have validly pre-allocated the CATLWORK ddname. the rexx is doing this for n catalogs correctly by writing all output to the CATLWORK ddname. but after some while the output "breaks out" and becomes listed on the SYSTSPRT ddname, i.e. becomes regularly listed. here is some sample: ... -INFO--> LISTCAT 4026 OF 8058 WILL BE PERFORMED -INFO--> LIST CATALOG FOR ALIAS "DB2DDBS" -INFO--> LISTCAT 4027 OF 8059 WILL BE PERFORMED -INFO--> LIST CATALOG FOR ALIAS "DB2DDBU" LISTING FROM CATALOG -- UCATDB.DB2DUCAT GDG BASE -- DB2DDBU.C1.R009400D.R009404S.P2 IN-CAT --- UCATDB.DB2DUCAT HISTORY DATASET-OWNER-(NULL) CREATION2006.361 RELEASE2 LAST ALTER--2011.353 ATTRIBUTES LIMIT-10 SCRATCH NOEMPTY ASSOCIATIONS NONVSAM--DB2DDBU.C1.R009400D.R009404S.P2.G0034V00 NONVSAM--DB2DDBU.C1.R009400D.R009404S.P2.G0035V00 NONVSAM--DB2DDBU.C1.R009400D.R009404S.P2.G0036V00 ... does anybody have experience with processing the LISTCAT output(s)? additional info: the SYSPRINT ddname is allocated to DUMMY. is LISTCAT using any further ddnames that we need to pre-allocate? does LISTCAT re-allocate or release any OUTFILE ddname? thanks for your help, and merry chrismas! stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: SYSOUT DATA SET NOT ALLOCATED, USER NOT AUTHORIZED FOR FUNCTION SPECIFIED
thanks to the captain! it was missing JCL auth in TSOAUTH. best stephen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
SYSOUT DATA SET NOT ALLOCATED, USER NOT AUTHORIZED FOR FUNCTION SPECIFIED
hi all, I get the following error within a rexx trying to allocate a file to the internal reader: SYSOUT DATA SET NOT ALLOCATED, USER NOT AUTHORIZED FOR FUNCTION SPECIFIED rexx: ADDRESS TSO "ALLOC FI(JCL) SYSOUT(A) WRITER(INTRDR) REU" rexx becomes executed in a EXEC PGM=IKJEFT01 batch environment. does anybody have an idea? best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-SecuClean provides state-of-the-art resource access monitoring and cleanup procedures for RACF ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
RACF profile-like match support within DB2 SELECTs
hi all, did anybody solve the problem to achieve RACF-like selection within DB2 SELECT statements? for example, to select data set names from a table with data set names? best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-SecuClean provides state-of-the-art resource access monitoring and cleanup procedures for RACF ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
where do I find the AEXITLIM zparm value in db2-smf-record ifcid=106?
hi all, where do I find the AEXITLIM zparm value in db2-smf-record ifcid=106? or is there any better forum to ask? best, many thanks! stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
repairing a "corrupted HFS file" / *IGW024E HFS DATA SET: xxx
hi all, we get the following error: *22.07.42 *IGW024E HFS DATA SET: SHERLOCK.SHRLCK.HFS * INTERRUPTED DURING FILE SYSTEM SYNC. PROBABLE HFS CORRUPTION. * READ-WRITE MOUNT REJECTED the literature does not tell anything about a quick option to repair or "re-sync" a corrupted hfs file. is there really no way to easily repair the hfs? best, many thanks! stephen p.s.: in meantime, a big thank for all answers on other questions we posed. --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
2nd question about SORT: only taking the last n records into SORTOUT
hi all, does any of you have a recommendation on advising SORT to only take the last n records into SORTOUT. problem is, for STARTREC=xxx you would need to know the resulting total number in advance. best, many thanks! stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Q for SORT gurus: identifying unprintable chars via "INCLUDE COND="
hi all, does any of you SORT gurus have a recommendation on "efficiently" identifying records including unprintable chars in a given range of columns. something like: "is there any char lower than x'40' at any position in column range x:y"? best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
most efficient method to determine "used cpu time" within a particular subtask
hi all, several sources provide "used cpu time". calculating the difference between two points of time allows to calculate the required cpu time for particular parts of the processing. question: which is the most efficient and reliable method to determine the "cpu time used" in order to apply the above given delta calculation? is there anything more efficient than call a service, such as TIMEUSED CPU=MIC,STORADR=WORK_UCPU, * LINKAGE=SYSTEM for example, reading out any control block fields. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
where to find the assembler mapping macro for websphere smf record 120?
hi all, on an IBM educational ppt presentation we googled, including sound, "he" talked about mapping macros for websphere smf record 120. does anybody know about these assembler mapping macros, and where to find them? best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-NoEvasion lets you avoid all 10 pitfalls when connecting z/OS to your SIEM ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
ALTROOT statement has no TYPE parameter / how is the type determined?
hi all,
the ALTROOT statement's syntax definition is
{ALTROOT FILESYSTEM('fsname')
PARM('parameter')
MOUNTPOINT('pathname')}
and does not include a TYPE parm, like the ROOT statement.
question: is it superfluous, or is the TYPE take from the ROOT statement, or
dynamically determined?
thanks for any reply.
best
stephen
---
Dr. Stephen Fedtke
Enterprise-IT-Security.com
Seestrasse 3a
CH-6300 Zug
Switzerland
Tel. ++41-(0)41-710-4005
www.enterprise-it-security.com
++NEWS++ SF-NoEvasion feeds your SIEM with z/OS events in real-time ++NEWS++
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: z/OS Virus Checker & zLinux Virus Checker
hi all, i almost missed this discussion. if you are interested in further arguments and details in this field "Vulnerability Analysis and Scan on z" you should also refer to the "it security forum" on our website. we completely solve this problem for over a decade. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ At 14:04 29.01.2011 -0600, you wrote: >Elardus, > >Please let me add some information in response to your posting: > >There is a difference between a Virus and a System Integrity >Exposure.The System Integrity Exposure is the Root Cause that a Virus >exploits.There may be many Viruses, especially in Windows Systems, which >exploit the same Root Cause.The PC Virus checkers look for the >signatures of Virus code either executing or in directories and then >take action to remove them.The Virus Checkers cannot fix the Root Cause >-- in the case of Windows, only Microsoft can do that.But, it would be >better if Microsoft would fix the Root Cause because then the Virus >programs would become ineffective. > >IBM's Statement of Integrity clearly states that if a System Integrity >Vulnerability (the Root Cause) is reported to IBM, they will fix >it.Microsoft does not make this commitment and this is why the z/OS >Operating System is a much more "securable" system than Windows. > >However, z/OS is not immune to these threats because it too has system >integrity vulnerabilities.In your posting, you state that there are many >alternatives to our Vulnerability Analysis Product for the "ethical >hacking/penetrating/scanning for defects and exposures."In fact, IBM >purports to provide this capability from their Tivoli zSecure unit.On >their zSecure Audit Website, they state: "Security zSecure Audit >includes a powerful system integrity analysis feature. Reports identify >exposures and potential threats based on intelligent analysis built into >the system."That's a pretty powerful and absolute statement. > >But, since Tivoli is part of IBM you can be assured that their Quality >Assurance Unit regularly tests their software against revisions to the >IBM z/OS Operating System and, if any integrity exposures were found, >they would have reported the vulnerabilities to IBM z/OS Development and >Development would have fixed them.That would just be the normal course >of business within IBM. > >But, then, how can you reconcile the fact that our VAT product has >located SIXTY SEVEN (67) new system integrity vulnerabilities in z/OS >within the last two years.And, our clients have reported them to IBM, >IBM has accepted them as errors, issued APARS for all of them and issued >PTFs for almost all of them.So, obviously, the IBM Tivoli zSecure Audit >package is not catching these errors.And, if IBM, is not catching these >in their own code, what about the ones introduced by the rest of the >Independent Software Vendor products and locally developed or otherwise >obtained code on your system?There is a big vulnerability here that >cannot be ignored. > >An exploit of a z/OS (or ISV) system integrity vulnerability would allow >the illegitimate user to obtain control in an authorized state and use >this state to change his security credentials to obtain access and be >able to modify any RACF protected resource on the system with no SMF >journaling of the access.We have found these integrity exposures in code >that is in operation on every z/OS system in existence.That is something >to be concerned about and to act on. > >I have no idea of the comparison between the cost of our Vulnerability >Analysis Tool versus the competition.We would be happy to discuss that >with you -- we believe it is inexpensive compared to the benefits which >include not only a reduction of risk and exposure to data loss and >modification which would result in exposure of company secrets, private >information and financial loss, but a reduction of system outages.But, >VAT works and locates the errors that other software/services do not.I >can totally assure you that a manual process just will not work in our >lifetimes.So, an automated process is necessary.And VAT provides that >automation. > >And I agree with you that many z/OS Auditors need to be educated on this. > >Ray Overby >Key Resources, Inc. >Ensuring System Integrity for z/Series^(TM) >www.vatsecurity.com >(312)574-0007 > > > >On 1/29/2011 09:12 AM, Elardus Engelbrecht wrote: >> Cris Hernandez #9 wrote: >> >>> I too ha
does the new CRITICALPAGING PPT attribute also concern data spaces owned by the program?
hi all, does the new CRITICALPAGING PPT attribute coming with 1.12 also concern data spaces owned by the program? thanks for your opinion. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-SecuClean allows trouble-free RACF database cleanup for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
determine runtime privilege level (prob/supr state, key) without TESTAUTH
hi all, if a programcode does not know anything about its environment, and needs to determine its privilege level/status (i.e. problem or supervisor state, key), it could use TESTAUTH. fact is that TESTAUTH has some environmental restrictions, such as TCB mode. on the other hand, most of these PSW-related instructions are privileged, and just using them implies the risk of a 0C2 in case the code runs non-privileged. my questions: * is there any non-privileged instruction to determine the status? * is there any control block field the psw is almost "mirrored" in (in real-time)? so that this "pseudo psw" could be checked. OR is the only way: 1) check for being an SRB. 2) use TESTAUTH? thanks for your opinion. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-SecuClean allows trouble-free RACF database cleanup for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
best method to completely list all cataloged data sets
hi all, what is the best method to achieve a complete list of all currently cataloged data sets? really "all". actually, like using "**" in the 3.4 data set criterion. is there actually the need to determine all catalogs/aliases, and perform (recursiveley) list on them, ... thanks for any info. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-SecuClean allows trouble-free RACF database cleanup for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
can particular PR/SM controls be determined by corresponding status bits of in-memory control blocks?
hi all, pr/sm includes the following controls: * Global performance data control authority * I/O configuration control authority * Logical partition isolation does anybody know whether there are bits in memory to detect the status of these controls? -- further question: do I understand the following correctly that there is a maschine instruction to perform these kinds of resets on another lpar? "Cross-partition authority: This control can limit the capability of the LP to issue certain control program instructions that affect other LPs. LPs with cross-partition authority can issue instructions to perform a system reset of another LP, deactivate any other LP, and provide support for the automatic reconfiguration facility." thanks for any info. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-SecuClean allows trouble-free RACF database cleanup for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
does an UCB include any info on how many systems the given device is online?
hi all, if a particular DASD device is online on several LPARs of a sysplex. does the UCB or any other control block include a counter on the number of LPARs the particular is currently online? many thanks for any tipp! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
how to dump or browse sysplex structures?
STRUCTURE ALLOCATION TIME: 10/31/2010 03:37:10 CFNAME : xx COUPLING FACILITY: 002094.IBM.xx.000xx PARTITION: 2F CPCID: 00 ACTUAL SIZE: 79872 K STORAGE INCREMENT SIZE: 512 K USAGE INFO TOTAL CHANGED% ENTRIES: 42627 16297 38 ELEMENTS: 212751 90245 42 PHYSICAL VERSION: xxx LOGICAL VERSION: xxx SYSTEM-MANAGED PROCESS LEVEL: 8 DISPOSITION: DELETE ACCESS TIME: 0 MAX CONNECTIONS: 32 # CONNECTIONS : 2 question: why does //LOGLIST EXEC PGM=IXCMIAPU //SYSPRINT DD SYSOUT=A,DCB=RECFM=FBA //SYSINDD * DATA TYPE(LOGR) REPORT(YES) LIST STRUCTURE NAME(*) DETAIL(YES) not dump structure data? many thanks for any tipp! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
how to dump or browse sysplex structures?
hi all, i need to read a structure inside the CF. i try it via the DUMP command in combination with the corresponding parameter and options? it does not want to run properly. therefore, i have some questions: * dumping can be performed from any system "around" the CF, or does it need to be the system it had created? * dumping somestimes result in a rc=16 that obviously indicates insufficient space in the CF's dump area. how can i extract parts of a structure? * does anybody know a utility to browse sysplex structures? maybe a cbt program, or similar. many thanks for any help. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
hi, if you are interested in details on this concern refer to http://www.fedtke.com/download.htm -> select english -> select the "IT SECURITY FORUM" best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
re-locating the cursor into the primary command line within an ispf edit macro
hi all, if you apply ISREDIT FIND ... ISREDIT CHANGE ... or similar ispf edit macro commands, the cursor is placed in the corresponding text line. when the macro terminates, and the edit panel appears, the cursor always resides in any of these lines. we did not find any way to relocate the cursor into the primary command line. did anybody achieve that already? many thanks for any tip! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
any experience with RCVUICA, RCVCPUA, RCVAVQC, ...?
hi all, thanks for the "RCVxxx field" and "SYSEVENT QVS" tips. sorry for more questions: * are these averages calculated for a given interval? of which length is this interval? * can RCVCTMC be used to determine a new(next) interval? means, a change of this value indicates new interval values * is the scale for RCVCPUA 0-100, and unit of measurement is percent? * how has RCVUICA to be interpreted? * which processor is measured within RCVCPUAA? the current while accessing this field? many thanks for any detail! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
easy access to the current cpu-peak-time status or cpu load
hi all, we need to know in realtime how close the system is to its cpu peak interval/time (meaning that peak time representing the z user's major invoice factor). does anybody have an idea on how to EASILY determine key information in the field of "cpu load" etc., such as via reading control blocks, or issuing a console command? using sdsf or similar is no possible way in our situation. many thanks! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
products or system components applying cross-memory FASTAUTH requests
hi all, does anybody know products or system components applying (massive) cross-memory FASTAUTH requests, maybe also in an SRB environment, in order to get more experience with tricky situations for the ICHRFX03/04 exits. many thanks! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
REQUEST=FASTAUTH exit routine: any experience with the ICHRFXyy exit's complex environmental conditions?
hi all, thanks to all for replying on my last question. i would have one further: if you read the environmental conditions of the ICHRFXyy FASTAUTH exits, it seems to be a tough job to escape in an environment that allows you to perform some critical activity requiring authorization and similar. the book says: Its running environment offers limited function as indicated in the following list: The execution key is unpredictable. The exit might receive control in either supervisor or problem state. The exit might or might not be given control APF-authorized. The exit might be given control in SRB mode; that is, the REQUEST=FASTAUTH might have been issued by a caller running as an SRB. The exit should not issue any SVCs. The exit routine might be given control in either 24- or 31-bit mode. does anybody have experience in programming ICHRFXyy exits, or knows any "alternative"? many thanks! best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
RACHECK call: difference between RTOKEN and UTOKEN?
hi all, thanks to all for replying on my last question. i would have one further: what is the actual difference between the RTOKEN and UTOKEN parameters within the context of the RACHECK service? the UTOKEN parameter is pritty good documented. RTOKEN just with a few words. are both handled the same way? is there any preference if both parameters are specified? best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
RACHECK call: determining whether and which TCBSENV (TCB ACEE) is in charge
hi all, when there is a need to determine the TCBSENV (TCB ACEE) in charge for a given RACHECK call, determining it for the current TCB is quite easy: L R14,PSATOLD-FLC(0,0)LOAD CURRENT TASK CONTRO ICM R15,B'',TCBSENV-TCB(R14) BNZ tcbacee_given my question: 1) does racf only honor the TCBSENV of the current task, or is there a need to check the entire TCB tree above, means checking the TCBSENV field of the mother tcb, and its mother ... in order to identify any non-zero TCBSENV field? 2) is there a risk for an infinite loop in the tcb-mother-child structure by just looping until TCBOTC = 0? thanks for any info or code. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet you at Share in Seattle! Get current information on "Outsourcing: How to Avoid Security Pitfalls"(session 5244) (Seattle, March 2010, 15 to 19); for details refer to www.share.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking (getting back on topic) / some inspirations on that topic
forgive us for the following recommendation: those installations, requiring a really secure mainframe, combatting even the most "smart, but bad tricks", should feel free in * visiting the download section of our website, or in * attending our coming Share session "5419 - Managing Security in a Troubled Economy" in denver, or in * searching for our presentation of Share session "Mainframe Security & Compliance - How to Prevent Subprime-like Bubbles and Self-deceptions" (austin this year). cheers stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet you at Share in Denver! Visit our session "5419 - Managing Security in a Troubled Economy". -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
does anybody know details on this dynamic LPA detail?
hi, does anybody know the function of this bit (dynamic LPA module handling), and how to apply it: +LPMEASVC EQU X'80' This entry is an SVC. The SVC number is in + LpmeaxSvcnum. does its usage prevent any removal, or similar. thanks stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet you at Share to talk about current concerns: "Why do mainframe users pay too much for even incomplete security & compliance monitoring?" (Austin, March 1-6, 2009) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
does anybody know a basic type of "VTAM LU telnet" tool
hi, does anybody know/have a simple tool, any freeware or sample code, to establish an APPC LU connection in order to perform a basic communication test. just to test the principal establishment of a connection - like using telnet to contact any application's listener to test for a possible connect. thanks stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet you at our Share session: "Mainframe security & compliance - how to prevent subprime-like bubbles and self-deceptions" (Austin, March 1-6, 2009) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
any negative experience with using RACROUTE services in SRB mode?
hi, does anybody have negative experience with using the RACROUTE services in SRB mode? any recommendations? any hidden limitations? thanks stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet you at our Share session: "Mainframe security & compliance - how to prevent subprime-like bubbles and self-deceptions" (Austin, March 1-6, 2009) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IRS Mainframe Not Secure Enough
cool that such critical reports may become published. simply the strongest guarantee for improvement. --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet you at our Share session: "Mainframe security & compliance - how to prevent subprime-like bubbles and self-deceptions" (Austin, March 1-6, 2009) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
SDSF and REXX support
hi, does anybody know on how to change spool file attribute, such as the msgclass, inside a "SDSF & REXX" environment? I.e. on how to change corresponding table columns, causing system commands being issued by SDSF. maybe, it is impossible. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com Meet your "MAX Z Compliance Protector" at Share, Austin, March 1-6, 2009. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: KEY 8 CSA Usage
hi, if you can't get rid of the actual risk, such as CSA with key 8 in your case, or any other possible vulnerability, like apf-auth code, etc., you still have the opportunity to combat/cover the risk by corresponding fraud/misuse monitoring. removing the software thus is not the last and only option. we made a lot of positive experience in satisfying auditors, stressed by SOX, PCI, and even more by common criteria requirements, with such a countermeasure; especially if you can prove effectiveness. best stephen Dr. Stephen Fedtke www.enterprise-it-security.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
for those who want to get rid of old-fashioned password and racf exits
here is an info, just in case you need/want to get rid of old-fashioned password and other racf exits: http://www.fedtke.com/sf_noevasion.htm best stephen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cobol malicious code lookup
if malicious code is generally your concern, i apologize for recommend reading "it sec forum" at www.enterprise-it-security.com we are specialized in runtime-related z/OS malicious code detection, and programcode scan for virus/malicious code on load module level (unfortunately, not on source code level). best stephen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBM PCI Compliance with z/OS Com Server Seminar
information on mainframe-related PCI challenges are also discussed at www.enterprise-it-security.com -> it security forum for european mainframe users there is a free seminar also focusing PCI concerns (in german language): http://www.fedtke.com/exchange/UpToDate2008.pdf best stephen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
control block including JOBID in case of WLM-managed jobs
hi z/os specialists, for batch jobs running JES2-managed you may determine the jobid (JOB) in control block field SSIBJBID. this seems to differ in case of WLM-managed jobs. does anybody has info or idea on where to get the jobid based on passing thorugh control blocks (not via console command). thanks stephen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
