Re: What is the audit basis to prevent read access to z/OS PARMLIB's?

Hi Peter, 1. Seems auditors want security by hiding stuff 2. Access to PARMLIB means that someone can see what datasets can be APF Authorized. 3. Access to PARMLIB means that someone can see what SVC could be loaded. not sure why else. and there are other ways to find the above information if

Re: What is the audit basis to prevent read access to z/OS PARMLIB's?

Hi Peter, Follow the rule of the attached STIG: SYS1.PARMLIB is not limited to only system programmers. Overview Finding IDVersionRule IDIA ControlsSeverity V-108 ACP00010 SV-108r2_rule DCCS-1 DCCS-2

Kubernetes and Red Hat OpenShift Support for IBM Crypto Express

Applications running in Kubernetes and Red Hat OpenShift Container Platform environments can now exploit the FIPS 140-2 Level 4 certified IBM Crypto Express Hardware Security Modules (HSMs) available on IBM Z and IBM LinuxONE servers. This combination provides the strongest, best-in-industry cr

Re: What is the audit basis to prevent read access to z/OS PARMLIB's?

That was my question -- what possible attack vector can be derived form PARMLIB entries? I cannot see any such vector coming out of anything I know about PARMLIB, but I probably don’t know enough, which is why I am asking here. No passwords, no information that Mark Zelden's IPLINFO can’t retri

Re: What is the audit basis to prevent read access to z/OS PARMLIB's?

On Thu, 3 Feb 2022 23:12:10 +, Farley, Peter x23353 wrote: >I'll be the first to admit that I know just enough of what is in SYS1.PARMLIB >to be dangerous, BUT . . . > >What information could possibly be gleaned from reading PARMLIB that would >require a knowledgeable auditor to insist on re

Re: What is the audit basis to prevent read access to z/OS PARMLIB's?

I would suspect that it exposes potential attack vectors for the system. Ideally the system should be secure but loose lips sink ships. Matt Hogstrom m...@hogstrom.org “To my Ph.D. supervisor, for whom no thanks is too much.” > On Feb 3, 2022, at 6:12 PM, Farley, Peter x23353 > <031df298a

What is the audit basis to prevent read access to z/OS PARMLIB's?

I'll be the first to admit that I know just enough of what is in SYS1.PARMLIB to be dangerous, BUT . . . What information could possibly be gleaned from reading PARMLIB that would require a knowledgeable auditor to insist on restricting read access (other than security by obscurity and sysprog/

Re: MVS PURGE command

Because OS/360 doesn't support the 3850. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Charles Mills [charl...@mcn.org] Sent: Thursday, February 3, 2022 1:58 PM To: IB

Re: MVS PURGE command

The existence of a profile in RACF is nota guarantee that there is a resource manager interested in it. > -Original Message- > From: IBM Mainframe Discussion List On > Behalf Of Ed Jaffe > Sent: Thursday, February 03, 2022 2:39 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: MVS PURGE c

Re: MVS PURGE command

On 2/3/2022 9:58 AM, Radoslaw Skorupka wrote: This is a part of my investigation. Yes, command manual does not mention PURGE command, because it no longer exist - I suspect. PURGE IEE305I PURGE    COMMAND INVALID -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El

Re: MVS PURGE command

SEP came in with OS/360. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Michael Babcock [bigironp...@gmail.com] Sent: Thursday, February 3, 2022 3:50 PM To: IBM-MAIN@LI

Re: MVS PURGE command

Hi Radek, Was it CICS-related? Regards, David On 2022-02-03 15:34, Radoslaw Skorupka wrote: W dniu 03.02.2022 o 21:25, Tony Harminc pisze: On Thu, 3 Feb 2022 at 12:59, Radoslaw Skorupka wrote: BTW: current z/OS 2.4 still supports UNIT=SEP construct in JCL. Yes, it is ignored, but still syn

Re: ispf compare and ascii

On Thu, 3 Feb 2022 07:47:46 -0600, John McKown wrote: >On Thu, Feb 3, 2022 at 5:41 AM Colin Paice wrote: > >> I am having problems comparing two python files from OMVS. I can edit them >> both individually ( I can see the blanks are x'20' = ASCII blanks. >> >"... Personally, being a Linux us

Re: MVS PURGE command

Part of JES3? On Thu, Feb 3, 2022 at 11:59 AM Radoslaw Skorupka wrote: > This is a part of my investigation. > Yes, command manual does not mention PURGE command, because it no longer > exist - I suspect. > However migration manual for SDSF may cover "all possible" profiles, > including obsolete

Re: MVS PURGE command

W dniu 03.02.2022 o 21:25, Tony Harminc pisze: On Thu, 3 Feb 2022 at 12:59, Radoslaw Skorupka wrote: BTW: current z/OS 2.4 still supports UNIT=SEP construct in JCL. Yes, it is ignored, but still syntactically correct. AFAIK this parameter predates MVS. :-) Not only does it predate MVS, but th

Re: MVS PURGE command

Looking at http://www.bitsavers.org/pdf/ibm/370/OS_VS2/Release_3.7_1977/GC38-0229-1_OS_VS2_MVS_System_Commands_Rel_3.7_Jul78.pdf pages 22 and 207 mention the PURGE command in the context of the 3850, referencing an operator's manual for that device. Allan On Thu, Feb 3, 2022 at 1:58 PM Char

Re: MVS PURGE command

On Thu, 3 Feb 2022 at 12:59, Radoslaw Skorupka wrote: > BTW: current z/OS 2.4 still supports UNIT=SEP construct in JCL. Yes, it > is ignored, but still syntactically correct. > AFAIK this parameter predates MVS. :-) Not only does it predate MVS, but the very first release of MVS ("OS/VS2 Release

Re: MVS PURGE command

yup, it's a stop command sometime for printers, lines, inits.. JES2. Carmen On 2/3/2022 12:22 PM, Seymour J Metz wrote: It's worse than that; What $P means depends on the operand; it is not alwayy purge. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 _

Re: MVS PURGE command

FWIW I am looking at OS/360 Release 21 Operator's Reference from 1972 on BitSavers. http://bitsavers.informatik.uni-stuttgart.de/pdf/ibm/360/os/R21.0_Mar72/GC28-6691-3_OS_Operator_Reference_Release_21_Mar72.pdf There is no PURGE command listed. Charles -Original Message- From: IBM Main

Re: MVS PURGE command

It's worse than that; What $P means depends on the operand; it is not alwayy purge. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Tony Harminc [t...@harminc.net] Sent

Re: how to do Unix copy command with temp file

On Thu, 3 Feb 2022 17:37:11 +, Billy Ashton wrote: > >I have a process that takes input from several standard MVS files, and >creates a temporary file (sometimes small, sometimes ginormous). Our >shop is using SFTP to send files to another server, and I am not sure >how to code the "cp" comm

Re: MVS PURGE command

This is a part of my investigation. Yes, command manual does not mention PURGE command, because it no longer exist - I suspect. However migration manual for SDSF may cover "all possible" profiles, including obsolete ones. BTW: current z/OS 2.4 still supports UNIT=SEP construct in JCL. Yes, it

Re: how to do Unix copy command with temp file

On Thu, 3 Feb 2022 17:37:11 +, Billy Ashton wrote: > >I have a process that takes input from several standard MVS files, and > Help the list to help you by describing your "process". It might be as simple as: //CAT EXEC PGM=IEBGENER //SYSUT1 DD DSN=first.data.set //DD

Re: MVS PURGE command

that's just crazy, one doc, the doc I searched for shows no MVS.PURGE RACF profile, and yet in another, it does. scratching my head at this one Carmen On 2/3/2022 11:49 AM, Radoslaw Skorupka wrote: I see the following: PURGE MVS.PURGE.MSS MVS.PURGE.** Update Medium https://w

Re: MVS PURGE command

I see the following: PURGE MVS.PURGE.MSS MVS.PURGE.**Update Medium https://www.ibm.com/docs/en/zos/2.4.0?topic=guide-racf-profiles-that-protect-mvs-commands -- Radoslaw Skorupka Lodz, Poland W dniu 03.02.2022 o 18:37, Carmen Vitullo pisze: Searching the fine manual I don't see that

Re: how to do Unix copy command with temp file

Try Irish commands. OCOPY can copy to/from file, ps dataset, member... Both input and output are ddnames. Note, ddname can be used for files as well. -- Radoslaw Skorupka Lodz, Poland W dniu 03.02.2022 o 18:37, Billy Ashton pisze: Here is a simple question that has a simple answer - I hope

Re: ispf compare and ascii

On Thu, 3 Feb 2022 08:16:50 -0600, Carmen Vitullo wrote: >I've used the compare utility  extensively, also many years ago the >extended compare utility was used, I used  to create IEBUPDTE control >cards, been so long I forget what parms to use, > UPDCMS8, UPDMVS8:

Re: how to do Unix copy command with temp file

I'm not sure of your invocation, but maybe the OCOPY command could be useful ? Carmen On 2/3/2022 11:37 AM, Billy Ashton wrote: Here is a simple question that has a simple answer - I hope! I have a process that takes input from several standard MVS files, and creates a temporary file (someti

Re: MVS PURGE command

Searching the fine manual I don't see that profile in the 2.3 or the 2.4 RACF doc https://www.ibm.com/docs/en/zos/2.4.0?topic=characteristics-mvs-commands-racf-access-authorities-resource-names MONITOR READMVS.MONITOR MOUNT UPDATE MVS.MOUNT PAGEADD UPDATE MVS.PAGEADD

how to do Unix copy command with temp file

Here is a simple question that has a simple answer - I hope! I have a process that takes input from several standard MVS files, and creates a temporary file (sometimes small, sometimes ginormous). Our shop is using SFTP to send files to another server, and I am not sure how to code the "cp" co

Re: MVS PURGE command

W dniu 03.02.2022 o 18:16, Paul Gilmartin pisze: On Thu, 3 Feb 2022 17:08:16 +0100, Radoslaw Skorupka wrote: I just found found the following OPERCMDS profile: MVS.PURGE.MSS Current manual says it is for PURGE command. However another current manual does not document such command. Note, it is n

Re: MVS PURGE command

On Thu, 3 Feb 2022 at 11:08, Radoslaw Skorupka wrote: > > I just found found the following OPERCMDS profile: MVS.PURGE.MSS > Current manual says it is for PURGE command. However another current > manual does not document such command. > Note, it is not JES2 command. > > Q: what is it? Is it someth

Re: MVS PURGE command

On Thu, 3 Feb 2022 17:08:16 +0100, Radoslaw Skorupka wrote: >I just found found the following OPERCMDS profile: MVS.PURGE.MSS >Current manual says it is for PURGE command. However another current >manual does not document such command. >Note, it is not JES2 command. > >Q: what is it? Is it somethi

Re: USS Rexx mistery

On Thu, 3 Feb 2022 at 09:29, Seymour J Metz wrote: [shebang] > The wiki article doesn't give the etymology, but I assume that it's an > abbreviation of shell bang ("bang" in a Unixism for exclamation point.) Almost certainly influenced by, though not related to in meaning, the long preexistent

Re: MVS PURGE command

I just issued it on a sandbox system, IEE305I PURGE COMMAND INVALID Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com --- Original Message --- On Thursday, February 3rd, 2022 at 11:08 AM, R

MVS PURGE command

I just found found the following OPERCMDS profile: MVS.PURGE.MSS Current manual says it is for PURGE command. However another current manual does not document such command. Note, it is not JES2 command. Q: what is it? Is it something related to IBM 3850 MSS? -- Radoslaw Skorupka Lodz, Poland

Re: USS Rexx mistery

The wiki article doesn't give the etymology, but I assume that it's an abbreviation of shell bang ("bang" in a Unixism for exclamation point.) -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV

Re: ispf compare and ascii

I've used the compare utility  extensively, also many years ago the extended compare utility was used, I used  to create IEBUPDTE control cards, been so long I forget what parms to use, but for UNIX to UNIX, since the ServerPac migration guide provided the doc on how to use the diff command I'v

Re: ispf compare and ascii

The advantage of the ispf compare function is that you can see the changes in the editor and easily incorporate them. This is good because I spotted I kept adding blanks in my source, so could easily correct this - then just save. Colin On Thu, 3 Feb 2022 at 13:58, Carmen Vitullo wrote: > I, as

Re: ispf compare and ascii

John, There is an ISPF edit "compare" command. Ive used to compare members and datasets with no problems. I had problems with editing a UNIX file and comparing with another UNIX file when the files were ascii. (So blank = x'20' not x'40'). You can tell UNIX which code page the file has using th

Re: ispf compare and ascii

I, as John does use to UNIX diff command, I've never tried the ISPF compare utility. for my z/OS upgrade, I compare the ServerPac etc to my current system(s) etc using diff -r /ServerPac/etc /Service/TST1/etc > /u/jistxxx/TST1_etc_compare_zos112.txt the output gets written to a text file

Re: ispf compare and ascii

On Thu, Feb 3, 2022 at 5:41 AM Colin Paice wrote: > I am having problems comparing two python files from OMVS. I can edit them > both individually ( I can see the blanks are x'20' = ASCII blanks. > I cannot get compare to work.. it looks like compare cannot tell the second > file is ascii. > Is

Re: USS Rexx mistery

Thanks, didn't know it had a name :P - KB ‐‐‐ Original Message ‐‐‐ On Thursday, February 3rd, 2022 at 5:25 PM, David Spiegel wrote: > Hi KB, > > It's a contraction for "Hash Bang", i.e. a number sign/pound sign/Hash > > (Upper Shift 3 on a US Keyboard) followed by an exclamation mark

Re: Time discrepancy

Ituriel wrote >I'm playing with a small ZPDT and probably there are time issues in this server. It is very unlikely that zPDT has "time issues". It is almost certain that your issues are configuration issues, as has been mentioned, related to identifying the timezone for your application to be

Re: REXX long string to SAY and IKT00405I

W dniu 21.01.2022 o 20:31, Paul Gilmartin pisze: On Fri, 21 Jan 2022 14:06:02 +0100, Radoslaw Skorupka wrote: Unprintable data is a more likely culprit. Yes, that was the reason. Did you resolve the problem with a TRANSLATE() filter or at the source? Is it related to the Polish alphabet? W

Re: USS Rexx mistery

Hi KB, It's a contraction  for "Hash Bang", i.e. a number sign/pound sign/Hash (Upper Shift 3 on a US Keyboard) followed by an exclamation mark (Upper Shift 1 on a US Keyboard). The Shebang is used at the start of a script to tell the *ix shell which scripting language to invoke. It is similar

ispf compare and ascii

I am having problems comparing two python files from OMVS. I can edit them both individually ( I can see the blanks are x'20' = ASCII blanks. I cannot get compare to work.. it looks like compare cannot tell the second file is ascii. Is there an easy solution for this? Colin --

Re: USS Rexx mistery

There is a Wikipedia article about it at https://en.wikipedia.org/wiki/Shebang_(Unix) ​Regards, Mark Regan, K8MTR General, EN80tg CTO1 USNR-Retired (1969-1991) Nationwide Insurance, Retired, 1986-2017 z/OS Network Software Consultant (z NetView, z/OS Communications Server) Contractor, Checks & B

Re: USS Rexx mistery

What's a shebang by the way? - KB ‐‐‐ Original Message ‐‐‐ On Wednesday, February 2nd, 2022 at 9:20 PM, René Jansen wrote: > If you want to start it with ./myexec.rex it needs a shebang. > > René. > > > On 2 Feb 2022, at 15:45, ITschak Mugzach imugz...@gmail.com wrote: > > > > Co-post