|
|
|
Use the Program Origin Display (5.1) to analyze z/OS libraries to determine what program modules they contain. You must have read access to the library that you want to review. If you have multiple LPA libraries or an unauthorized linklist, see the Usage Guide for additional information.
Auditor___________________________ Location___________________ Page____of____
Approved__________________________ CPU________________________ Date__________
|
Step |
Description |
W/P Ref |
Finding |
Remarks |
|---|---|---|---|---|
|
1 |
z/OS link pack area (LPA) library collects modules to load into virtual storage at the time of a z/OS CLPA IPL. To analyze, you first need to identify all of the data sets which together are used to populate the LPA area. The LPALSTxx members specified at IPL time through the IEASYSxx IPL member and possibly through operator overrides are used to specify these libraries. You can obtain this list by using the Show LPA libraries function (2.4.3). Once you have this list, survey the contents of each LPALST library including SYS1.LPALIB using the Program Origin display (5.1). Remember that LPA can be loaded from any APF‑authorized library, not just SYS1.LPALIB. Be sure to check the contents of all LPA libraries. Note all non‑IBM and unknown modules. |
|
|
|
|
2 |
Obtain the library names of the Authorized Program Facility (APF) system libraries using the APF Library Display (2.4.1). These libraries are critical to the security, integrity, and control of z/OS. For now, exclude any application program load libraries that are authorized because they are included in the system linklist. Note: The APF Library Display (2.4.1) shows all libraries that are presently marked APF. This list can differ from what might be specified in the logical Parmlib IEAAPFxx and PROGxx members. Remember that it is possible to dynamically assign APF authorization to libraries not marked APF at IPL using the MVS SETPROG command and other system utilities such as CA SYSVIEW. If you find that there are changes that indicate that one or more libraries have been made APF-authorized since IPL, review the appropriate change logs to ensure that you can properly account for these changes. Examine each APF library using the Program Origin display (5.1). Note all non‑IBM and unknown modules. When unknown names are detected, enter the alias names provided on the Program Origin display (5.1) to see if they relate to known load modules. |
|
|
|
|
3 |
Reconcile the non‑IBM and unknown modules found in Steps 1 and 2 with the program products shown on the computer system profile. Verify that they agree with vendor billing records. |
|
|
|
|
4 |
To detect IBM or other program product modules in application load libraries, use the Program Origin display (5.1) to analyze each of the libraries from the linklist excluded in Step 2. Because they are not z/OS system libraries, all modules shown should be unknown to CA Auditor. |
|
|
|
|
5 |
Select a sample of libraries that belong to Technical Support personnel. Use the Program Origin display (5.1) to detect any unauthorized copies of program products. Determine the purpose, use, and function of any such program modules. |
|
|
|
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |