System Installation ChoicesAPF Library Analysis › Find Duplicate APF Programs

Previous Topic: APF Library Statistics Summary

Next Topic: APF-Authorized TSO Table Entries Display

Find Duplicate APF Programs

z/OS automatically recognizes some libraries as APF‑authorized, such as SYS1.SVCLIB and SYS1.LINKLIB, according to standard conventions. Other libraries must be explicitly designated as APF‑authorized by their inclusion in the IEAAPFxx member in SYS1.PARMLIB. z/OS also consider modules that reside in the link pack area (LPA) as APF‑authorized, just as if they resided in an APF‑authorized library.

Many data centers designate additional APF‑authorized libraries. Having multiple APF‑authorized libraries introduces the possibility of creating duplicate APF programs. Duplicate APF programs and libraries increase the possibility of programs bypassing security controls and the exposure of executing an outdated copy.

The Find Duplicate APF Programs option identifies the APF libraries that contain members that have the same names as those of members in other APF libraries. This display also searches the LPA for members that appear in other APF libraries and identifies the DASD volume where each APF library resides.

To find duplicate APF programs

  1. From the z/OS System Installation Choices screen, select option 2.

    The APF Library Analysis submenu is displayed.

  2. Select option 2.

    The Find Duplicate APF Programs screen is displayed.

  3. Enter an S (Select) next to a library name to see a list of duplicate APF programs.

    The List Duplicate APF Programs screen displays the name of each APF‑authorized library that contains a program or member with the same name found in a different APF‑authorized library or in the link pack area (LPA). If you entered an S (Select) next to one or more of the libraries, CA Auditor displays the names of other APF‑authorized libraries that contain identically named programs. If CA Auditor finds identically named programs in the LPA, you see APF in this field. If you select more than one library, CA Auditor shows you a series of screens (one for each library you selected).

    The fields on this screen display information about duplicate APF programs, such as their location and size. Each duplicate APF program is listed separately, showing all libraries that contain identically named programs. To end the display or view other selected members, press the END key (usually F3).

  4. (Optional) Enter B (Browse) next to the library name to browse a library.
  5. (Optional) Enter F (Freeze) to monitor changes to a library.