|
|
|
The PPT usually contains a number of extra entries that are important programs. These entries are included in the PPT when z/OS comes from IBM and most data centers do not bother to change them. For example, there is an entry for the JES2 mainline program (HASJES20) and the JES3 mainline program (IATINTK), even though few data centers have both. Similarly, there are entries for both TCAM and VTAM. It is possible for a data center to have both TCAM and VTAM.
When extra names exist in the PPT, it is easier for someone to slip a program with one of these names into an APF‑authorized library and perform unauthorized activities. This can be done without using the PPT, but it would require more coding, and a programmer might not bother. Furthermore, using the PPT has the advantage of providing programs with special powers without marking them as job‑step APF‑authorized, an action that is much more likely to attract an auditor’s attention.
The PPT also contains five dummy entries at the end of the table. If these entries are altered or deleted, it could indicate that other standard PPT entries were also altered.
For additional details about PPT flags, see the following IBM manuals: z/OS MVS Initialization and Tuning Guide and z/OS MVS Initialization and Tuning Reference.
The PPT Analysis Display (3.6) shows you a list of the PPT programs, their flags, and storage keys. It shows you the libraries where these programs reside by scanning all APF‑authorized libraries. It also shows you the module sizes and link‑edit dates. Check for duplicate copies of these programs on the system. One might not belong in the list. You should be particularly interested if a program is very old or its size differs significantly from the others.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |