|
|
|
Most experts recommend that data centers clean out any unused entries for the security reasons outlined above. However, some experts feel that taking out entries could be construed as a recommendation to modify the operating system. Programs that are specified in the PPT to have extraordinary powers should be carefully controlled. Ideally, you should inspect the source code for each of these programs to determine their purpose, use, and function. However, you might not be able to obtain the source code for proprietary programs.
However, you should carefully check any applications programs or locally written programs that you find in the PPT. It is not unheard of to have applications programs in the PPT, but it should be rare and done only under very limited circumstances. It is fairly common for systems programmers to place locally written programs in the PPT. You should check these also. As with other source code reviews, if you do not read Assembler language, you should request a “peer review” of the code. These programs should be adequately documented as to their purpose, use, and function.
These user‑supplied programs are listed in the SCHEDxx members of SYS1.PARMLIB.
See the System Review Checklist for the specific tests you should perform when reviewing the PPT.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |