4. EXCEPTIONS4.3 Detailed Exception Descriptions › 00007: Unauthorized Use of Program by TSO User

Previous Topic: 00005: Game Played During TSO Prime-Time

Next Topic: 00050: Excessive Use of TSO Command per Hour

00007: Unauthorized Use of Program by TSO User


FILE              TSO Interactive Usage Activity
SAS FILE NAME     DETAIL.TSOTSI01
SOURCE LOCATION   sharedprefix.MICS.SOURCE(DYTSOEXC)

SEVERITY          Warning       (SEVERITY='W')
MANAGEMENT AREA   Security      (MGMTAREA='SECURITY')

PURPOSE      Identifies unauthorized users who have executed
             the SUPERZAP Program.

RATIONALE    SUPERZAP is an IBM Service Aid.  This program
             can be used to inspect/modify load modules, data
             in DASD data sets, or DASD Volume Table Of
             Contents (VTOCs).  Unauthorized users could make
             modifications to programs and data,
             circumventing normal security procedures.  This
             program could also be used to gain access to
             password protected data sets, through VTOC
             modification or penetration of the password data
             set.  Even when this program is used for
             legitimate purpose, there is the danger that the
             source program or audit trail will not be
             updated to reflect the change.

DEFINITION   This exception is detected when an unauthorized
             user calls the SUPERZAP program.

EXCEPTION    The SAS statements identifying the exception
STATEMENTS   situation and describing the condition are
             stored in the source member named in SOURCE
             LOCATION and are described below:

************************************************************;
*
**  00007
**  UNAUTHORIZED USE OF PROGRAM BY TSO USER
*;
IF (
    PROGRAM='AMASPZAP'
 OR PROGRAM='IMASPZAP'
 OR PROGRAM='SUPERZAP'
 OR PROGRAM='program-name'
 )
 AND NOT(USER=:'user-id')
 THEN DO;
  EXCCODE='00007'; SEVERITY='W'; MGMTAREA='SECURITY';
  EXCDESC1='UNAUTHORIZED USE OF PROGRAM BY TSO USER';
  EXCDESC2='USE COUNT=' || PUT(TSINOEXS,3.);
  LINK HIT;
END;

THRESHOLD     Modify the list of SUPERZAP command and program
MODIFICATION  names contained in the definition string and
              specify the userids that will be excluded from
              causing exceptions, according to the following
              conventions:

    program/command-name  The name of the program/command is
                          specified as a one to eight
                          character alphanumeric field, and
                          must be enclosed in quotes as a
                          standard SAS character literal.
                          Additional program/command names
                          must be connected to the list with
                          an OR.  For the name ZAP, the
                          specification would be:

                             COMMAND='ZAP' OR 'PROGRAM='ZAP'

    user-id               The name of the userids to be used
                          for selection is specified as a one
                          to seven character alphanumeric
                          field, and must be enclosed in
                          quotes as a standard SAS character
                          literal.  Additional userids must
                          be included in parentheses and be
                          connected to the list with an
                          OR.  For all users whose ids do not
                          begin with SYS or ABC, the
                          specification would be:

                          AND NOT(USER=:'SYS' OR USER=:'ABC')

                          For all users whose ids do not
                          begin with SYS or user ABC006, the
                          specification would be:

                        AND NOT(USER=:'SYS' OR USER='ABC006')