Previous Topic: Audit UtilitiesNext Topic: Threats and Exposures

Auditing, Reporting, and SurveillanceCPF Journal Files

CPF Journal Files

The Command Propagation Facility (CPF) uses Journal Files to provide a historical record of the commands sent to and from CA Top Secret. An individual Journal File is usually a JES spool data set. If the proper software is available, a SYSOUT data set which can be printed off or viewed online. CPF allocates one Journal File for each remote node that is defined to it through the NODES control option. CPF also allocates one Journal File for all incoming traffic. NODES specifies the places that CPF can send to, but does not affect from where it can receive.

By examining the appropriate Journal File, an auditor can see exactly what came in, what went out, and the results of the action taken.

The following sample reports demonstrate the Journal Files information.

Example: journal on sending machine

TSS9811I ***** CPF SUBTASK INITIALIZED FOR NODE *****
TO: NYC00   ID: 000000001
TSS LIST(USRJOE) DATA(ALL) TARGET(NYC00)
FR: NYC00   ID: 000000001
ACCESSORID = USRJOE   NAME       = JOE PAZ  TYPE       = CENTRAL  FACILITY   = BATCH  FACILITY   = STC  FACILITY   = TSO  FACILIT
Y  = TSR  FACILITY  = CICSPROD  FACILITY  = IMSPROD  FACILITY  = VM  FACILITY  = RPGFAC  FACILITY   = RDFFAC  FACILITY   = ROST
EST  CREATED    = 01/20/88  LAST MOD   = 10/10/90  16:    PROFILES   = TDGPROF   TCSPROF  ATTRIBUTES = CONSOLE,DUFXTR  BYPASSIN
NODSNCHK,NOVOLCHK,NOSUBCHK? LAST USED = 10/10/90 16:09 CPU(XE05) FAC(TSO    ) COUNT(01078)  PHYSKEY  = 2356668  VMMDISK  = PAZ
JO01
TO: NYC00   ID:?000000002
TSS ADD(USRJOE) TSOPROC($USRJOE) TARGET(N*)
FR: NYC00   ID: 000000002
TSS0351E  SPECIFY "UNDERCUT" TO TRANSFER OWNERSHIP  TSS0301I  ADD      FUNCTION FAILED, RETURN CODE =  8
TO: NYC00   ID: 000000003
TSS WHOO TSOPROC($USRJOE) TARGET(*)
FR: NYC00   ID: 000000003
TSODEPT1 OWNS TSOPROC  $USRJOE                                        TSS0300I  WHOOWNS  FUNCTION SUCCESSFUL
TO: NYC00   ID: 000000004
TSS PER(USRJOE) DSN(JUNK) TARGET(NY*)
FR: NYC00   ID: 000000004
TSS0317E  DATASET/PREFIX NOT FOUND IN SECURITY FILE  TSS0301I  PERMIT   FUNCTION FAILED, RETURN CODE =  8

Example: journal on receiving machine

FR: CHI01   ID: 000000001
TSS LIS(USRJOE) DATA(ALL) TARGET(A*) WAIT(Y)
TO: CHI01   ID: 000000001
ACCESSORID = USRJOE   NAME     = JOE PAZ  TYPE     = CENTRAL  FACILITY   = BATCH  FACILITY   = STC  FACILITY   = TSO  FACILIT
Y  = TSR  FACILITY  = CICSPROD  FACILITY  = IMSPROD  FACILITY  = VM  FACILITY  = RPGFAC  FACILITY   = RDFFAC  FACILITY   = ROST
EST  CREATED    = 01/20/88  LAST MOD   = 09/25/90  12:13  PROFILES   = TDGPROF  TCSPROF  ATTRIBUTES = CONSOLE,DUFXTR  BYPASSING  =
NODSNCHK,NOVOLCHK,NOSUBCHK  LAST USED  = 08/29/90 11:47 CPU(XE05) FAC(TSO    ) COUNT(01076)  PHYSKEY  = 2356668  VMMDISK  = PAZ
JO01
FR: CHI01   ID: 000000002
TSS ADD(USRJOE) LTIME(1) TARGET(NCY00)
TO: CHI01   ID: 000000002
TSS0300I  ADD      FUNCTION SUCCESSFUL
FR: CHI01   ID: 000000003
TSS PER(USRJOE) DSN(JUNK) ACC(ALL) TARGET(*)
TO: CHI01   ID: 000000003
TSS0317E  DATASET/PREFIX NOT FOUND IN SECURITY FILE  TSS0301I  PERMIT   FUNCTION FAILED, RETURN CODE =  8
FR: CHI01   ID: 000000001
TSS LIST(USRJOE) DATA(ALL) TARGET(NCY00)
TO: CHI01   ID: 000000001
ACCESSORID = USRJOE   NAME       = JOE PAZ  TYPE       = CENTRAL  FACILITY   = BATCH  FACILITY   = STC  FACILITY   = TSO  FACILIT
Y  = TSR  FACILITY  = CICSPROD  FACILITY  = IMSPROD  FACILITY  = VM  FACILITY  = RPGFAC  FACILITY  = RDFFAC  FACILITY   = ROST
EST  CREATED   = 01/20/88  LAST MOD   = 10/10/90  16:11  PROFILES   = TDGPROF   TCSPROF  ATTRIBUTES = CONSOLE,DUFXTR  BYPASSING  =
NODSNCHK,NOVOLCHK,NOSUBCHK  LAST USED  = 10/10/90 16:09 CPU(XE05) FAC(TSO    ) COUNT(01078)  PHYSKEY  = 2356668  VMMDISK  = PAZ
JO01