This TSSOERPT report shows the logging of security events in a USS environment:
Mainframe Security - z/OS USS Event Log - PAGE 1
DATE 03/04/05 (06.007) TIME 12.34
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
R_writepriv USER01 OMVSGRP 8888888 44444 4 4 0
01/07/05 05.007 12.23.26 USER01 CPU1
Failed - Write-Down by user is not active on this system.
Function: Query
getGMAP USER01 OMVSGRP 8888888 44444 0 0 0
01/07/05 05.007 12.24.27 USER01 CPU1
Successful - Logging active by Trace/Audit options
UID/GID value: 0
Map name: ZEROGRP Search by GID/UID
ck_access USER01 OMVSGRP 8888888 44444 8 8 4
01/07/05 05.007 12.24.31 USER01 CPU1
Failed - User not authorized to access file
Function: chdir User Type: Local
Requested Access: Search
Name flag: Use CRED_name_flag to determine pathname
Pathname: dev
Filename: dev
File Permissions: Owner: rwx Group: --- Other: r--
Owning UID: 0 Owning GID: 10
Volume : TSO02A File Identifier: 208505000000000003
File Audit Options:
User : Read Failure Write Failure Exec/Search Failure
Auditor : Read Failure Write Failure Exec/Search Failure
Sample Output with MLS Security Active
ck_access USER01 OMVSGRP 8888888 10 0 0 0
01/07/05 05.007 12.56.44 USER01 CPU1 SYSLOW
Successful - Logging active by Trace/Audit options
Function: open User Type: Local
Requested Access: Read
Name flag: Use CRED_name_flag to determine pathname
Pathname: /usr/file2
Filename: file2
File Permissions: Owner: rw- Group: r-- Other: r--
Owning UID: 0 Owning GID: 0 SECLABEL: BCD
Volume : TSO01S File Identifier: 00010E000000230000
File Audit Options:
User : Read Failure Write Failure Exec/Search Failure
Auditor : Read None Write None Exec/Search None
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|