CA Top Secret provides the following batch utility programs to help monitor and control system security, log system activity, and perform disaster recovery:
Run this batch utility to monitor changes to the security file and sensitive facilities and data areas. You can use it to list:
The last two capabilities are especially useful for pinpointing security weaknesses.
Run this utility run against the CPF recovery file to produce a flat file record. This record can then be filtered through the TSSREPORT3 EARL report option or through another report writer to depict the contents of the CPF recovery file.
Run this batch utility program to process security-related activity recorded in SMF data sets and the CA Top Secret Audit/Tracking file. To monitor user activity in an OpenEdition MVS environment, CA Top Secret logs security events under OpenEdition MVS to SMF using the standard CA Top Secret SMF record. Log records are written for any security event that denies the ACID access to an OpenEdition MVS facility. These records can assist you in determining the UID and GID of the ACID involved in the attempted access.
Run this utility to determine which of these data sets have and do not have their security bit indicators turned on. The TSSPROT utility pertains to VSAM and non-VSAM data sets in an SU32 environment. You can also use TSSPROT to turn security bits on or off for specific data sets or all data set located on accessible volumes. In a z/OS Alwayscall environment, TSSPROT has no effect.
Only the MSCA or an SCA can use this utility.
Run this utility to aid recovery from loss or corruption of the security file. During normal system operation, CA Top Secret maintains a record of all changes to the security file in the recovery file, which is a perpetual file. Changes are recorded to the file in a wraparound format. Therefore, this file must be large enough to accommodate all changes that occur between security file backups.
Run this batch utility program to process and display the output the SAF SECTRACE command sends to SMF. To run the TSSRPTST report, you must have already run the SAF SECTRACE operator command and set the output destination to SMF. With few exceptions, CA Top Secret processes all z/OS SAF security requests by default. The SAF Trace report displays the monitored RACROUTE parameter list passed by requests for SAF services. This report also displays additional information, such as job name, user ID, and the program issuing the SAF call.
Run this utililty to monitor security-related events from an online terminal in a real-time manner. This functionality lets the security administrator monitor suspicious activity "as it happens." Furthermore, TSSTRACK enables all CPUs on a single security audit file to be monitored from a single terminal. TSSTRACK can go back to a specified date to focus on a selected facility or on violations only.
The events that security administrators can monitor using TSSTRACK are limited by their administrative scope. All the information that TSSTRACK displays is obtained from the CA Top Secret Audit/Tracking file; only information logged to this file can be monitored.
You can use TSSTRACK from both 3270 and non-3270 terminals. Its standard version can run from CICS and TSO; however, you can customize it to run under other z/OS online facilities.
For information on logging options, see the Report and Tracking Guide.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|