TSSAUDIT Utility

This section contains the following topics:

About TSSAUDIT

The Batch utility program TSSAUDIT allows the auditor to monitor changes to the Security File. The type of security information depends upon the control statements selected. Each control statement is discussed in detail following a description of the JCL necessary to execute TSSAUDIT.

TSSAUDIT can be used to perform the following tasks:

Run against a Recovery File that is not active.
List changes made to the Security File. A change by a specified ACID or all changes can be listed, a date or range of dates, and a specified string, if desired.
List Security File information about all ACIDs including attributes and privileges.
Report on old format (pre-release 1.2) Audit files.

Note: Due to the large storage requirements of this job, which varies depending on the size of your recovery file, it is strongly recommended that the CA Top Secret service machine be a minimum of 24 meg in size and that only one request per run be used.

TSSAUDIT JCL

JCL for using TSSAUDIT in Batch is outlined below:

//TSSJOB        ACID=xxxxxx,PASSWORD=xxxxxxxx
//EXEC          PGM=TSSAUDIT[,PARM='control statement']
  TSSAUDIT control statement(s)

Control statements are as follows:

CHANGES: Lists changes made to the Security File. Requires ACID(REPORT) and RESOURCE(REPORT) authorities to run this function.
PRIVILEGES: Lists Security File information about all of the ACIDs. Requires ACID(REPORT,AUDIT) and RESOURCE(REPORT,AUDIT) authorities to run this function.

Control statements can be entered in the PARM field of the EXEC statement or as input control cards.

Each control statement is described below using the following syntax conventions:

UPPERCASE characters must be entered as shown.
Lowercase italicized characters represent user‑specified variables that must be supplied.
Optional parameters appear in brackets [ ].
The | character denotes an OR condition (only one of the options can be supplied).

CHANGES Control Statement

Lists changes made to the Security File.

[CA(acid) ]
 CHANGES   [DATE(-nn) ]
[STRING(string) ]

CA: Only those changes made by the specified control ACID are to be listed. If omitted, all changes are listed.
DATE: Only those changes made on or after the starting date are listed. The starting date to search the Recovery File is obtained by subtracting the number of days ('nn') from the current date. The value 'nn' can be any number from 00 to 99. If omitted, no date restrictions are applied.
STRING: Only those changes containing the specified string entries are listed.

Because TSSAUDIT reads the entire CA Top Secret Recovery File into memory when the CHANGES control statement is specified, the server's virtual storage size may need to be increased when the CHANGES control statement is specified. Insufficient storage is indicated by a 2719 abend.

Each record in the Recovery File is subjected to the following checks to determine if it meets your selection criteria.

Was the change made within the period implied by the DATE operand? (If the DATE is omitted, all those changes made from the beginning date of the Recovery File are listed.)
Was the change made by the ACID indicated in the CA operand? (This check is bypassed if the CA operand was omitted.)
Is the change within your scope? (Only those changes within your scope will be listed.) For example, a VCA can list changes for her division, and all departments within her division.
Does the change contain the string specified in the STRING operand? (This check is bypassed if the STRING operand was omitted.)

The following describes the information header line for CHANGES listing:

Header	Explanation
CHANGER	Lists the ACID name of the user that made the change.
DATE	Lists the date on which the change was made. (Date information appears in the form specified in CA Top Secret's DATE startup option.)
TIME	Lists the time at which the change was made.
SYSID	Lists the VMLOGID or SMF identifier of the CPU on which the change was made.
TYPE	Indicates the type of change: CMND-TSS command PW-Password change AVO-Automatic Volume Ownership DUF-DUFUPD
COMMAND/IMAGE	Lists the TSS command used to make the change or a simulated TSS command for PW, AVO, DUF.

If the CHANGES control statement is specified, and you are not the MSCA, you must have the following administrative authority:

TSS ADMIN (Auditor's acid) ACID(REPORT) RESOURCES(REPORT)

PRIVILEGES Control Statement

Lists Security File information about one or more ACIDs.

PRIVILEGES [SHORT]

SHORT

Information is listed only for those ACIDs that have administrative authority or any of the following attributes:

ASUS-Administrative SUSPEND
AUD-AUDIT attribute
CONS-CONSOLE attribute
DUFU-DUFUPD attribute
DUFX-DUFXTR attribute
GAP-GAP attribute on profile
MRO-MRO attribute
MPW-MULTIPW attribute
NADS-NOADSP attribute
NATS-NOATS attribute
NDSN-NODSNCHK privilege
NLCF-NOLCFCHK privilege
NPWC-NOPWCHG attribute
NRES-NORESCHK privilege
NSUB-NOSUBCHK privilege
NSUS-NOSUSPEND privilege
NVMD-NOVMDCHK privilege
NVOL-NOVOLCHK privilege
OID-OIDCARD attribute
PSUS-Password SUSPEND
SUSP-SUSPEND ACID
TMPW-TSOMPW attribute
TRA-TRACE attribute
VSUS-Violation SUSPEND
XSUS-Installation Exit SUSPEND

The listing produced by the PRIVILEGES control statement contains the following information:

Header	Explanation
ACIDNAME	Lists security information for the specified ACID.
TYPE	Lists the type of ACID record.
ATTRIBUTES & PRIVILEGES	Lists any of the above-mentioned attributes that the ACID might have. If the ACID has administrative authority, ADMIN will appear in the last column.

In the listing produced by the PRIVILEGES control statement, underlining of attributes indicates that the attributes are in a profile to which the specified ACID is attached.

If the PRIVILEGES control statement is specified, you must be the MSCA or have the following administrative authority:

TSS ADMIN (Auditor's acid) ACID(REPORT,AUDIT)
    RESOURCES(REPORT,AUDIT)
INCOMING PARAMETER ===>      PRIVILEGES SHORT

Sample Control Statements

All Security File changes made in the past 30 days by the ACID named SCA01 are listed:

//TSSJOB ACID=SCA01,PASSWORD=XXXXX
//EXEC PGM=TSSAUDIT
  CHANGES DATE(-30)

All Security File privileges that included the string “operator” are listed. Note that the PRIVILEGES control statement is specified in the PARM field.

//TSSJOB  ACID=SCA01,PASSWORD=xxxxxxxx
//EXEC	TSSAUDIT,PARM='PRIVILEGES STRING(OPERATOR)'