eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
WLM (Workload Management)............................................................... 1–94z/OS and OS/390 Security Server Support..................................................... 1–94RACF .................................................................................. 1–95DCE Security Server ..................................................................... 1–96Firewall Technologies .................................................................... 1–97LDAP Server ............................................................................ 1–98DB2 Security Exit ........................................................................ 1–99Integrated Cryptographic Services ........................................................ 1–99Chapter 2: Controlling Access to the Hierarchical File SystemControlling HFS Using the Native UNIX Security Model ..........................................2–1Processes that Affect HFS Security ..........................................................2–3HFS FASTPATH Checking .............................................................2–3MOUNT NOSECURITY ................................................................2–3Program Control in the UNIX Environment ..............................................2–3Controlling HFS Using CA SAF HFS Security ....................................................2–4CA SAF File Access Security ................................................................2–4Path Name Translation .................................................................2–5HFSSEC Resource Class ................................................................2–6Permission Considerations..............................................................2–6Reporting .................................................................................2–7Securing HFS Functions........................................................................2–7System Functions ..........................................................................2–7System Functions (IBMFAC ATTRIBUTE)................................................2–8File Functions .............................................................................2–9File Functions (IBMFAC) ...............................................................2–9Sample Permissions...................................................................... 2–10Implementing CA SAF HFS Security .......................................................... 2–11HFSSEC Control Option ..................................................................... 2–12Exit Processing .......................................................................... 2–12Troubleshooting ......................................................................... 2–14Reporting ........................................................................... 2–14OPTIONS(32) ....................................................................... 2–14Diagnostics.......................................................................... 2–15TSSUTIL/SAF Reference Tables ....................................................... 2–15CA SAF HFS ADD/PERMIT Generation Utility ............................................ 2–22Messages ................................................................................... 2–27viSecurity Cookbook
Chapter 3: Using the Sysplex Coupling FacilityThe SYSPLEX XES Function ................................................................... 3–1The SYSPLEX XCF Function ................................................................... 3–3eTrust CA-Top Secret and the SYSPLEX XES Function............................................ 3–3eTrust CA-Top Secret and the SYSPLEX XCF Function ........................................... 3–5XCF(*) Control Option..................................................................... 3–5Controlling Access to XCF Policies.......................................................... 3–5Defining the Sysplex to eTrust CA-Top Secret ................................................... 3–6Managing the Coupling Facility ................................................................ 3–6CFRM Policy............................................................................... 3–7Altering the Coupling Facility Structure Size..................................................... 3–7Rebuilding the Coupling Facility Structure .................................................. 3–8Connecting to the Structure ................................................................ 3–9Defining SYSTEM LOGGER to eTrust CA-Top Secret ............................................ 3–9Appendix A: IMVSECURIMVSECUR ................................................................................. A–1Appendix B: RACF to eTrust CA-Top Secret TranslationADDGRP .................................................................................... B–3ADDUSER ................................................................................... B–3ALTUSER.................................................................................... B–3CLASS....................................................................................... B–3PERMIT ..................................................................................... B–4RDEFINE .................................................................................... B–4RACF Attribute Translation.................................................................... B–5IndexContentsvii
- Page 1 and 2: eTrust CA-Top Secret ® Securityfo
- Page 3: Technical UpdatesMay 2003The follow
- Page 6 and 7: Superuser Granularity .............
- Page 11 and 12: Chapter1Implementing eTrust CA-TopS
- Page 13 and 14: z/OS and OS/390 CompatibilityThe li
- Page 15 and 16: z/OS and OS/390 Release-Specific Se
- Page 17 and 18: OpenEdition MVS / UNIX System Servi
- Page 19 and 20: OpenEdition MVS / UNIX System Servi
- Page 21 and 22: OpenEdition MVS / UNIX System Servi
- Page 23 and 24: OpenEdition MVS / UNIX System Servi
- Page 25 and 26: OpenEdition MVS / UNIX System Servi
- Page 27 and 28: OpenEdition MVS / UNIX System Servi
- Page 29 and 30: OpenEdition MVS / UNIX System Servi
- Page 31 and 32: Tracing UNIX System Services (OMVS)
- Page 33 and 34: Tracing UNIX System Services (OMVS)
- Page 35 and 36: Tracing UNIX System Services (OMVS)
- Page 37 and 38: Tracing UNIX System Services (OMVS)
- Page 39 and 40: Using TCP/IPFILE AUDIT OPTIONS—Th
- Page 41 and 42: Using TCP/IPwheresysname is the nam
- Page 43 and 44: Using FTPHow to Secure FTPFTP runs
- Page 45 and 46: Using TELNETTerminal Source Restric
- Page 47 and 48: WebSphere Application Server for z/
- Page 49 and 50: WebSphere Application Server for z/
- Page 51 and 52: WebSphere Application Server for z/
- Page 53 and 54: WebSphere Application Server for z/
- Page 55 and 56: WebSphere Application Server for z/
- Page 57 and 58: Lotus Domino Go Webserver/* PERMITT
Chapter 3: Using the Sysplex Coupling FacilityThe SYSPLEX XES Function ................................................................... 3–1The SYSPLEX XCF Function ................................................................... 3–3<strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> <strong>and</strong> the SYSPLEX XES Function............................................ 3–3<strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> <strong>and</strong> the SYSPLEX XCF Function ........................................... 3–5XCF(*) Control Option..................................................................... 3–5Controlling Access to XCF Policies.......................................................... 3–5Defining the Sysplex to <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> ................................................... 3–6Managing the Coupling Facility ................................................................ 3–6CFRM Policy............................................................................... 3–7Altering the Coupling Facility Structure Size..................................................... 3–7Rebuilding the Coupling Facility Structure .................................................. 3–8Connecting to the Structure ................................................................ 3–9Defining SYSTEM LOGGER to <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> ............................................ 3–9Appendix A: IMVSECURIMVSECUR ................................................................................. A–1Appendix B: RACF to <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> TranslationADDGRP .................................................................................... B–3ADDUSER ................................................................................... B–3ALTUSER.................................................................................... B–3CLASS....................................................................................... B–3PERMIT ..................................................................................... B–4RDEFINE .................................................................................... B–4RACF Attribute Translation.................................................................... B–5IndexContentsvii