Chapter 8. Auditing Considerations
This section summarizes the changes to auditing procedures for the RACF:
SMF records
Report writer utility
SMF data unload utility
The auditor must decide on appropriate global auditing options for the new classes
and on which auditing reports are to be produced. See
OS/390 Security Server
(RACF) Auditor's Guide
and
OS/390 Security Server (RACF) Macros and Interfaces
for more information.
SMF Records
Figure 22 summarizes the new event codes for SMF records created by RACF for
OS/390 Release 2. The new event code is a general-use programming interface
(GUPI).
Figure 23 summarizes changes to SMF records created by RACF for OS/390
Release 2. These changes are general-use programming interfaces (GUPI).
Figure 22. New Event Codes
Event Code Description Support
65 Audits the passing of access rights from one
process to another.
OS/390
OpenEdition
Figure 23 (Page 1 of 2). Changes to SMF Records
Record
Type
Record
Field
Description of Change Support
80 SMF80EVT Event code 57 is used to audit two new
OpenEdition services: a new console
communications service (CCS) and a new
workload manager (WLM) service. Two
new audit function codes, 99 and 100,
cause event 57 records to be generated.
Creation of the audit records is controlled
by the existing PROCESS class.
Event code 65 is used to audit the
passing of access rights from one process
to another. Three new audit function
codes, 95, 96, and 97, cause event 65
records to be generated. Creation of the
audit records is controlled by the existing
PROCACT class.
OS/390
OpenEdition
80 Relocate
64
For event code 2, this SMF record
contains a link value to connect client and
server audit records.
OS/390
OpenEdition
DCE
Copyright IBM Corp. 1994, 1996 45