ACFRPTNV - The Environment Report

Describes the ACFRPTNV environment report.
acf2src
The ACFRPTNV report generator produces loggings of each START (S ACF2), STOP or PURGE (P ACF2), and MODIFY (F ACF2) operator command issued. This report generator also produces loggings of system IPLs and possible losses of SMF data. These events represent changes in the CA ACF2 environment.
This report promotes auditing of the CA ACF2 security environment by tracking the flow of security-related activities in the system. For instance, by noting the time between IPL and CA ACF2 startup, you can detect the passage of any significant period of time when CA ACF2 did not have full control of system security. (CA ACF2 provides some control over job submission and data access even when stopped.) If CA ACF2 is stopped and then restarted, you can document the reason for such an occurrence. Also, you must investigate any losses of SMF data (SMF record type 7), since the lost data might include loggings of access violations.
The ACFRPTNV report must run against a
complete
SMF file to accurately produce the time of the last SMF record before IPL. Since no actual shutdown record or time exists, CA ACF2 uses the time of the last complete SMF record. If the ACFRPTPP preprocessor is run before running the ACFRPTNV report, SMFNR records are the only ones processed and the ACFRPTNV report will contain only these records.
In addition, the logging of CA ACF2 modify commands enables you to review when CA ACF2 cross-reference tables, resident rules and directories in memory, and GSO records in the Infostorage database were altered. Such journaling also informs you of when CA ACF2 database backups have taken place.
Authorization Checking
CA ACF2 checks whether the person submitting the utility is authorized to view or manipulate the input SMF data. If you specify RPTSCOPE in the GSO OPTS record, a user is restricted to the SMF record data that matches his or her privileges and restrictions. In the default case of NORPTSCOPE, no authorization checking is done.
For the ACFRPTNV report, the following privileges and restrictions of the user running the report are validated as part of the report processing when RPTSCOPE is specified: SECURITY or AUDIT and the INF field in the associated scope record, or the INFOLIST privilege. If the user has one of these authorities and the SMF record is in the scope of the user's logonid, or the user has the INFOLIST privilege, the user can view the record.
Running the Report Using ISPF Panels
You can use the ACFRPTNV ISPF panel to create your input for the report. The following parameters can be found on the ACFRPTNV ISPF panel.
TITLE
Specifies a character string added to other title information at the top of the report. This character string can be up to 35 characters in length. If you do not specify this parameter, the report generator uses the first 35 characters in the PARM field of the EXEC statement. If this character string is longer than 35 characters, only the first 35 characters are used.
CPUID-MASK
Specifies that the report is limited to records written by the specified CPUs. Specify only one individual CPUID or CPUID mask. The default is all CPUs.
SYSID MASK
Specifies a single ID or mask of IDs for selecting records written by a particular system or group of systems running CA ACF2. (Note that several systems might run from one CPU.) The system id mask can be up to 8 characters. The default is ********, which specifies records written by all systems.
DOUBLE SPACE
Specifies double spacing of entries on the report. The default is NO.
TRACE
Specifies the listing of all SMF records being written, including trace records written by the CA ACF2 main task. The default is for no report of trace records. ACFRPTNV does not provide a NOTRACE parameter.
TIME
Specifies the desired format of the time stamp in report : M (default) displays HH.MM, S = HH.MM.SS or H = HH.MM.SS.TH.
OUTPUT LIST NAME: LIST ID
Specifies the 1- to 8-character output list name. ISPF prefixes the name you specify with the user's prefix from his profile and the characters ACF2.ACFRPTNV. For example, if you specify TEST as the output list name, your output list data set name is
dft-pfx
.ACF2.ACFRPTNV.TEST.
SPECIFY INPUT DATA SET(S) FOR ACFRPTNV
For an explanation of your options, see Input and Output Files for Report Generators in Reporting.
LOGSTREAM
Indicates if LOGSTREAM SMF data needs to be retrieved. This parameter is available for z/OS1.9 and higher when the SNF data is being captured by a LGR LOGSTREAM structure. When Y is specified an ACFRPTAL is displayed to provide specific logstream parameters.
Running the Report Using JCL
You can use JCL instead to run the ACFRPTNV report. To run the ACFRPTNV report, see the documentation about using sample JCL to execute reports. The following are the parameters for this report.
[CPUID(
****
|cpuidmask)]
Indicates that the report is limited to records written by the specified CPUs. Specify only one individual CPUID or CPUID mask. The default is all CPUs.
[DBLSPC|
NODBLSPC
]
Specifies double spacing of entries on the report. The default is no double spacing.
[HEADER]
Specifies the printing of a header line before each report line for a CA ACF2 main task message or reply (WTO or WTOR console communications). The header line supplies the date, time, console, CPU, and system identifiers for a message or reply. The default is for no listing of header lines only the listing of each CA ACF2 command and the listing of the text of any subsequent messages or replies. ACFRPTNV does not provide a NOHEADER parameter.
[TRACE]
Specifies the listing of all SMF records being written, including trace records written by the CA ACF2 main task. The default is for no report of trace records. ACFRPTNV does not provide a NOTRACE parameter.
Common Parameters
ACFRPTNV accepts the following parameters.
  • LINECNT
  • TITLE
  • SDATE
  • EDATE
  • STIME
  • ETIME
  • SELECT
  • SYSID
  • HEX
  • COND
  • TIME
Input and Output Files
Any number of SMF input files can be used-DISK, TAPE, or VSAM. However, concatenation of input files is not permitted.
Sort Sequence
The recommended sort sequence for the ACFRPTNV report is by CPU identification (major) and then time-stamp. Perform this sorting using your own routine or modify the prototype JCL provided with CA ACF2.
Sample Output
Here is an example of the report issued by ACFRPTNV. The heading *** SMF DATA LOST *** appears with extra lines of information only if an SMF Data Lost record (type 7) is encountered in the SMF data stream. This example does not show any data lost.
<acf> Security - ACFRPTNV - ENVIRONMENT REPORT - PAGE 1 DATE 10/02/06 (06.275) TIME 18.42 ENVIRONMENT EVENT LID DATE TIME CID CPU ACF2 SYSID ACF2 CMD RESULT CONSOLE NAME CONSOLE ID MVS SYSTEM IPL 06.275 10/02 17:49 XE59 ACF2 START 06.275 10/02 17:50 NONE XE59 OPERATOR INPUT INTERNAL 0 PARM='SYSID(XE41),NOBACKUP' MSG ='ACF79505 GSO INITIAL START IN PROGRESS FOR SYSTEM: XE41' MSG ='ACF79518 WARNING: NO RECORD(S) FOUND FOR GSO PDS' MSG ='ACF79518 WARNING: NO RECORD(S) FOUND FOR GSO RESDIR' MSG ='ACF79507 GSO PROCESSING COMPLETED WITHOUT ERROR' MSG ='ACF8A040 NO GSO RESDIR ENTRIES - NONE BUILT' MSG ='ACF8A032 NO GSO RESRULE ENTRIES - NONE LOADED' MSG ='ACF79400 TIME SHIFT MATRICES BUILT' MSG ='ACF79460 OPENEDITION MVS TABLE(S) BUILT' MSG ='ACF79467 LINUX USER AND GROUP TABLES BUILT' MSG ='ACF79426 MULTILEVEL SECURITY - NO DIRECTORY EXISTS FOR P(SEC)' MSG ='ACF79424 MULTILEVEL SECURITY - TABLE BUILDS FAILED' ACF2 START 06.275 10/02 17:50 NONE XE59 XE41 COMMAND SUCCESSFUL INTERNAL 0 PARM='SYSID(XE41),NOBACKUP' ACF2 MODIFY PACJA01 06.275 10/02 17:54 NONE XE59 XE59 MODIFY CMD UNDER TSO A59LO909 NONE PARM='REBUILD(USR),C(P)' MSG ='ACF8A036 DIRECTORY PUSR HAS BEEN REBUILT' ACF2 MODIFY PACJA01 06.275 10/02 17:54 NONE XE59 XE59 COMMAND SUCCESSFUL A59LO909 NONE PARM='REBUILD(USR),C(P)' ACF2 MODIFY REFRESH 06.275 10/02 17:54 NONE XE59 XE59 OPERATOR INPUT GRP900 1 PARM='REFRESH(OPTS)' MSG ='ACF79505 GSO REFRESH START IN PROGRESS FOR SYSTEM: XE59' MSG ='ACF79506 GSO REFRESHING OPTS' MSG ='ACF79507 GSO PROCESSING COMPLETED WITHOUT ERROR' ACF2 MODIFY REFRESH 06.275 10/02 17:54 NONE XE59 XE59 COMMAND SUCCESSFUL GRP900 1 PARM='REFRESH(OPTS)'
Field Descriptions
ACF2 CMD RESULT
Result of the CA ACF2 operator command issued. The printed message can be:
  • COMMAND SUCCESSFUL
  • COMMAND FAILED
  • INVALID PARMS
CID
Specifies the ID that originated the logged event.
CONSOLE NAME
Specifies the console name that originated the logged event.
CONSOLE ID
Specifies the extended console ID that originated the logged event.
CPU
Specifies the four-character ID of the CPU that journaled the SMF record.
ENVIRONMENT
Specifies the type of SMF or CA ACF2 record written along with any commands, parameters, or options specified. System SMF records are for system IPLs (SMF type 0) or for data lost (SMF type 7). CA ACF2 records are for type CA ACF2 starts (S ACF2), CA ACF2 modifications (F ACF2), or CA ACF2 stops (P ACF2).
LID
Specifies the logonid of the user that issued the ACF2 command. For commands issued from the console, the logonid specified when the console was logged on is shown in the report. For commands issued from a console that was never logged on, the LID field will show BYPASS.
DATE
Specifies the date when the SMF or CA ACF2 record was written. The date appears in both Julian date format and in the MM/DD format.
TIME
Specifies the time that the SMF record for the IPL was written. This time is in the HH:MM format.