/* REXX */ /* CLS2REXXed by FSOX001 on 22 Sep 2016 at 11:10:57 */ Signal On NoValue Call On Error Signal On Failure Signal On Syntax Parse source opsys . exec_name . /*********************************************************************/ /* 04/07/2004 JL Nelson Changed to Display No Finding text. */ /* 04/16/2004 JL Nelson Set up to test finding messages. */ /* 06/18/2004 JL Nelson Added Exit Code. */ /* 06/23/2004 JL Nelson Added code to check security system. */ /* 08/10/2004 JL Nelson Made parmlib a variable that can be passed. */ /* 08/27/2004 JL Nelson Split PROGxx APF/0040 and LNK/0350 PDIs. */ /* 08/27/2004 JL Nelson Added LPALST, all LPA libraries are APF. */ /* 09/22/2004 JL Nelson Added parameter to turn member error msg */ /* off. */ /* 02/11/2005 JL Nelson Changed constants to variables before */ /* rename */ /* 03/02/2005 JL Nelson ADDED code for AAMV0325 LPA libraries. */ /* 03/02/2005 JL Nelson ADDED code for COPY parmlib noreplace. */ /* 03/30/2005 JL Nelson Fixed LMMLIST return_code not being reset. */ /* 04/21/2005 JL Nelson Changed to use default PARMLIB. */ /* 06/03/2005 JL Nelson Changed STIG requirement to DISA */ /* recommendation. */ /* 06/03/2005 JL Nelson Suppress recommendation msgs for FSO */ /* auditors. */ /* 06/09/2005 JL Nelson Pass MAXCC in ZISPFRC variable. */ /* 06/15/2005 JL Nelson Reset return code to end job step. */ /* 03/03/2006 JL Nelson Made changes to avoid SUBSTR abend 920/932. */ /* 03/09/2006 JL Nelson Set/test RCode for every ISPEXEC command. */ /* 03/20/2006 JL Nelson Use NRSTR avoid abend 900 if ampersand in */ /* data. */ /* 05/09/2006 JL Nelson Added WRITE &LASTCC for debugging. */ /* 03/05/2007 CL Fenton Added process for logical parmlibs. */ /* 06/11/2007 C Stern Added code for AAMV0370 (SMF parms check). */ /* 06/11/2007 C Stern CNTL member is CACM0370. */ /* 10/30/2007 C Stern Added code for ZUSS0011. */ /* 03/05/2007 CL Fenton Chgd testing of vol on mulit input parms. */ /* 02/01/2008 C Stern Added code for ZUSS0012. */ /* 09/22/2009 CL Fenton Chgd ZUSS0011 and ZUSS0012 vars to CACM0408. */ /* Added AAMV0380 collection for analysis. */ /* 09/12/2011 CL Fenton Added collection for CONSOLxx members for */ /* ACP00291, CSD-AR002893724. */ /* 10/21/2016 CL Fenton Converted script from CLIST to REXX. */ /* 01/29/2021 CL Fenton Added automation for addition SMFPRMxx */ /* vuls, STS-025825, STS-025826, and STS-025827. */ /* 05/19/2021 CL Fenton Added automation for addition CLOCKxx */ /* vul, STS-026251. */ /* 04/21/2022 CL Fenton Added automation for addition IGDSMSxx */ /* vul, STS-028325. */ /* */ /* */ /* */ /* */ /*********************************************************************/ CONSLIST = "OFF" /* DEFAULT IS OFF */ COMLIST = "OFF" /* DEFAULT IS OFF */ SYMLIST = "OFF" /* DEFAULT IS OFF */ TERMMSGS = "OFF" /* DEFAULT IS OFF */ TESTMSG = "OFF" /* TEST messages = OFF|FINDING */ MBRMSG = "OFF" /* Member error messages = OFF|ON */ TYPERUN = "FSO" /* Run for SRRAUDIT|FSO */ CACC1000 = "CACC1000" /* Security check program */ CACM0408 = "CACM0008" /* SELECT EDIT APF/SYS/LNK/LPA */ CACM0409 = "CACM0009" /* SELECT EDIT IEALPA, IEAFIX */ CACM040A = "CACM000A" /* SELECT EDIT PDI */ CACM0410 = "CACM0010" /* SELECT EDIT PROG */ CACM0370 = "CACM0370" /* SELECT EDIT SMFPRM */ TEMP9DDN = "TEMP9" /* TEMP9 DDNAME */ PARMDSN = " " /* Default library */ NUCLDSN = "SYS1.NUCLEUS" /* Default library */ TRACE = "OFF" /* TRACE ACTIONS AND ERRORS */ pgmname = "CACC0003 04/21/22" sysprompt = "OFF" /* CONTROL NOPROMPT */ sysflush = "OFF" /* CONTROL NOFLUSH */ sysasis = "ON" /* CONTROL ASIS - caps off */ Numeric digits 10 /* default of 9 not enough */ maxcc = 0 Arg OPTION do until OPTION = "" parse var OPTION key"("val")" OPTION val = strip(val,"b","'") val = strip(val,"b",'"') optcmd = key '= "'val'"' interpret optcmd end return_code = 0 If trace = "ON" then do /* TURN messages on */ termmsgs = "ON" /* CONTROL MSG */ comlist = "ON" /* CONTROL LIST */ conslist = "ON" /* CONTROL CONLIST */ symlist = "ON" /* CONTROL SYMLIST */ end If CONSLIST = "ON" | COMLIST = "ON" | SYMLIST = "ON" | TRACE = "ON", then Trace ?r syssymlist = symlist /* CONTROL SYMLIST/NOSYMLIST */ sysconlist = conslist /* CONTROL CONLIST/NOCONLIST */ syslist = comlist /* CONTROL LIST/NOLIST */ sysmsg = termmsgs /* CONTROL MSG/NOMSG */ Address ISPEXEC "CONTROL NONDISPL ENTER" "CONTROL ERRORS RETURN" zispfrc = 0 "VPUT (ZISPFRC) SHARED" return_code = 0 "VPUT (CONSLIST COMLIST SYMLIST TERMMSGS MBRMSG TESTMSG CACM040A", "TYPERUN) ASIS" cc03vput = return_code If return_code <> 0 then do Say pgmname "VPUT RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end /************************************************/ /* SETUP PARMLIB MEMBER LIST TABLE */ /* ADDITIONAL PREFIXS CAN BE ADDED USING */ /* EXAMPLES OF XXXXXXYYYYYYYY+ */ /* WHERE: XXXXXX IS THE MEMBER PREFIX WITH */ /* TRAILING SPACES UPTO 6 POSITIONS */ /* YYYYYYYY IS THE PDI NUMBER WITH */ /* TRAILING SPACES UPTO 8 POSITIONS */ /************************************************/ member_list = "IEASYS AAMV0030 IEASYS ZUSS0011 IEAAPF AAMV0040", "PROG AAMV0040 LPALST AAMV0325 IEAFIX AAMV0325", "IEALPA AAMV0325 LNKLST AAMV0350 PROG AAMV0350", "SMFPRM AAMV0370 SMFPRM AAMV0371 SMFPRM AAMV0372", "SMFPRM AAMV0373 SMFPRM AAMV0380 BPXPRM ZUSS0012", "CONSOL ACP00291 CLOCK AAMV0070 IGDSMS ZSMS0032" /* Determine which security system is running */ return_code = 0 "SELECT CMD("cacc1000 "ACP)" /*******************************************/ /* INITIALIZE LIBRARY MANAGEMENT */ /*******************************************/ return_code = 0 "SELECT CMD("cacc1000 "PARM)" "VGET (PARM PARMVOL)" If parm = " " then do Say pgmname "No PARM list RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end "LMINIT DATAID(TEMP8) DDNAME(TEMP8)" lminit_temp8_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT TEMP8 RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end "LMOPEN DATAID("temp8") OPTION(OUTPUT)" lmopen_temp8_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN TEMP8 RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end "LMINIT DATAID(PDIDD) DDNAME(PDIDD)" lminit_pdidd_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT PDIDD RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end "LMINIT DATAID(TEMP9) DDNAME("temp9ddn")" lminit_temp9_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT TEMP9 RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end return_code = listdsi(temp9ddn "FILE") listdsi_temp9_rcode = return_code listdsi_temp9_reason = sysreason If sysreason = 0 then do temp9dsn = sysdsname listdsi_temp9_msglvl2 = sysmsglvl2 end Else do Say pgmname "Unable to determine TEMP9 DSNAME SYSREASON" sysreason Say pgmname sysmsglvl1 Say pgmname sysmsglvl2 return_code = sysreason SIGNAL ERR_EXIT end If parmdsn <> " " then do parm = parmdsn parmvol = "" Do X = 1 to 16 parmvol = parmvol" " end end /*******************************************/ /* OBTAIN VOLS FOR RES AND MCAT */ /*******************************************/ resdsn = "Not.Found" catdsn = "Not.Found" trap = outtrap("out.") Address TSO "LISTCAT ENTRIES('"nucldsn"')" If out.0 >= 2 then do If pos("LISTCAT ENTRIES",out.1) = 0 then do If length(out.1) > 17 then , resdsn = substr(out.1,17) If length(out.2) > 17 then , catdsn = substr(out.2,17) end Else do If length(out.2) > 17 then , resdsn = substr(out.2,17) If length(out.3) > 17 then , catdsn = substr(out.3,17) end end If nucldsn <> resdsn then , Say pgmname "NUCLDSN =" nucldsn "RESDSN =" resdsn resvol = "" If resdsn <> "Not.Found" then do lst = listdsi("'"resdsn"'") If sysreason = 0 then , resvol = sysvolume end catvol = "" If catdsn <> "Not.Found" then do lst = listdsi("'"catdsn"'") If sysreason = 0 | sysreason = 12 then , catvol = sysvolume end /*******************************************/ /* Load member_list table. */ /*******************************************/ cnt = 0 Do until member_list = "" cnt = cnt + 1 parse var member_list mbrpref.cnt pdiname.cnt member_list mbrpref.cnt = strip(mbrpref.cnt) pdiname.cnt = strip(pdiname.cnt) fndxx.cnt = "N" fnd00.cnt = "N" pdierror.cnt = "N" end v = 1 tparm = parm Do until tparm = "" parse var tparm parmdsn tparm pvol = substr(parmvol,v,6) v = v + 6 return_code = 0 If pvol = " " then , "LMINIT DATAID(PARMLIB) DATASET('"parmdsn"')" Else "LMINIT DATAID(PARMLIB) DATASET('"parmdsn"') VOLUME("pvol")" lminit_parmlib_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT PARMLIB RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end /*******************************************/ /* OPEN LIBRARY MANAGEMENT */ /*******************************************/ return_code = 0 "LMOPEN DATAID("parmlib") OPTION(INPUT)" lmopen_parmlib_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN PARMLIB RC =" return_code zerrsm return_code = return_code + 16 SIGNAL ERR_EXIT end mbrzfnd = "" /*******************************************/ /* LIST SYS1.PARMLIB */ /*******************************************/ Do i = 1 to cnt pdierror = 0 member = "" return_code = 0 "LMMLIST DATAID("parmlib") OPTION(LIST) MEMBER(MEMBER)", "STATS(NO) PATTERN("mbrpref.i"%%)" lmmlist_parmlib_rc = return_code If testmsg = "FINDING" then , return_code = 8 /* test error conditions */ If return_code = 4 then do Say pgmname "LMMLIST RC =" return_code "PREFIX =" mbrpref.i iterate end Do while return_code = 0 If mbrmsg = "ON" then, Say pgmname "LMMLIST RC =" return_code "MEMBER =" member member = strip(member) If right(member,2) = 00 then , fnd00.i = "Y" else , fndxx.i = "Y" return_code = 0 "LMCOPY FROMID("parmlib") FROMMEM("member") TODATAID("temp9")", "TOMEM("member") REPLACE" lmcopy_parmlib_rc = return_code If return_code <> 0 then do Say pgmname "LMCOPY" member "RC =" return_code zerrsm Say pgmname "FROM" parmdsn "TO" temp9dsn end Select When mbrpref.i = "IEAAPF" | , mbrpref.i = "IEASYS" | , mbrpref.i = "LNKLST" | , mbrpref.i = "LPALST" | , mbrpref.i = "BPXPRM" | , mbrpref.i = "CLOCK" | , mbrpref.i = "IGDSMS" | , mbrpref.i = "CONSOL" then macro = cacm0408 When mbrpref.i = "IEAFIX" | , mbrpref.i = "IEALPA" then macro = cacm0409 When mbrpref.i = "PROG" then macro = cacm0410 When mbrpref.i = "SMFPRM" then macro = cacm0370 Otherwise do Say pgmname "Invalid PREFIX" mbrpref.i "not found from table." iterate end end mbrpref = mbrpref.i pdiname = pdiname.i "VPUT (TEMP8 MBRPREF MBRZFND PARMDSN PDIDD PDINAME", "MEMBER PDIERROR RESVOL CATVOL) ASIS" return_code = 0 "EDIT DATAID("temp9") MACRO("macro") MEMBER("member")" If return_code > 4 then Say pgmname "EDIT_TEMP9_RC =" return_code "MEMBER =", member zerrsm "VGET (PDIERROR) ASIS" If pdierror <> 0 then , pdierror.i = "Y" return_code = 0 "LMMLIST DATAID("parmlib") OPTION(LIST) MEMBER(MEMBER)", "STATS(NO) PATTERN("mbrpref.i"%%)" end "LMMLIST DATAID("parmlib") OPTION(FREE)" return_code = 0 end return_code = 0 "LMFREE DATAID("parmlib")" lmfree_parmlib_rc = return_code end return_code = 0 pdi_name = "" Do i = 1 to cnt member = "" ac = "" If mbrpref.i = 999999 then leave index Say pgmname "PREFIX =" left(mbrpref.i,6) "FNDXX =" fndxx.i "FND00 =", fnd00.i "PDI ERROR =" pdierror.i "for Vulnerability" pdiname.i"." If pdi_name <> pdiname.i then do pdi_name = pdiname.i pdi_rc = pdierror.i end Else If pdierror.i = "Y" then , pdi_rc = pdierror.i mbrzfnd = "Member does not exist" If fnd00.i = "Y" then , mbrzfnd = "Member found" If pdiname.i = "AAMV0030" then , If pdi_rc = "Y" then , ac = "DISA recommendation: LNKAUTH=APFTAB should be specified", "in the IEASYSxx member concatenation." Else ac = "The LNKAUTH=APFTAB option was found in the IEASYSxx", "member concatenation." If pdiname.i = "AAMV0040" & mbrpref.i = "PROG" then , If pdi_rc = "Y" then , ac = "DISA recommendation: All APF-authorized libraries should", "be accessible by the system." Else ac = "All APF-authorized libraries were found to be accessible", "by the system." If pdiname.i = "AAMV0325" & mbrpref.i = "IEALPA" then , If pdi_rc = "Y" then , ac = "DISA recommendation: All LPA libraries should be", "accessible by the system." Else ac = "All LPA libraries were found to be accessible by the", "system." If pdiname.i = "AAMV0350" & mbrpref.i = "PROG" then , If pdi_rc = "Y" then , ac = "DISA recommendation: All LINKLIST libraries should be", "accessible by the system." Else ac = "All LINKLIST libraries were found to be accessible by", "the system." If left(pdiname.i,7) = "AAMV037" & mbrpref.i = "SMFPRM" then , If pdi_rc = "Y" then , ac = "DISA recommendation: Ensure SMF recording options are", "correctly specified." Else ac = "All SMFPRM members have the SMF recording options", "correctly specified." If pdiname.i = "ZUSS0011" & mbrpref.i = "IEASYS" then , If pdi_rc = "Y" then , ac = "DISA recommendation: Ensure OMVS parameter option is", "correctly specified." Else ac = "OMVS parameter option is correctly specified." If pdiname.i = "ZUSS0012" & mbrpref.i = "BPXPRM" then , If pdi_rc = "Y" then , ac = "DISA recommendation: Ensure BPXPRMxx parameter(s) is", "(are) correctly specified.)" Else ac = "BPXPRMxx parameter(s) is (are) correctly specified.)" If typerun <> "SRRAUDIT" then, ac = " " pdiname = pdiname.i mbrpref = mbrpref.i "VPUT (MEMBER PDINAME MBRPREF MBRZFND AC) ASIS" If pdiname.i > " " then do return_code = 0 "EDIT DATAID("pdidd") MACRO("cacm040a") MEMBER("pdiname.i")" If return_code > 4 then , Say pgmname "EDIT PDI" pdiname "RC =" return_code zerrsm end return_code = 0 end /*******************************************/ /* RELEASE IEASYS00 */ /*******************************************/ return_code = 0 "LMCOMP DATAID("pdidd")" lmcomp_pdidd_rc = return_code return_code = 0 "LMFREE DATAID("pdidd")" lmfree_pdidd_rc = return_code return_code = 0 "LMFREE DATAID("temp8")" lmfree_temp8_rc = return_code return_code = 0 "LMFREE DATAID("temp9")" lmfree_temp9_rc = return_code return_code = 0 /*******************************************/ /* ERROR EXIT */ /*******************************************/ ERR_EXIT: If maxcc >= 16 | return_code > 0 then do "VGET (ZISPFRC) SHARED" If maxcc > zispfrc then zispfrc = maxcc Else zispfrc = return_code "VPUT (ZISPFRC) SHARED" Say pgmname "ZISPFRC =" zispfrc end If termmsgs = "ON" then do Say "===============================================================" Say pgmname "LMINIT_PARMLIB_RC "lminit_parmlib_rc Say pgmname "LMINIT_PDIDD_RC "lminit_pdidd_rc Say pgmname "LMINIT_TEMP8_RC "lminit_temp8_rc Say pgmname "LMINIT_TEMP9_RC "lminit_temp9_rc Say pgmname "LMOPEN_PARMLIB_RC "lmopen_parmlib_rc Say pgmname "LMOPEN_TEMP8_RC "lmopen_temp8_rc Say pgmname "LMMLIST_PARMLIB_RC "lmmlist_parmlib_rc Say pgmname "LMCOPY_PARMLIB_RC "lmcopy_parmlib_rc Say pgmname "LMCOMP_PDIDD_RC "lmcomp_pdidd_rc Say pgmname "LMFREE_PDIDD_RC "lmfree_pdidd_rc Say pgmname "LMFREE_PARMLIB_RC "lmfree_parmlib_rc Say pgmname "LMFREE_TEMP8_RC "lmfree_temp8_rc Say pgmname "LMFREE_TEMP9_RC "lmfree_temp9_rc Say "===============================================================" end /* do - end */ Exit 0 NoValue: Failure: Syntax: say pgmname 'REXX error' rc 'in line' sigl':' strip(ERRORTEXT(rc)) say SOURCELINE(sigl) SIGNAL ERR_EXIT Error: return_code = RC if RC > 4 & RC <> 8 then do say pgmname "LASTCC =" RC strip(zerrlm) say pgmname 'REXX error' rc 'in line' sigl':' ERRORTEXT(rc) say SOURCELINE(sigl) end if return_code > maxcc then maxcc = return_code return