PROC 0 - CONSLIST(OFF) /* DEFAULT IS OFF */ - COMLIST(OFF) /* DEFAULT IS OFF */ - SYMLIST(OFF) /* DEFAULT IS OFF */ - TERMMSGS(OFF) /* DEFAULT IS OFF */ - TYPERUN(FSO) /* Run for SRRAUDIT | FSO */ - CACC1000(CACC1000) /* SELECT SECURITY CHECK PGM*/ - CARC1000(CARC1000) /* OBTAIN GROUP RES CLS */ - CARM0524(CARM0524) /* EDIT MACRO DSMON RACCDT */ - CARM0525(CARM0525) /* EDIT MACRO TEMP9 */ - CARM0526(CARM0526) /* EDIT MACRO DSMON RACSPT */ - PDIDDN(PDIDD) /* PDI DDNAME IN JCL */ - TABLEDDN(TABLE) /* TABLE DDNAME IN JCL */ - DSMONDDN(DSMON) /* DSMON DDNAME IN JCL */ - TEMP9DDN(TEMP9) /* RACF SETROPTS REPORT DDNAME */ - TRACE(OFF) /* TRACE ACTIONS AND ERRORS */ /* 12/19/2005 JL Nelson Created to check RACF global setting STIG 5.1. /* 12/21/2005 JL Nelson Added TEMP9 for new PDIs. /* 01/06/2006 JL Nelson Added code for RACF0660 check. /* 02/28/2009 CL Fenton Chgs made to obtain Group Resource classes. /* 09/12/2011 CL Fenton Chgs to add TABLE for additional analysis. /* 07/01/2021 CL Fenton Chgs to remove automation for RACF0260, /* STS-026846. SET PGMNAME = &STR(CARC0524 07/01/21) SET SYSPROMPT = OFF /* CONTROL NOPROMPT */ SET SYSFLUSH = OFF /* CONTROL NOFLUSH */ SET SYSASIS = ON /* CONTROL ASIS - caps off */ /* ERROR ROUTINE */ ERROR DO SET RETURN_CODE = &LASTCC /* SAVE LAST ERROR CODE */ IF &LASTCC GT 16 THEN + WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM RETURN END IF &TRACE = ON THEN DO /* TURN messages on */ SET TERMMSGS = ON /* CONTROL MSG */ SET COMLIST = ON /* CONTROL LIST */ SET CONSLIST = ON /* CONTROL CONLIST */ SET SYMLIST = ON /* CONTROL SYMLIST */ END SET SYSSYMLIST = &SYMLIST /* CONTROL SYMLIST/NOSYMLIST */ SET SYSCONLIST = &CONSLIST /* CONTROL CONLIST/NOCONLIST */ SET SYSLIST = &COMLIST /* CONTROL LIST/NOLIST */ SET SYSMSG = &TERMMSGS /* CONTROL MSG/NOMSG */ SET ZISPFRC = 0 ISPEXEC VPUT (ZISPFRC) SHARED SET RETURN_CODE = 0 ISPEXEC VPUT ( + CONSLIST + COMLIST + SYMLIST + TERMMSGS + TYPERUN + CARM0524 + CARM0525 + ) ASIS SET RC524VP = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VPUT RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* Determine which security system is running */ SET RETURN_CODE = 0 ISPEXEC SELECT CMD(&CACC1000 ACP) ISPEXEC VGET ( + ACPNAME + ACPVERS + ) ASIS IF &STR(&ACPNAME) NE &STR(RACF) THEN DO WRITE &PGMNAME RACF Job running on the wrong system WRITE &PGMNAME &ACPNAME &ACPVERS SET RETURN_CODE = 20 GOTO ERR_EXIT END ISPEXEC SELECT CMD(&CARC1000) /* *************************************** */ /* INITIALIZE LIBRARY MANAGEMENT */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC LMINIT DATAID(PDIID) DDNAME(&PDIDDN) SET LMINIT_PDI_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT PDI RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMINIT DATAID(TABLEID) DDNAME(&TABLEDDN) SET LMINIT_TABLE_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT TABLE RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMINIT DATAID(DSMONID) DDNAME(&DSMONDDN) SET LMINIT_DSMON_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT DSMON RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMINIT DATAID(TEMP9ID) DDNAME(&TEMP9DDN) SET LMINIT_TEMP9_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT TEMP9 RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END LISTDSI &PDIDDN FILE SET LISTDSI_FILE_RCODE = &RETURN_CODE SET LISTDSI_FILE_REASON = &SYSREASON IF &SYSREASON EQ 0 THEN DO SET ODSNAME = &SYSDSNAME SET LISTDSI_FILE_MSGLVL2 = &STR(&SYSMSGLVL2) END ELSE DO WRITE &PGMNAME Unable to determine PDI DSNAME SYSREASON &SYSREASON WRITE &PGMNAME &STR(&SYSMSGLVL1) WRITE &PGMNAME &STR(&SYSMSGLVL2) END /* *************************************** */ /* OPEN DATASETS */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC LMOPEN DATAID(&PDIID) OPTION(OUTPUT) SET LMOPEN_PDI_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMOPEN PDI RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMOPEN DATAID(&TABLEID) OPTION(INPUT) SET LMOPEN_PDI_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMOPEN TABLE RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMOPEN DATAID(&DSMONID) OPTION(INPUT) SET LMOPEN_DSMON_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMOPEN DSMON RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* VIEW RACF DSMON CLASS DESCRIPTOR TABLE */ /* *************************************** */ SET PDIMBR = RACF0244 SET DSMONMBR = RACCDT SET RETURN_CODE = 0 ISPEXEC LMMFIND DATAID(&DSMONID) MEMBER(&DSMONMBR) IF &RETURN_CODE EQ 0 THEN DO /* *************************************** */ /* PUT VARS IN POOL */ /* *************************************** */ ISPEXEC VPUT ( + PDIID + TABLEID + PDIMBR + ) ASIS SET RETURN_CODE = 0 ISPEXEC VIEW DATAID(&DSMONID) MACRO(&CARM0524) MEMBER(&DSMONMBR) IF &RETURN_CODE GT 4 THEN DO WRITE &PGMNAME VIEW_DSMON_RC = &RETURN_CODE + MEMBER &DSMONMBR for &PDIMBR &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END END ELSE DO WRITE &PGMNAME LMMFIND DSMON RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME MEMBER = &DSMONMBR SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* Start RACF 270, 310, 320 ISPEXEC VPUT ( + PDIID + PDIMBR + DSMONID + DSMONMBR + ) ASIS SET RETURN_CODE = 0 ISPEXEC VIEW DATAID(&TEMP9ID) MACRO(&CARM0525) IF &RETURN_CODE GT 4 THEN DO WRITE &PGMNAME VIEW_TEMP9_RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* **************************************** */ /* VIEW RACF DSMON STARTED PROCEDURES TABLE */ /* **************************************** */ SET PDIMBR = RACF0660 SET DSMONMBR = RACSPT SET RETURN_CODE = 0 ISPEXEC LMMFIND DATAID(&DSMONID) MEMBER(&DSMONMBR) IF &RETURN_CODE EQ 0 THEN DO /* *************************************** */ /* PUT VARS IN POOL */ /* *************************************** */ ISPEXEC VPUT ( + PDIID + TABLEID + PDIMBR + ) ASIS SET RETURN_CODE = 0 ISPEXEC VIEW DATAID(&DSMONID) MACRO(&CARM0526) MEMBER(&DSMONMBR) IF &RETURN_CODE GT 4 THEN DO WRITE &PGMNAME VIEW_DSMON_RC = &RETURN_CODE + MEMBER &DSMONMBR for &PDIMBR &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END END ELSE DO WRITE &PGMNAME LMMFIND DSMON RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME MEMBER = &DSMONMBR SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* CLOSE FILES */ /* *************************************** */ END_EXIT: + SET RETURN_CODE = 0 ISPEXEC LMCLOSE DATAID(&PDIID) SET LMCLOSE_PDI_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMCLOSE DATAID(&TABLEID) SET LMCLOSE_TABLE_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMCLOSE DATAID(&DSMONID) SET LMCLOSE_DSMON_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMCOMP DATAID(&PDIID) SET LMCOMP_PDI_RC = &RETURN_CODE /* *************************************** */ /* FREE FILES */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&DSMONID) SET LMFREE_DSMON_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&PDIID) SET LMFREE_PDI_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&TABLEID) SET LMFREE_TABLE_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&TEMP9ID) SET LMFREE_TEMP9_RC = &RETURN_CODE SET RETURN_CODE = 0 /* *************************************** */ /* ERROR EXIT */ /* *************************************** */ ERR_EXIT: + IF &MAXCC GE 16 OR + &RETURN_CODE GT 0 THEN DO ISPEXEC VGET (ZISPFRC) SHARED IF &MAXCC GT &ZISPFRC THEN + SET ZISPFRC = &MAXCC ELSE + SET ZISPFRC = &RETURN_CODE ISPEXEC VPUT (ZISPFRC) SHARED WRITE &PGMNAME ZISPFRC = &ZISPFRC END ISPEXEC VGET ( + RM524RC + RM524VG + RM526RC + RM526VG + ) ASIS IF &NRSTR(&TERMMSGS) EQ ON THEN DO /* TURN TRACE ON */ WRITE =============================================================== WRITE &PGMNAME LMINIT_PDI_RC &LMINIT_PDI_RC WRITE &PGMNAME LMOPEN_PDI_RC &LMOPEN_PDI_RC WRITE =============================================================== WRITE &PGMNAME LMINIT_TABLE_RC &LMINIT_TABLE_RC WRITE &PGMNAME LMOPEN_TABLE_RC &LMOPEN_TABLE_RC WRITE =============================================================== WRITE &PGMNAME LMINIT_DSMON_RC &LMINIT_DSMON_RC WRITE &PGMNAME LMOPEN_DSMON_RC &LMOPEN_DSMON_RC WRITE =============================================================== WRITE &PGMNAME LMINIT_TEMP9_RC &LMINIT_TEMP9_RC WRITE =============================================================== WRITE &PGMNAME &CARM0524 VGET &RM524VG WRITE &PGMNAME &CARM0524 RC &RM524RC WRITE &PGMNAME &CARM0526 VGET &RM526VG WRITE &PGMNAME &CARM0526 RC &RM526RC WRITE =============================================================== WRITE &PGMNAME LMCLOSE_PDI_RC &LMCLOSE_PDI_RC WRITE &PGMNAME LMCOMP_PDI_RC &LMCOMP_PDI_RC WRITE &PGMNAME LMFREE_PDI_RC &LMFREE_PDI_RC WRITE &PGMNAME LMCLOSE_TABLE_RC &LMCLOSE_TABLE_RC WRITE &PGMNAME LMFREE_TABLE_RC &LMFREE_TABLE_RC WRITE &PGMNAME LMCLOSE_DSMON_RC &LMCLOSE_DSMON_RC WRITE &PGMNAME LMFREE_DSMON_RC &LMFREE_DSMON_RC WRITE &PGMNAME LMFREE_TEMP9_RC &LMFREE_TEMP9_RC END EXIT CODE(0)