ISREDIT MACRO /* CARM0526 VIEW DSMON(RACSPT) */ /* 01/06/2006 JL.NELSON Created to write out global FINDINGS /* 01/06/2006 JL.NELSON Wrote code for RACF0660 /* 10/13/2009 CL.FENTON Changed list of trusted STC users. /* 03/15/2011 CL.FENTON Added GSKSRVR to list of trusted STC users. /* 09/12/2011 CL.FENTON Added analysis for Zxxx0032 PDIs, CSD-AR002893724. /* And minor changes in output format. /* 04/26/2012 CL.FENTON Corrected possible error of STC mbr and Userid /* not matching and using ** resource default. Problem /* found when making corrections for CSD-AR003392779. /* 01/02/2013 CL.FENTON Corrected 588 error by processing to "(ICHRIN03):" /* instead of the last line, STS-001483. /* 04/11/2016 CL.FENTON Removed APPC started tasks from trusted started /* task list and added ACF2, ACFBKUP, TSS, TSSB, TSSBKUP, and /* TSSRESTN, STS-013764. /* 02/05/2018 CL.FENTON Added CEA as trusted started task for RACF0660, /* STS-019223. SET PGMNAME = &STR(CARM0526 02/05/18) NGLOBAL PGMNAME RETURN_CODE PDIID PDIMBR ZERRSM TABLEID SET SYSPROMPT = OFF /* CONTROL NOPROMPT */ SET SYSFLUSH = OFF /* CONTROL NOFLUSH */ SET SYSASIS = ON /* CONTROL ASIS - caps off */ /* ERROR ROUTINE */ ERROR DO SET RETURN_CODE = &LASTCC /* SAVE LAST ERROR CODE */ IF &LASTCC GE 16 THEN + WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM RETURN END /* *************************************** */ /* VARIABLES ARE PASSED TO THIS MACRO */ /* CONSLIST */ /* COMLIST */ /* SYMLIST */ /* TERMMSGS */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC VGET ( + CONSLIST + COMLIST + SYMLIST + TERMMSGS + TABLEID + PDIID + PDIMBR + TYPERUN + ) ASIS SET RM526VG = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VGET RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST + TERMMSGS/&TERMMSGS WRITE &PGMNAME PDIID/&PDIID PDIMBR/&PDIMBR + TYPERUN/&TYPERUN SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* TURN ON MESSAGES */ /* *************************************** */ SET SYSSYMLIST = &SYMLIST /* CONTROL SYMLIST/NOSYMLIST */ SET SYSCONLIST = &CONSLIST /* CONTROL CONLIST/NOCONLIST */ SET SYSLIST = &COMLIST /* CONTROL LIST/NOLIST */ SET SYSMSG = &TERMMSGS /* CONTROL MSG/NOMSG */ ISREDIT (DSMONMBR) = MEMBER ISREDIT (DSNAME) = DATASET ISREDIT (LASTLINE) = LINENUM .ZLAST ISREDIT FIND "(ICHRIN03):" IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME FIND (ICHRIN03): &RETURN_CODE GOTO END_EXIT END ISREDIT (LASTLINE) = CURSOR SET BLANK = &STR( ) SET LP = &STR(( SET RP = ) IF &PDIMBR NE RACF0660 THEN GOTO END_EXIT SET RACF0660 = 0 SET RETURN_CODE = 0 SET CNT = 0 ISREDIT CURSOR = 1 0 ISREDIT FIND ' TRUSTED ' IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME FIND TRUSTED RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISREDIT (CURLINE) = LINENUM .ZCSR /* *************************************** */ /* READ LOOP */ /* *************************************** */ NEXT_PROFILE: + SET RETURN_CODE = 0 SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO END_PROFILE ISREDIT (DATA) = LINE &CURLINE IF &STR(YES) NE &SUBSTR(61:63,&NRSTR(&DATA)) THEN + GOTO NEXT_PROFILE SET PROFILE = &SUBSTR(02:23,&NRSTR(&DATA)) SET USER = &SUBSTR(25:32,&NRSTR(&DATA)) SET GROUP = &SUBSTR(37:44,&NRSTR(&DATA)) SET TRUSTED = &SUBSTR(61:63,&NRSTR(&DATA)) SET CNT = &CNT + 1 SET STC&CNT = &STR(&PROFILE USER&LP.&USER.&RP GROUP&LP.&GROUP.&RP + TRUSTED&LP.&TRUSTED.&RP ) SET STCNAME = &STR( ) IF &SYSINDEX(&STR(=),&STR(&USER)) EQ 0 THEN DO SET X = &SYSINDEX(&STR( ),&STR(&USER )) IF &X-1 GT 1 THEN + SET STCNAME = &SUBSTR(1:&X-1,&STR(&USER)) END ELSE DO SET X = &SYSINDEX(&STR(.),&NRSTR(&PROFILE)) IF &X EQ 0 THEN + SET X = &SYSINDEX(&STR(*),&NRSTR(&PROFILE)) IF &X EQ 0 THEN + SET X = &SYSINDEX(&STR( ),&NRSTR(&PROFILE)) IF &X-1 GT 1 THEN + SET STCNAME = &SUBSTR(1:&X-1,&STR(&PROFILE)) END SELECT &STR(&STCNAME) WHEN (ACFBKUP) GOTO NEXT_PROFILE WHEN (ACF2) GOTO NEXT_PROFILE /* WHEN (APPC) GOTO NEXT_PROFILE WHEN (APSWPROA) GOTO NEXT_PROFILE WHEN (APSWPROB) GOTO NEXT_PROFILE WHEN (APSWPROC) GOTO NEXT_PROFILE WHEN (APSWPROM) GOTO NEXT_PROFILE WHEN (APSWPROT) GOTO NEXT_PROFILE WHEN (CATALOG) GOTO NEXT_PROFILE WHEN (CEA) GOTO NEXT_PROFILE WHEN (CONSOLE) GOTO NEXT_PROFILE WHEN (DFHSM) GOTO NEXT_PROFILE WHEN (DFSMSHSM) GOTO NEXT_PROFILE WHEN (DFS) GOTO NEXT_PROFILE WHEN (DUMPSRV) GOTO NEXT_PROFILE WHEN (GPMSERVE) GOTO NEXT_PROFILE WHEN (GSKSRVR) GOTO NEXT_PROFILE WHEN (IEEVMPCR) GOTO NEXT_PROFILE WHEN (IOSAS) GOTO NEXT_PROFILE WHEN (IXGLOGR) GOTO NEXT_PROFILE WHEN (JESXCF) GOTO NEXT_PROFILE WHEN (JES2) GOTO NEXT_PROFILE WHEN (JES3) GOTO NEXT_PROFILE WHEN (LLA) GOTO NEXT_PROFILE WHEN (NFS) GOTO NEXT_PROFILE WHEN (OMVS) GOTO NEXT_PROFILE WHEN (OMVSKERN) GOTO NEXT_PROFILE WHEN (RACF) GOTO NEXT_PROFILE WHEN (RMF) GOTO NEXT_PROFILE WHEN (RMFGAT) GOTO NEXT_PROFILE WHEN (SMF) GOTO NEXT_PROFILE WHEN (SMS) GOTO NEXT_PROFILE WHEN (SMSRESTN) GOTO NEXT_PROFILE WHEN (SMSRESTR) GOTO NEXT_PROFILE WHEN (SMSVSAM) GOTO NEXT_PROFILE WHEN (TCPIP) GOTO NEXT_PROFILE WHEN (TSS) GOTO NEXT_PROFILE WHEN (TSSB) GOTO NEXT_PROFILE WHEN (TSSBKUP) GOTO NEXT_PROFILE WHEN (TSSRESTN) GOTO NEXT_PROFILE WHEN (VLF) GOTO NEXT_PROFILE WHEN (VTAM) GOTO NEXT_PROFILE WHEN (XCFAS) GOTO NEXT_PROFILE WHEN (ZFS) GOTO NEXT_PROFILE END IF &RACF0660 EQ 0 THEN DO SET AC = &STR(The following started task&LP.s&RP defined as + trusted is &LP.are&RP not justified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SET RACF0660 = &RACF0660 + 1 SET STC0 = &&STC&CNT SET AC = &STR( &STC0 ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO NEXT_PROFILE END_PROFILE: + SET RETURN_CODE = 0 IF &RACF0660 EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) IF &CNT EQ 0 THEN DO SET AC = &STR(No TRUSTED entries in the STARTED PROCEDURES TABLE + were found.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO DO I = 1 TO &CNT SET STC0 = &&STC&I SET AC = &STR( &STC0 ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All TRUSTED entries in the STARTED PROCEDURES TABLE + are approved.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that only trusted STCs + have the TRUSTED flag enabled.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER /* *************************************** */ /* END of program */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC LMMFIND DATAID(&TABLEID) MEMBER(CACTSTCS) IF &RETURN_CODE GT 0 THEN DO WRITE &PGMNAME LMMFIND TABLE CACTSTCS &RETURN_CODE GOTO END_EXIT END ISREDIT FIND ' TRUSTED ' FIRST ISREDIT (STRLINE) = LINENUM .ZCSR SET STRLINE = &STRLINE + 2 ISREDIT FIND "(ICHRIN03):" IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME FIND (ICHRIN03): &RETURN_CODE GOTO END_EXIT END ISREDIT (LASTLINE) = CURSOR SET PDIMBR = SET LIST = SET ERR = 0 PROCESS_STC_LIST: + SET RETURN_CODE = 0 ISPEXEC LMGET DATAID(&TABLEID) MODE(INVAR) DATALOC(TREC) + MAXLEN(80) DATALEN(LRECL) IF &RETURN_CODE GT 0 THEN DO IF &ERR EQ 0 AND + &STR(&PDIMBR) NE &STR( ) THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) DO X = 1 TO &LENGTH(&LIST) SET Y = &SYSINDEX(&STR(@),&LIST,&X) SET AC = &SUBSTR(&X:&Y-1,&LIST) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET X = &Y END END SET LIST = SYSCALL ADD_MEMBER GOTO END_EXIT END SET PDIM = &SUBSTR(1:8,&NRSTR(&TREC)) IF &PDIM NE &PDIMBR THEN DO IF &ERR EQ 0 AND + &STR(&PDIMBR) NE &STR( ) THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) DO X = 1 TO &LENGTH(&LIST) SET Y = &SYSINDEX(&STR(@),&LIST,&X) SET AC = &SUBSTR(&X:&Y-1,&LIST) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET X = &Y END END SET LIST = SYSCALL ADD_MEMBER SET PDIMBR EQ &PDIM SET ERR = 0 END SET STCMBR = &SUBSTR(9:16,&NRSTR(&TREC)) SET X = &SYSINDEX(&STR( ),&NRSTR(&STCMBR )) - 1 SET STCMBR = &SUBSTR(1:&X,&NRSTR(&STCMBR)) SET USERID = &SUBSTR(17:24,&NRSTR(&TREC)) SET X = &SYSINDEX(&STR( ),&NRSTR(&USERID )) - 1 SET USERID = &SUBSTR(1:&X,&NRSTR(&USERID)) SET FOUND = DO CURLINE = &STRLINE TO &LASTLINE ISREDIT (DATA) = LINE &CURLINE SET PROFILE = &SUBSTR(02:23,&NRSTR(&DATA)) SET USER = &SUBSTR(25:32,&NRSTR(&DATA)) IF &SYSINDEX(&STR(&STCMBR..),&NRSTR(&PROFILE)) EQ 1 THEN + IF &NRSTR(&USERID) EQ &NRSTR(&USER) OR + (&NRSTR(&USER) EQ &STR(=MEMBER) AND + &NRSTR(&STCMBR) EQ &NRSTR(&USERID) ) THEN DO SET FOUND = X SET CURLINE = &LASTLINE END ELSE ELSE + IF &SUBSTR(1,&NRSTR(&PROFILE)) EQ &STR(*) AND + &NRSTR(&USER) EQ &STR(=MEMBER) AND + &NRSTR(&STCMBR) EQ &NRSTR(&USERID) THEN DO SET X = &SYSINDEX(&STR( ),&NRSTR(&PROFILE )) - 1 SET PROFILE = &SUBSTR(1:&X,&NRSTR(&PROFILE)) SET X = &SYSINDEX(&STR( ),&NRSTR(&USER )) - 1 SET USER = &SUBSTR(1:&X,&NRSTR(&USER)) WRITE &PGMNAME Started Task &STCMBR for user &USERID is + using the default of &PROFILE with user of &USER.. SET FOUND = X SET CURLINE = &LASTLINE END ELSE DO SET FOUND = X DO X = 1 TO 8 IF &SUBSTR(&X,&NRSTR(&PROFILE)) NE + &SUBSTR(&X,&NRSTR(&STCMBR )) THEN DO SET FOUND = SET X = 8 END END IF &FOUND EQ &STR(X) AND + &NRSTR(&USERID) EQ &NRSTR(&USER) THEN + SET CURLINE = &LASTLINE ELSE + SET FOUND = END END IF &STR(&FOUND) EQ &STR( ) THEN DO IF &ERR EQ 0 THEN DO SET AC = &STR(The Product started task(s) is(are) improperly + defined to the started resource class:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SET AC = &STR( &STCMBR for user &USERID..) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET ERR = &ERR + 1 END SET LIST = &LIST&STR(Found &STCMBR for user &USERID..@) GOTO PROCESS_STC_LIST END_EXIT: + SET RETURN_CODE = 0 ERR_EXIT: + IF &MAXCC GE 16 OR + &RETURN_CODE GT 0 THEN DO ISPEXEC VGET (ZISPFRC) SHARED IF &MAXCC GT &ZISPFRC THEN + SET ZISPFRC = &MAXCC ELSE + SET ZISPFRC = &RETURN_CODE ISPEXEC VPUT (ZISPFRC) SHARED WRITE &PGMNAME ZISPFRC = &ZISPFRC END SET RM526RC = &RETURN_CODE ISPEXEC VPUT ( + RM526VG + RM526RC + ) ASIS ISREDIT END EXIT CODE(0) ISREDIT MEND /* *************************************** */ /* SYSCALL SUBROUTINES */ /* *************************************** */ ADD_MEMBER: PROC 0 IF &NRSTR(&PDIMBR) EQ &STR( ) THEN + RETURN CODE(0) SET ZEDSMSG = FINISHED SET ZEDLMSG = &STR(Finished processing &PDIMBR.) ISPEXEC LOG MSG(ISRZ000) SET RETURN_CODE = 0 ISPEXEC LMMADD DATAID(&PDIID) MEMBER(&PDIMBR) IF &RETURN_CODE EQ 4 THEN DO /* MEMBER ALREADY EXISTS SET RETURN_CODE = 0 ISPEXEC LMMREP DATAID(&PDIID) MEMBER(&PDIMBR) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMMREP_PDI_RCODE = &RETURN_CODE &PDIMBR &ZERRSM END END ELSE DO IF &RETURN_CODE NE 0 THEN + WRITE &PGMNAME LMMADD_PDI_RCODE = &RETURN_CODE &PDIMBR &ZERRSM END END