ISREDIT MACRO /* CATM0409 EDIT TEMP9 */ /* 04/19/2004 JL.Nelson CHANGED TO DISPLAY NO FINDING TEXT /* 04/20/2004 JL.Nelson Modified to display DISA standard /* 06/17/2004 JL.NELSON ADDED EXIT CODE /* 07/15/2004 JL.Nelson Changed DISA Standard to STIG requirement /* 12/15/2004 JL.Nelson Changed TSS0620, TSS0650, STIG incorrect /* 01/05/2005 JL.Nelson Changed TSS0275 CANCEL will not be specified. /* 02/09/2005 JL.NELSON Changed constants to variables before rename /* 04/13/2005 JL.NELSON Changed AUTOERASE and DIAGTRAP per Charles /* 04/27/2005 JL.NELSON Delete obsolete PDIs per Charles Fenton /* 04/27/2005 JL.NELSON Delete TSS0290, TSS0300, TSS0340, TSS0370 /* 04/27/2005 JL.NELSON Delete TSS0385, TSS0510, TSS0520 /* 06/08/2005 JL.NELSON Pass MAXCC in ZISPFRC variable /* 06/14/2005 JL.NELSON Added LOGBUF to numeric check /* 06/15/2005 JL.NELSON Set return code to end job step /* 03/15/2006 JL.NELSON Made changes to avoid SUBSTR abend 920/932. /* 03/16/2006 JL.NELSON Set/test RCode for every ISPEXEC command. /* 03/21/2006 JL.NELSON Use NRSTR avoid abend 900 if ampersand in data. /* 03/30/2006 JL.NELSON Test for empty member LINENUM Rcode = 4. /* 09/27/2006 CL.FENTON Modified ZUSST050 and added ZUSST052. /* 07/09/2007 CL.FENTON Removed requirement for UNCLASS systems. /* 08/07/2007 CL.FENTON Changed characters that identify breaks to /* Non-national or special characters that could appear /* in PASSCHAR control option. Added ZUSST060. /* 10/01/2008 CL.FENTON Changed table to remove text of 8.0 and below. /* Added addition requirements for NEWPW. /* 10/01/2008 CL.FENTON Added AAMV0420 to table to test for BACKUP(ACTIVE /* entry. Deleted TSS0310 and TSS0610 because CAT IVs. /* 05/08/2009 CL.Fenton Added analysis of LUUPDONCE for TSS0450. /* Removed test for TSS 9.0. /* 10/09/2009 CL.FENTON Added analysis of TSS0460 to be consistant with /* the VMS check. /* 09/27/2010 CL.FENTON Added analysis of TSS0290 for CPFTARGET. /* 03/15/2011 CL.FENTON Chgd TSS0400 test from 35 to 30 days. /* 05/25/2011 CL.FENTON Reverted TSS0400 test from 30 to 35 days. /* 03/08/2013 CL.Fenton Added TSS0660, TSS0670, TSS0680, and TSS0690 /* to evaluate NEWPHRASE, PPSCHAR, NPPTHRESH, PPEXP, and /* PPHIST Control option settings, CSD-AR003262504. /* 03/11/2013 CL.Fenton Removed TSS0430, STS-001566. /* 05/28/2013 CL.Fenton Corrected TSS0660 rc=852 error, STS-002990. /* Also made cosmetic changes to this PDI. /* 09/24/2013 CL.Fenton Chgd requirements for TSS0270, STS-003180. /* 12/10/2014 CL.Fenton Chgd ZUSST052 to evaluate CHOWNURS with TSS /* V15 RO6374 PTF remove CHOWNURS control option, STS-006695. /* 01/30/2015 CL.Fenton Chgd TSS0660 to evaluate MIN=15 for NEWPHRASE, /* STS-008965. /* 01/30/2015 CL.Fenton Removed TSS0570 from scripts for option is /* obsolete, TSS V12 no longer supported, STS-008978. /* 02/04/2015 CL.Fenton Chgd TSS0480 to evaluate list of 15 special /* characters, STS-004529. /* 02/04/2015 CL.Fenton Chgd TSS0660 to evaluate list of 16 special /* characters and removed ID and NR= requirements, /* STS-008965. /* 08/24/2016 CL.Fenton Chgd TSS0400 to INACTIVE(0), STS-015248. /* 07/18/2017 CL.Fenton Chgd ZUSST050 to check for setting of UNIQUSER /* is OFF, STS-017961. /* 11/15/2017 CL.Fenton Added TSS0485 to check the setting of AESENC for /* the value of 128 or 256, STS-018642. SET PGMNAME = &STR(CATM0009 11/15/17) SET SYSPROMPT = OFF /* CONTROL NOPROMPT */ SET SYSFLUSH = OFF /* CONTROL NOFLUSH */ SET SYSASIS = ON /* CONTROL ASIS - caps off */ /* ERROR ROUTINE */ ERROR DO SET RETURN_CODE = &LASTCC /* SAVE LAST ERROR CODE */ IF &LASTCC GE 16 THEN + WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM RETURN END SET RETURN_CODE = 0 ISPEXEC CONTROL NONDISPL ENTER ISPEXEC CONTROL ERRORS RETURN /* *************************************** */ /* VARIABLES ARE PASSED TO THIS MACRO */ /* CONSLIST */ /* COMLIST */ /* SYMLIST */ /* TERMMSGS */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC VGET ( + CONSLIST + COMLIST + SYMLIST + TERMMSGS + TEST + PDIDD + CATM040A + ) ASIS SET TM09VGET = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VGET RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST + TERMMSGS/&TERMMSGS WRITE &PGMNAME TEST/&TEST PDIDD/&PDIDD CATM040A/&CATM040A SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* TURN ON MESSAGES */ /* *************************************** */ SET SYSSYMLIST = &SYMLIST /* CONTROL SYMLIST/NOSYMLIST */ SET SYSCONLIST = &CONSLIST /* CONTROL CONLIST/NOCONLIST */ SET SYSLIST = &COMLIST /* CONTROL LIST/NOLIST */ SET SYSMSG = &TERMMSGS /* CONTROL MSG/NOMSG */ /* *************************************** */ /* THIS EDIT MACRO PROVIDES THE FINDING */ /* DETAILS FOR RACF SETROPTS */ /* *************************************** */ /* Notes on the following table. /* PDINAME /* Blank or 1 /* Blank if no more parameters need to be checked. /* One if additional parameter checks are to be made. /* Global parameter~ /* 'First search field' /* Used to obtain information from the report. /* Used to determine if information is invalid and for messages. /* 'Second search field' .ZCSR .ZCSR /* Used to test information and set return code. /* < End of search fields /* STIG requirements /* > End of STIG fields /* SET TABLE = &NRSTR(+ AAMV0420 BACKUP~+ ' BACKUP('~+ ' BACKUP(ACTIVE' .ZCSR .ZCSR<+ BACKUP(ACTIVE-xx:xx)>+ TSS0249 1NOADMBY~+ ' ADMINBY'~+ ' ADMINBY(YES) ' .ZCSR .ZCSR<+ ADMINBY >+ TSS0250 ADSP~+ ' ADSP'~+ ' ADSP(NO) ' .ZCSR .ZCSR<+ ADSP(NO)>+ TSS0260 1AUTH~+ ' AUTH'<+ AUTH(OVERRIDE|MERGE,ALLOVER)>+ TSS0270 1AUTOERASE~+ ' AUTOERASE'<+ AUTOERASE(ALL) for All System>+ TSS0275 CANCEL~+ ' CANCEL'~+ ' CANCEL(NO) ' .ZCSR .ZCSR<+ CANCEL will not be specified>+ TSS0280 CPFRCVUND~+ ' CPFRCVUND'~+ ' CPFRCVUND(NO) ' .ZCSR .ZCSR<+ CPFRCVUND(NO)>+ TSS0290 CPFTARGET~+ ' CPFTARGET'~+ ' CPFTARGET(LOCAL) ' .ZCSR .ZCSR<+ CPFTARGET(LOCAL)>+ TSS0320 1DEBUG~+ ' DEBUG'~+ ' DEBUG(OFF) ' .ZCSR .ZCSR<+ DEBUG(OFF) >+ TSS0330 1DIAGTRAP~+ ' DIAGTRAP'<+ TSS (default) ACTIVE DIAGTRAP ENTRIES: ON = 00 ~+ DIAGTRAP(id|ALL,DEL)>+ TSS0350 DL1B~+ ' DL1B'~+ ' DL1B(NO) ' .ZCSR .ZCSR<+ DL1B(NO)>+ TSS0360 1DOWN~+ ' DOWN'<+ DOWN(BW,SB,TN|TW,OW)>+ TSS0380 EXIT~+ ' EXIT'~+ ' EXIT(ON)' .ZCSR .ZCSR<+ EXIT(ON)>+ TSS0390 1HPBPW~+ ' HPBPW'<+ HPBPW(1-3)>+ TSS0400 1INACTIVE~+ ' INACTIVE'<+ INACTIVE(0)>+ TSS0420 1IOTRACE~+ ' IOTRACE'~+ ' IOTRACE(OFF) ' .ZCSR .ZCSR<+ IOTRACE(OFF) >+ TSS0440 1LOG~+ ' LOG('<+ LOG(INIT,SMF,SEC9,MSG)>+ TSS0450 LUUPDONCE~+ ' LUUPDONCE'~+ ' LUUPDONCE(NO) ' .ZCSR .ZCSR<+ LUUPDONCE(NO)>+ TSS0460 1MODE~+ ' MODE'~+ ' MODE(FAIL) ' .ZCSR .ZCSR<+ MODE(FAIL)>+ TSS0470 MSUSPEND~+ ' MSUSPEND'~+ ' MSUSPEND(YES) ' .ZCSR .ZCSR<+ MSUSPEND(YES)>+ TSS0480 1NEWPW~+ ' NEWPW'~+ ' PASSCHAR'<+ NEWPW(MIN=8,WARN=(1-10),MINDAYS=01,NR=0,+ ID,TS,RS,FA,FN,SC,MC,LC,UC)~ + with PASSCHAR(@,#,$,&&,*,^,:,=,!,-,%,.,?,_,|).>+ TSS0485 1AESENC~+ ' AESENC'<+ AESENC(128) or AESENC(256)>+ TSS0490 NJEUSR~+ ' NJEUSR'~+ ' NJEUSR(NJESTORE) ' .ZCSR .ZCSR<+ NJEUSR(NJESTORE)>+ TSS0500 1NPWRTHRESH~+ ' NPWRTHRESH'<+ NPWRTHRESH(2)>+ TSS0505 1OPTIONALS~+ ' OPTIONALS'<+ OPTIONALS(004) >+ TSS0530 PRODUCTS~+ ' PRODUCTS'~+ ' PRODUCTS(TSO/E) ' .ZCSR .ZCSR<+ PRODUCTS(TSO/E)>+ TSS0540 1PTHRESH~+ ' PTHRESH'<+ PTHRESH(1-2)>+ TSS0550 1PWEXP~+ ' PWEXP'<+ PWEXP(1-60)>+ TSS0560 1PWHIST~+ ' PWHIST'<+ PWHIST(10-64)>+ TSS0580 1RECOVER~+ ' RECOVER'<+ TSS (default) Recovery File(1-100%)~+ RECOVER(ON)>+ TSS0590 1SECTRACE~+ ' SECTRACE'~+ ' SECTRACE(OFF) ' .ZCSR .ZCSR<+ SECTRACE(OFF) >+ TSS0600 SUBACID~+ ' SUBACID'~+ ' SUBACID(U,8) ' .ZCSR .ZCSR<+ SUBACID(U,8)>+ TSS0620 SYSOUT~+ ' SYSOUT'~+ ',LOCAL)' .ZCSR .ZCSR<+ SYSOUT(a-z,LOCAL)>+ TSS0630 TAPE~+ ' TAPE'~+ ' TAPE(OFF) ' .ZCSR .ZCSR<+ TAPE(OFF)>+ TSS0640 TEMPDS~+ ' TEMPDS'~+ ' TEMPDS(YES) ' .ZCSR .ZCSR<+ TEMPDS(YES)>+ TSS0650 1TIMER~+ ' TIMER'<+ TIMER(1-30)>+ TSS0660 1NEWPHRASE~+ ' NEWPHRASE'~+ ' PPSCHAR'<+ NEWPHRASE(MA=1-32,MN=1-32,MAX=100,MIN=15-32,+ MINDAYS=1,SC=1-32,WARN=1-10)~ + with PPSCHAR( ,@,#,$,&&,*,^,:,=,!,-,%,.,?,_,|) or + PPSCHAR(40,@,#,$,&&,*,^,:,=,!,-,%,.,?,_,|).>+ TSS0670 1NPPTHRESH~+ ' NPPTHRESH'<+ NPPTHRESH(2)>+ TSS0680 1PPEXP~+ ' PPEXP'<+ PPEXP(1-60)>+ TSS0690 1PPHIST~+ ' PPHIST'<+ PPHIST(10-64)>+ TSS0730 1VTHRESH~+ ' VTHRESH'<+ VTHRESH(1-10,NOT,CAN|SUS)>+ ZUSST0501OMVS~+ ' UNIQUSER' FIRST<+ UNIQUSER(OFF) will be + specified for Classified systems.>+ ZUSST0521CHOWNURS~+ ' CHOWNURS'~+ ' CHOWNURS(OFF) ' .ZCSR .ZCSR~+ ' CHOWN_RESTRICTED ' FIRST<+ CHOWNURS(OFF)>+ ZUSST0601HFSSEC~+ ' HFSSEC'~+ ' HFSSEC(ON) ' .ZCSR .ZCSR<+ HFSSEC(OFF) Not Applicable~+ HFSSEC(ON), DEFPROT attribute must be specified in the + HFSSEC RDT record>+ ) /* *************************************** */ /* MAIN PROCESS */ /* *************************************** */ ISREDIT (MEMBER) = MEMBER ISREDIT (DSNAME) = DATASET SET RETURN_CODE = 0 ISREDIT (LASTLINE) = LINENUM .ZLAST IF &RETURN_CODE GT 0 THEN DO /* Empty RC = 4 IF &LASTLINE EQ 0 THEN + WRITE &PGMNAME Empty file RCode = &RETURN_CODE + DSN=&DSNAME MEMBER=&MEMBER &ZERRSM ELSE + WRITE &PGMNAME LINENUM Error RCode = &RETURN_CODE + DSN=&DSNAME MEMBER=&MEMBER &ZERRSM SET RETURN_CODE = &RETURN_CODE +16 GOTO ERR_EXIT END SET LP = &STR(( SET RP = ) SET SPC = &STR( ) ISREDIT NULLS ON ALL ISREDIT CAPS OFF SET XL = &LENGTH(&NRSTR(&TABLE)) DO X = 1 TO &XL - 1 SET DISATXT = /* STIG requirement */ SET FINDTXT8 = /* strings not found */ SET PDINUM = &SUBSTR(&X:&X+7,&NRSTR(&TABLE)) SET Y = &SYSINDEX(&STR(~),&NRSTR(&TABLE),&X) IF &X+8 LT &Y-1 THEN + SET PDITEXT = &SUBSTR(&X+8:&Y-1,&NRSTR(&TABLE)) ELSE SET PDITEXT = &STR( ) IF &Y GT &X THEN SET X = &Y + 1 SET Y = &SYSINDEX(&STR(<),&NRSTR(&TABLE),&X) IF &X LT &Y-1 THEN DO SET PDI_DATA = &SUBSTR(&X:&Y-1,&NRSTR(&TABLE))&STR(~) SET FINDTXT8 = &SUBSTR(&X:&Y-1,&NRSTR(&TABLE)) END ELSE DO SET PDI_DATA = &STR( ) SET FINDTXT8 = &STR( ) END IF &Y GT &X THEN SET X = &Y + 1 SET Y = &SYSINDEX(&STR(>),&NRSTR(&TABLE),&X) IF &X LT &Y-1 THEN + SET DISATXT = &SUBSTR(&X:&Y-1,&NRSTR(&TABLE)) ELSE SET DISATXT = &STR( ) ISREDIT CURSOR = 1 0 SET FINDRC = 0 SET Z = &SYSINDEX(&STR(~),&NRSTR(&PDI_DATA)) DO WHILE &Z GT 2 SET ZL = &LENGTH(&NRSTR(&PDI_DATA)) SET FIND_TEXT = &SUBSTR(1:&Z-1,&NRSTR(&PDI_DATA)) IF &Z+1 LT &ZL THEN + SET PDI_DATA = &SUBSTR(&Z+1:&ZL,&NRSTR(&PDI_DATA)) ELSE SET PDI_DATA = &STR( ) SET RETURN_CODE = 0 ISREDIT FIND &FIND_TEXT IF &NRSTR(&TEST) EQ &STR(FINDING) THEN /* test error cond */ - SET RETURN_CODE = 8 SET FINDRC = &FINDRC + &RETURN_CODE IF &RETURN_CODE EQ 0 AND + &SYSINDEX(&STR(.ZCSR),&NRSTR(&FIND_TEXT)) EQ 0 THEN DO ISREDIT (DATA) = LINE .ZCSR ISREDIT (LINE,COL) = CURSOR ISREDIT CURSOR = &LINE 0 SET COL1 = &SYSINDEX(&NRSTR(&RP ),&NRSTR(&DATA),&COL) IF &COL1 EQ 0 THEN SET COL1 = &LENGTH(&NRSTR(&DATA)) IF &COL LT &COL1 THEN + SET PDITEXT = &NRSTR(&PDITEXT.~)+ &SUBSTR(&COL:&COL1,&NRSTR(&DATA)) END SET Z = &SYSINDEX(&STR(~),&NRSTR(&PDI_DATA)) END SET PDITEXT = &NRSTR(&PDITEXT.<) DO A = 1 TO &LENGTH(&NRSTR(&DISATXT)) SET B = &SYSINDEX(&STR(~),&NRSTR(&DISATXT),&A) IF &B EQ 0 THEN SET B = &LENGTH(&NRSTR(&DISATXT)) + 1 SET C = &SUBSTR(&A:&B-1,&NRSTR(&DISATXT)) IF &A EQ 1 THEN + WRITE &PGMNAME &PDINUM &C ELSE + WRITE &PGMNAME &C SET A = &B END ISPEXEC VPUT ( + FINDRC + PDITEXT + DISATXT + FINDTXT8 + ) ASIS SET PDINUM = &PDINUM SET RETURN_CODE = 0 ISPEXEC EDIT DATAID(&PDIDD) MACRO(&CATM040A) MEMBER(&PDINUM) IF &RETURN_CODE GT 4 THEN DO WRITE &PGMNAME EDIT PDI &PDINUM RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END IF &Y GT &X THEN SET X = &Y ELSE SET X = &XL END SET RETURN_CODE = 0 ERR_EXIT: + IF &MAXCC GE 16 OR + &RETURN_CODE GT 0 THEN DO ISPEXEC VGET (ZISPFRC) SHARED IF &MAXCC GT &ZISPFRC THEN + SET ZISPFRC = &MAXCC ELSE + SET ZISPFRC = &RETURN_CODE ISPEXEC VPUT (ZISPFRC) SHARED WRITE &PGMNAME ZISPFRC = &ZISPFRC END SET TM009RC = &RETURN_CODE ISPEXEC VPUT ( + TM09VGET + TM009RC + ) ASIS ISREDIT SAVE ISREDIT END EXIT CODE(0) ISREDIT MEND