ISREDIT MACRO /* CAAM0527 VIEW USERLIST report */ /* 04/28/2010 CL Fenton Created to perform LOGONID checks. /* 09/28/2010 CL Fenton Changes to correct use of fields for /* CSD-AR002322615. /* 03/15/2011 CL Fenton Added GSKSRVR to list of trusted STC users. /* 09/12/2011 CL Fenton Chgd ACF0580 to exclude logonids with MAXDAYS /* specified, CSD-AR002631712. Added automation for /* ACF0710, ACF0720, ACF0750, ACF0770, and ACF0780, /* CSD-AR002893724. /* 11/16/2011 CL Fenton Chgd ACF0580 check for attributes on users /* that specify JOB and RESTRICT, CSD-AR002631712. Also /* added EMERAUDT to ACF0750. /* 12/13/2011 CL Fenton Added EMERAUDT to ACF0710 and ACF0720 for /* CSD-AR003144636. /* 02/07/2012 CL Fenton Corrected rc of 804 and 860 error on &NUM, /* CSD-AR003250750. /* 04/17/2012 CL Fenton Chgd ACF0720 to evaluate only EMERAUDT, dropping /* SECAAUDT, CSD-AR003377476. /* 10/26/2012 CL Fenton Chgd ACF0580 to bypass UID string check if UID /* string contain LID, CSD-AR002989446. /* 11/28/2012 CL Fenton Chgd ACF0570 to allow special characters in the /* USRID field to avoid 804 error, STS-001305. /* 05/22/2013 CL Fenton Bypassed evaluation of ACF0630, STS-001975. /* 05/30/2013 CL Fenton Added FTPUSERS for ACF0570 and removed 254 day /* for FTP users to remove conflict between ACF0570 and /* ACF0390, STS-000796. Also added the removal of EMERAUDT /* for ACF0570. /* 08/30/2013 CL Fenton Chgd ACF0580 to check for PGM or PROGRAM, STS-003227. /* 03/07/2014 CL Fenton Chgd ACF0570 to remove TSOPROC requirement, STS-004646. /* 06/02/2014 CL Fenton Added exclusion of users with FTP in name for /* ACF0570, STS-005560. /* 07/29/2014 CL Fenton Added evaluation of GROUP within ACF0570 to correct /* error that specified GROUP was missing within valid logonids, /* STS-006053. /* 04/11/2016 CL Fenton Added TSS, TSSB, TSSBKUP, and TSSRESTN to trusted /* started task list, STS-013764. /* 08/04/2016 CL Fenton Added SECAAUDT to list of authorized users that may /* have OPERATOR attribute, STS-015242. /* 09/20/2016 CL Fenton Changed all references of IAO to ISSO. /* 02/05/2018 CL Fenton Added CEA as trusted started task for ACF0640, /* STS-019223. /* 06/29/2021 CL Fenton Chgs to remove ACF0570, ACF0610, ACF0670, /* and ACF0680, STS-026845. SET PGMNAME = &STR(CAAM0527 06/29/21) NGLOBAL PGMNAME RETURN_CODE PDIID PDIMBR ZERRSM DIALOG DSNAME SET SYSPROMPT = OFF /* CONTROL NOPROMPT */ SET SYSFLUSH = OFF /* CONTROL NOFLUSH */ SET SYSASIS = ON /* CONTROL ASIS - caps off */ /* ERROR ROUTINE */ ERROR DO SET RETURN_CODE = &LASTCC /* SAVE LAST ERROR CODE */ IF &LASTCC GE 16 THEN + WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM RETURN END /* *************************************** */ /* VARIABLES ARE PASSED TO THIS MACRO */ /* CONSLIST */ /* COMLIST */ /* SYMLIST */ /* TERMMSGS */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC VGET ( + CONSLIST + COMLIST + SYMLIST + TERMMSGS + PDIID + DIALOG + TYPERUN + UIDLNTH + UIDFLDS + ) ASIS SET AM527VG = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VGET RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST + TERMMSGS/&TERMMSGS WRITE &PGMNAME PDIID/&PDIID + TYPERUN/&TYPERUN WRITE &PGMNAME UIDLNTH/&UIDLNTH + UIDFLDS/&UIDFLDS SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* TURN ON MESSAGES */ /* *************************************** */ SET SYSSYMLIST = &SYMLIST /* CONTROL SYMLIST/NOSYMLIST */ SET SYSCONLIST = &CONSLIST /* CONTROL CONLIST/NOCONLIST */ SET SYSLIST = &COMLIST /* CONTROL LIST/NOLIST */ SET SYSMSG = &TERMMSGS /* CONTROL MSG/NOMSG */ SET UIDLID = &STR(NO) DO WHILE &SYSINDEX(&STR( LID ),&STR( &UIDFLDS )) GT 0 SET A = &SYSINDEX(&STR( LID ),&STR( &UIDFLDS )) SET B = &SYSINDEX(&STR( ),&STR( &UIDFLDS ),&A+1) IF &A GT 0 THEN + SET UIDLID = &STR(YES) IF &A EQ 1 THEN + SET UIDFLDS = &SUBSTR(&B:&LENGTH(&STR(&UIDFLDS )),+ &STR(&UIDFLDS )) ELSE + IF &B GT &LENGTH(&STR( &UIDFLDS)) THEN + SET UIDFLDS = &SUBSTR(2:&A-1,&STR( &UIDFLDS )) ELSE + SET UIDFLDS = &SUBSTR(2:&A,&STR( &UIDFLDS ))+ &SUBSTR(&B:&LENGTH(&STR(&UIDFLDS)),&STR(&UIDFLDS )) END SET UIDFLDS = &NRSTR(&UIDFLDS) ISREDIT (MBRNAME) = MEMBER ISREDIT (DSNAME) = DATASET ISREDIT (LASTLINE) = LINENUM .ZLAST ISREDIT (DW) = DATA_WIDTH SET BLANK = &STR( ) SET SP = &STR( ) SET SP = &STR(&SP&SP&SP&SP&SP&SP) SET LP = &STR(( SET RP = ) SET CC = 30 + &UIDLNTH SET PDIMBR = ACF0560 SET DETAIL_SW = 0 SET CURLINE = 0 /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0560: + SET RETURN_CODE = 0 SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0560_END ISREDIT (DATA) = LINE &CURLINE SET USERID = &SUBSTR(1:8,&NRSTR(&DATA)) SET NAME = &SUBSTR(10:29,&NRSTR(&DATA)) SET CNT = &CNT + 1 SET ERROR = 0 SET NM = IF &STR(&NAME) EQ &STR( ) OR + &STR(&NAME) GT &STR(9999999999) OR + &STR(&NAME) EQ &STR(UNKNOWN ) THEN DO SET ERROR = &ERROR + 1 SET NM = &STR( Invalid NAME) END SET DETAIL_LINE = SET A = 1 IF &NRSTR(&UIDLID) EQ &STR(NO) THEN DO DO WHILE &A LT &LENGTH(&STR(&UIDFLDS)) SET B = &SYSINDEX(&STR( ),&STR(&UIDFLDS ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&UIDFLDS)) SET C = &SYSINDEX(&STR( &ATTR&LP),&NRSTR(&DATA)) IF &C EQ 0 THEN DO SET ERROR = &ERROR + 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE)+ &NRSTR(&ATTR ) END SET A = &B + 2 END END IF &LENGTH(&NRSTR(&DETAIL_LINE)) GT 0 THEN DO SET DETAIL_LINE = &NRSTR(&DETAIL_LINE.are not specified) IF &NRSTR(&NM) NE &STR( ) THEN + SET NM = &NRSTR(&NM and) END SET DETAIL_LINE = &NRSTR(&USERID &NAME&NM &DETAIL_LINE) IF &ERROR EQ 0 THEN GOTO ACF0560 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following logonid&LP.s&RP does &LP.do&RP not + have the required field&LP.s&RP completed:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0560 ACF0560_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All userid&LP.s&RP contain the required fields.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: All logonid records must have + the users name, and specify each field that is defined in the + UID.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0580 SET DETAIL_SW = 0 SET CURLINE = 0 SET VALTBL = &STR(JOB RESTRICT PROGRAM PGM SUBAUTH SOURCE) ISREDIT EXCLUDE " STC " ALL &CC &DW ISREDIT EXCLUDE " MAXDAYS(" ALL &CC &DW /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0580: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0580_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0580 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET JTC_ATTR = SET A = 1 DO WHILE &A LT &LENGTH(&STR(JOB TSO CICS)) SET B = &SYSINDEX(&STR( ),&STR(JOB TSO CICS ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(JOB TSO CICS)) SET C = &SYSINDEX(&STR( &ATTR ),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR(&RP),&NRSTR(&DATA),&C) SET JTC_ATTR = &NRSTR(&JTC_ATTR)+ &SUBSTR(&C,&NRSTR(&DATA)) END ELSE + SET JTC_ATTR = &NRSTR(&JTC_ATTR)&STR( ) SET A = &B + 2 END IF &STR(&JTC_ATTR) NE &STR(J ) THEN GOTO ACF0580 IF &STR(&JTC_ATTR) NE &STR(J ) OR + &SYSINDEX(&STR( RESTRICT ),&NRSTR(&DATA),&CC) EQ 0 THEN GOTO ACF0580 SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&VALTBL)) SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) END SET A = &B + 2 END IF &SYSINDEX(&STR( RESTRICT),&STR(&DETAIL_LINE)) GT 0 AND + (&SYSINDEX(&STR( SOURCE&LP),&STR(&DETAIL_LINE)) GT 0 OR + ((&SYSINDEX(&STR( PROGRAM&LP),&STR(&DETAIL_LINE)) GT 0 OR + &SYSINDEX(&STR( PGM&LP),&STR(&DETAIL_LINE)) GT 0) AND + &SYSINDEX(&STR( SUBAUTH),&STR(&DETAIL_LINE)) GT 0)) THEN + GOTO ACF0580 SET CNT = &CNT + 1 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following batch logonid&LP.s&RP is &LP.are&RP + improperly defined:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0580 ACF0580_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All restricted batch logonid&LP.s&RP contain the + required fields.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: All restricted batch logonid + records must have one or both PGM&LP.xxxxxxxx&RP and SUBAUTH + or SOURCE&LP.xxxxxxxx&RP..) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0620 SET DETAIL_SW = 0 SET CURLINE = 0 SET VALTBL = &STR(STC MUSASS JOBFROM) ISREDIT EXCLUDE " STC " ALL &CC &DW /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0620: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0620_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0620 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&VALTBL)) SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) END ELSE + SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) &STR(NO&ATTR) SET A = &B + 2 END IF &SYSINDEX(&STR( MUSASS),&STR(&DETAIL_LINE)) EQ 0 THEN + GOTO ACF0620 IF &SYSINDEX(&STR( JOBFROM),&STR(&DETAIL_LINE)) GT 0 THEN + GOTO ACF0620 SET CNT = &CNT + 1 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following STC logonid&LP.s&RP does &LP.do&RP + not have the JOBFROM attribute specified:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0620 ACF0620_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All STC logonid&LP.s&RP that have the MUSASS + attribute and the requirement to submit jobs on behalf of its + users have the JOBFROM attribute specified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: All STC logonid&LP.s&RP that + have the MUSASS attribute and the requirement to submit jobs + on behalf of its users have the JOBFROM attribute specified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0640 SET DETAIL_SW = 0 SET CURLINE = 0 SET VALTBL = &STR(STC NON-CNCL) ISREDIT EXCLUDE " STC " ALL &CC &DW /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0640: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0640_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0640 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&VALTBL)) SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) END SET A = &B + 2 END SET USERID = &SUBSTR(1:8,&STR(&DETAIL_LINE)) IF &SYSINDEX(&STR( NON-CNCL ),&STR(&DETAIL_LINE )) GT 0 THEN + SELECT &STR(&USERID) WHEN (ACFBKUP) GOTO ACF0640 WHEN (ACF2) GOTO ACF0640 WHEN (APSWPROA) GOTO ACF0640 WHEN (APSWPROB) GOTO ACF0640 WHEN (APSWPROC) GOTO ACF0640 WHEN (APSWPROM) GOTO ACF0640 WHEN (APSWPROT) GOTO ACF0640 WHEN (CATALOG) GOTO ACF0640 WHEN (CEA) GOTO ACF0640 WHEN (CONSOLE) GOTO ACF0640 WHEN (DFHSM) GOTO ACF0640 WHEN (DFSMSHSM) GOTO ACF0640 WHEN (DFS) GOTO ACF0640 WHEN (DUMPSRV) GOTO ACF0640 WHEN (GPMSERVE) GOTO ACF0640 WHEN (GSKSRVR) GOTO ACF0640 WHEN (IEEVMPCR) GOTO ACF0640 WHEN (IOSAS) GOTO ACF0640 WHEN (IXGLOGR) GOTO ACF0640 WHEN (JESXCF) GOTO ACF0640 WHEN (JES2) GOTO ACF0640 WHEN (JES3) GOTO ACF0640 WHEN (LLA) GOTO ACF0640 WHEN (NFS) GOTO ACF0640 WHEN (OMVS) GOTO ACF0640 WHEN (OMVSKERN) GOTO ACF0640 WHEN (RACF) GOTO ACF0640 WHEN (RMF) GOTO ACF0640 WHEN (RMFGAT) GOTO ACF0640 WHEN (SMF) GOTO ACF0640 WHEN (SMS) GOTO ACF0640 WHEN (SMSRESTN) GOTO ACF0640 WHEN (SMSRESTR) GOTO ACF0640 WHEN (SMSVSAM) GOTO ACF0640 WHEN (TCPIP) GOTO ACF0640 WHEN (TSS) GOTO ACF0640 WHEN (TSSB) GOTO ACF0640 WHEN (TSSBKUP) GOTO ACF0640 WHEN (TSSRESTN) GOTO ACF0640 WHEN (VLF) GOTO ACF0640 WHEN (VTAM) GOTO ACF0640 WHEN (XCFAS) GOTO ACF0640 WHEN (ZFS) GOTO ACF0640 END ELSE GOTO ACF0640 SET CNT = &CNT + 1 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the NON-CNCL + attribute is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0640 ACF0640_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All started task logonid&LP.s&RP that contain + NON-CNCL attribute are Trusted Started Tasks.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: That only Trusted Start + Task logonid&LP.s&RP may have the NON-CNCL attribute.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0660 SET DETAIL_SW = 0 SET CURLINE = 0 SET VALTBL = &STR(MAINT) SET MAINTGRP = SYSCALL GET_MAINT &STR(LID) MAINTGRP /* *************************************** */ /* READ LOOP */ /* *************************************** */ ISREDIT CURSOR = 1 0 ACF0660: + SET RETURN_CODE = 0 ISREDIT FIND ' MAINT ' &CC &DW IF &RETURN_CODE GT 0 THEN GOTO ACF0660_END ISREDIT (DATA) = LINE .ZCSR SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&VALTBL)) SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) END SET A = &B + 2 END SET USERID = &SUBSTR(1:8,&STR(&DETAIL_LINE)) IF &SYSINDEX(&STR(#&USERID),&STR(&MAINTGRP)) GT 0 THEN GOTO ACF0660 SET CNT = &CNT + 1 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP does + &LP.do&RP not have a corresponding GSO MAINT record:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0660 ACF0660_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All maintenance logonid&LP.s&RP have a + corresponding GSO MAINT record.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: That all maintenance + logonid&LP.s&RP have a corresponding GSO MAINT record.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0710 SET DETAIL_SW = 0 SET CURLINE = 0 SET GROUP = &STR(SECAAUDT EMERAUDT) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&GROUP)) SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP)) SYSCALL DIALOG_RTN &ATTR SET A = &B + 2 END ISREDIT CURSOR = 1 0 /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0710: + SET RETURN_CODE = 0 ISREDIT SEEK " REFRESH " &CC &DW IF &RETURN_CODE GT 0 THEN GOTO ACF0710_END ISREDIT (STAT) = XSTATUS .ZCSR IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0710 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE .ZCSR SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the REFRESH + attribute is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0710 ACF0710_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP with the REFRESH attribute + is &LP.are&RP assigned to an ISSO.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that all + logonid&LP.s&RP with the REFRESH attribute is &LP.are&RP + assigned to an ISSO.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0720 SET DETAIL_SW = 0 SET CURLINE = 0 SYSCALL DIALOG_RTN EMERAUDT ISREDIT FIND " SUSPEND " ALL &CC &DW ISREDIT CURSOR = 1 0 /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0720: + SET RETURN_CODE = 0 ISREDIT SEEK " REFRESH " &CC &DW IF &RETURN_CODE GT 0 THEN GOTO ACF0720_END ISREDIT (STAT) = XSTATUS .ZCSR IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0720 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE .ZCSR SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the REFRESH + attribute is &LP.are&RP not in SUSPEND status:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0720 ACF0720_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP with the REFRESH attribute + is &LP.are&RP in SUSPEND status.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that all + logonid&LP.s&RP with the REFRESH attribute is &LP.are&RP + in SUSPEND status unless in actual use.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0750 SET DETAIL_SW = 0 SET CURLINE = 0 SET GROUP = &STR(SECAAUDT SECBAUDT EMERAUDT) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&GROUP)) SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP)) SYSCALL DIALOG_RTN &ATTR SET A = &B + 2 END ISREDIT CURSOR = 1 0 /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0750: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0750_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0750 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE IF &SYSINDEX(&STR( ACCOUNT ),&NRSTR(&DATA ),&CC) EQ 0 AND + &SYSINDEX(&STR( LEADER ),&NRSTR(&DATA ),&CC) EQ 0 AND + &SYSINDEX(&STR( SECURITY ),&NRSTR(&DATA ),&CC) EQ 0 THEN + GOTO ACF0750 IF &SYSINDEX(&STR( SCPLIST&LP),&NRSTR(&DATA ),&CC) GT 0 THEN + GOTO ACF0750 SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following logonid&LP.s&RP with special + attributes is &LP.are&RP not scoped:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0750 ACF0750_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP with special attributes is + &LP.are&RP scoped.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that all + logonid&LP.s&RP with special attributes is &LP.are&RP + scoped.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0760 SET DETAIL_SW = 0 SET CURLINE = 0 SET VALTBL = &STR(SECURITY RSRCVLD RULEVLD) SET TESTTBL = &STR(RSRCVLD RULEVLD) ISREDIT EXCLUDE " SECURITY " ALL &CC &DW /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0760: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0760_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0760 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&VALTBL)) SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) END ELSE + SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) &STR(NO&ATTR) SET A = &B + 2 END SET CNT = &CNT + 1 SET A = 1 SET ERROR = 0 DO WHILE &A LT &LENGTH(&STR(&TESTTBL)) SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DETAIL_LINE)) SET E = &LENGTH(&NRSTR(&DETAIL_LINE )) IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DETAIL_LINE),&C+1) + 1 SET DETAIL_LINE = &SUBSTR(1:&C,&NRSTR(&DETAIL_LINE))+ &SUBSTR(&D:&E,&NRSTR(&DETAIL_LINE )) END ELSE + SET ERROR = &ERROR + 1 SET A = &B + 2 END IF &ERROR EQ 0 THEN GOTO ACF0760 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following logonid&LP.s&RP with the SECURITY + attribute does &LP.do&RP not have the RULEVLD and/or RSRCVLD + attributes specified:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0760 ACF0760_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP with the SECURITY attribute + have the RULEVLD and RSRCVLD attributes specified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that all + logonid&LP.s&RP with the SECURITY attribute have the RULEVLD + and RSRCVLD attributes specified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0770 SET DETAIL_SW = 0 SET CURLINE = 0 SYSCALL DIALOG_RTN SECAAUDT ISREDIT CURSOR = 1 0 /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0770: + SET RETURN_CODE = 0 ISREDIT SEEK " ACCTPRIV " &CC &DW IF &RETURN_CODE GT 0 THEN GOTO ACF0770_END ISREDIT (STAT) = XSTATUS .ZCSR IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0770 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE .ZCSR SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the ACCTPRIV + attribute is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0770 ACF0770_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP with the ACCTPRIV attribute + is &LP.are&RP assigned to an ISSO.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that all + logonid&LP.s&RP with the ACCTPRIV attribute is &LP.are&RP + assigned to an ISSO.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0780 SET DETAIL_SW = 0 SET CURLINE = 0 SET GROUP = &STR(SECAAUDT AUDTAUDT) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&GROUP)) SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP)) SYSCALL DIALOG_RTN &ATTR SET A = &B + 2 END ISREDIT CURSOR = 1 0 /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0780: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0780_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0780 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE IF &SYSINDEX(&STR( AUDIT ),&NRSTR(&DATA ),&CC) EQ 0 AND + &SYSINDEX(&STR( CONSULT ),&NRSTR(&DATA ),&CC) EQ 0 THEN + GOTO ACF0780 IF &SYSINDEX(&STR( SCPLIST&LP),&NRSTR(&DATA ),&CC) GT 0 THEN + GOTO ACF0780 SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following logonid&LP.s&RP with the AUDIT + and/or CONSULT attributes is &LP.are&RP not scoped:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0780 ACF0780_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP with the AUDIT and/or CONSULT + attributes is &LP.are&RP scoped.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Ensure that all + logonid&LP.s&RP with the AUDIT and/or CONSULT attributes is + &LP.are&RP scoped.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0800 SET DETAIL_SW = 0 SET CURLINE = 0 SET TESTTBL = &STR(TAPE-LBL TAPE-BLP) ISREDIT (LASTLINE) = LINENUM .ZLAST SET GROUP = &STR(SYSPAUDT OPERAUDT) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&GROUP)) SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP)) SYSCALL DIALOG_RTN &ATTR SET A = &B + 2 END /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0800: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0800_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0800 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 SET ERROR = 0 DO WHILE &A LT &LENGTH(&STR(&TESTTBL)) SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) SET ERROR = &ERROR + 1 END SET A = &B + 2 END SET CNT = &CNT + 1 IF &ERROR EQ 0 THEN GOTO ACF0800 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the + TAPE-LBL and/or TAPE-BLP privileges is &LP.are&RP + inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0800 ACF0800_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP that contain TAPE-LBL and/or + TAPE-BLP attribute are justified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: That TAPE-LBL and/or + TAPE-BLP attribute may be limited to systems programmer and + operations personnel.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0820 SET DETAIL_SW = 0 SET CURLINE = 0 SET TESTTBL = &STR(CONSOLE) ISREDIT (LASTLINE) = LINENUM .ZLAST /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0820: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0820_END SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 SET ERROR = 0 DO WHILE &A LT &LENGTH(&STR(&TESTTBL)) SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) SET ERROR = &ERROR + 1 END SET A = &B + 2 END SET CNT = &CNT + 1 IF &ERROR EQ 0 THEN GOTO ACF0820 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the + CONSOLE privilege is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0820 ACF0820_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP that contain CONSOLE + attribute are justified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Access to the CONSOLE + attribute is kept to a minimum and is controlled and + documented.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0830 SET DETAIL_SW = 0 SET CURLINE = 0 SET TESTTBL = &STR(ALLCMDS) ISREDIT (LASTLINE) = LINENUM .ZLAST /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0830: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0830_END SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 SET ERROR = 0 DO WHILE &A LT &LENGTH(&STR(&TESTTBL)) SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) SET ERROR = &ERROR + 1 END SET A = &B + 2 END SET CNT = &CNT + 1 IF &ERROR EQ 0 THEN GOTO ACF0830 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the + ALLCMDS privilege is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0830 ACF0830_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP that contain ALLCMDS + attribute are justified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Access to the ALLCMDS + attribute is kept to a minimum and is controlled and + documented.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0840 SET DETAIL_SW = 0 SET CURLINE = 0 SET TESTTBL = &STR(PPGM) ISREDIT (LASTLINE) = LINENUM .ZLAST SET GROUP = &STR(SYSPAUDT OPERAUDT) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&GROUP)) SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP)) SYSCALL DIALOG_RTN &ATTR SET A = &B + 2 END /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0840: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0840_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0840 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 SET ERROR = 0 DO WHILE &A LT &LENGTH(&STR(&TESTTBL)) SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) SET ERROR = &ERROR + 1 END SET A = &B + 2 END SET CNT = &CNT + 1 IF &ERROR EQ 0 THEN GOTO ACF0840 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the + PPGM privilege is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0840 ACF0840_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP that contain PPGM + attribute are justified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Access to the PPGM + attribute is kept to a minimum and is controlled and + documented.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER ISREDIT (LASTLINE) = LINENUM .ZLAST SET PDIMBR = ACF0850 SET DETAIL_SW = 0 SET CURLINE = 0 SET TESTTBL = &STR(OPERATOR) ISREDIT (LASTLINE) = LINENUM .ZLAST SET GROUP = &STR(SYSPAUDT OPERAUDT SECAAUDT) SET A = 1 DO WHILE &A LT &LENGTH(&STR(&GROUP)) SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP)) SYSCALL DIALOG_RTN &ATTR SET A = &B + 2 END /* *************************************** */ /* READ LOOP */ /* *************************************** */ ACF0850: + SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO ACF0850_END ISREDIT (STAT) = XSTATUS &CURLINE IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0850 SET RETURN_CODE = 0 ISREDIT (DATA) = LINE &CURLINE SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA)) SET A = 1 SET ERROR = 0 DO WHILE &A LT &LENGTH(&STR(&TESTTBL)) SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1 SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL)) SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1 IF &C GT 1 THEN DO SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1 SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) + &SUBSTR(&C:&D,&NRSTR(&DATA)) SET ERROR = &ERROR + 1 END SET A = &B + 2 END SET CNT = &CNT + 1 IF &ERROR EQ 0 THEN GOTO ACF0850 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(The following authorization&LP.s&RP to the + OPERATOR privilege is &LP.are&RP inappropriate:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET DETAIL_SW = &DETAIL_SW + 1 END SET AC = &STR( &DETAIL_LINE) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO ACF0850 ACF0850_END: + SET RETURN_CODE = 0 IF &DETAIL_SW EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(All logonid&LP.s&RP that contain OPERATOR + attribute are justified.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: Access to the OPERATOR + attribute is kept to a minimum and is controlled and + documented.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SYSCALL ADD_MEMBER /* *************************************** */ /* END of program */ /* *************************************** */ END_EXIT: + SET RETURN_CODE = 0 ERR_EXIT: + IF &MAXCC GE 16 OR + &RETURN_CODE GT 0 THEN DO ISPEXEC VGET (ZISPFRC) SHARED IF &MAXCC GT &ZISPFRC THEN + SET ZISPFRC = &MAXCC ELSE + SET ZISPFRC = &RETURN_CODE ISPEXEC VPUT (ZISPFRC) SHARED WRITE &PGMNAME ZISPFRC = &ZISPFRC END SET AM527RC = &RETURN_CODE ISPEXEC VPUT ( + AM527VG + AM527RC + ) ASIS ISREDIT CANCEL EXIT CODE(0) /*ISREDIT MEND /* *************************************** */ /* SYSCALL SUBROUTINES */ /* *************************************** */ ADD_MEMBER: PROC 0 IF &PDIMBR EQ &STR( ) THEN + RETURN CODE(0) SET ZEDSMSG = FINISHED SET ZEDLMSG = &STR(Finished processing &PDIMBR.) ISPEXEC LOG MSG(ISRZ000) SET RETURN_CODE = 0 ISPEXEC LMMADD DATAID(&PDIID) MEMBER(&PDIMBR) IF &RETURN_CODE EQ 4 THEN DO /* MEMBER ALREADY EXISTS SET RETURN_CODE = 0 ISPEXEC LMMREP DATAID(&PDIID) MEMBER(&PDIMBR) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMMREP_PDI_RCODE = &RETURN_CODE &PDIMBR &ZERRSM END END ELSE DO IF &RETURN_CODE NE 0 THEN + WRITE &PGMNAME LMMADD_PDI_RCODE = &RETURN_CODE &PDIMBR &ZERRSM END ISREDIT RESET ISREDIT DELETE ALL NX SET RETURN_CODE = 0 ISREDIT COPY '&DSNAME' AFTER .ZF END DIALOG_RTN: PROC 1 AUMBR SET RETURN_CODE = 0 ISPEXEC LMMFIND DATAID(&DIALOG) MEMBER(&AUMBR) SET LMMFIND_DIALOG_RC = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME Authorized user list &AUMBR not found. RETURN END GET_NEXT_USR: + SET RETURN_CODE = 0 ISPEXEC LMGET DATAID(&DIALOG) MODE(INVAR) DATALOC(URECORD) + MAXLEN(80) DATALEN(LRECL) SET LMGET_DIALOG_RC = &RETURN_CODE IF &RETURN_CODE EQ 8 THEN DO /* END OF MEMBER */ SET LMGET_DIALOG_RC = 0 /* SET RETURN CODE TO 0 */ RETURN END IF &RETURN_CODE GT 4 THEN DO WRITE &PGMNAME LMGET DIALOG RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 RETURN END IF &SUBSTR(1,&NRSTR(&URECORD)) EQ &STR(*) OR + &SUBSTR(1,&NRSTR(&URECORD)) EQ &STR( ) THEN + GOTO GET_NEXT_USR SET USR = &SUBSTR(1:8,&NRSTR(&URECORD)) ISREDIT EXCLUDE ALL '&USR' 1 GOTO GET_NEXT_USR /* --------------- */ END GET_MAINT: PROC 2 P1 P2 SET RETURN_CODE = 0 SET LP = &STR(( SET RP = ) /*SYSREF &P1 SYSREF &P2 SET &SYSOUTTRAP = 999999999 IF &P1 EQ &STR(LID) THEN DO DATA ACF SHOW PGMS ENDDATA SET A = &SYSOUTLINE SET SW = 0 DO X = 1 TO &A SET DATA = &&SYSOUTLINE&X SET DATA = &STR(&DATA) IF &SW GT 0 THEN DO IF &STR(&DATA) EQ &STR( ) THEN + SET X = &A ELSE DO SET LID = &SUBSTR(1:8,&STR(&DATA)) IF &SYSINDEX(&STR(#&LID),&STR(&P2)) EQ 0 THEN + SET P2 = &STR(&P2.#&LID) END END IF &SYSINDEX(&STR(-- MAINTENANCE LOGONIDS),&STR(&DATA)) GT 0 THEN + SET SW = 1 END END ELSE DO DATA ACF SET CONTROL(GSO) LIST LIKE(MAINT-) ENDDATA SET A = &SYSOUTLINE SET SW = 0 DO X = 1 TO &A SET DATA = &&SYSOUTLINE&X SET DATA = &STR(&DATA) IF &SW GT 0 THEN DO IF &STR(&DATA) EQ &STR( ) THEN + SET X = &A ELSE + SET P2 = &STR(&P2 @&DATA) END IF &SYSINDEX(&STR(LID&LP&P1&RP),&STR(&DATA)) GT 0 THEN DO SET M1 = &X - 1 SET MDATA = &&SYSOUTLINE&M1 SET MDATA = &STR(&MDATA) SET P2 = &STR(&MDATA @&DATA) SET SW = 1 END END DATA SET SYSID(****) LIST LIKE(MAINT-) ENDDATA SET A = &SYSOUTLINE SET SW = 0 DO X = 1 TO &A SET DATA = &&SYSOUTLINE&X SET DATA = &STR(&DATA) IF &SW GT 0 THEN DO IF &STR(&DATA) EQ &STR( ) THEN + SET X = &A ELSE + SET P2 = &STR(&P2 @&DATA) END IF &SYSINDEX(&STR(LID&LP&P1&RP),&STR(&DATA)) GT 0 THEN DO SET M1 = &X - 1 SET MDATA = &&SYSOUTLINE&M1 SET MDATA = &STR(&MDATA) P1 = &STR(&MDATA @&DATA) SET SW = 1 END END END QUIT SET RETURN_CODE = 0 RETURN /* --------------- */ END