/* REXX */
/* CLS2REXXed by UMLA01S on 3 Nov 2025 at 21:09:17  */
/*trace r?*/
Signal On NoValue
Call On Error
Signal On Failure
Signal On Syntax
Parse source opsys . exec_name .
Address ISREDIT
 
"MACRO"             /* CATM0009 EDIT TEMP9 */
/*********************************************************************/
/* 04/19/2004 JL Nelson Changed to display Not a Finding text.       */
/* 04/20/2004 JL Nelson Modified to display DISA standard.           */
/* 06/17/2004 JL Nelson ADDED EXIT CODE.                             */
/* 07/15/2004 JL Nelson Changed DISA Standard to STIG requirement.   */
/* 12/15/2004 JL Nelson Changed TSS0620, TSS0650, STIG incorrect.    */
/* 01/05/2005 JL Nelson Changed TSS0275 CANCEL will not be           */
/*            specified.                                             */
/* 02/09/2005 JL Nelson Changed constants to variables before        */
/*            rename.                                                */
/* 04/13/2005 JL Nelson Changed AUTOERASE and DIAGTRAP per Charles.  */
/* 04/27/2005 JL Nelson Delete obsolete PDIs per Charles Fenton.     */
/* 04/27/2005 JL Nelson Delete TSS0290, TSS0300, TSS0340, TSS0370.   */
/* 04/27/2005 JL Nelson Delete TSS0385, TSS0510, TSS0520.            */
/* 06/08/2005 JL Nelson Pass MAXCC in ZISPFRC variable.              */
/* 06/14/2005 JL Nelson Added LOGBUF to numeric check.               */
/* 06/15/2005 JL Nelson Set return code to end job step.             */
/* 03/15/2006 JL Nelson Made changes to avoid SUBSTR abend 920/932.  */
/* 03/16/2006 JL Nelson Set/test RCode for every ISPEXEC command.    */
/* 03/21/2006 JL Nelson Use NRSTR avoid abend 900 if ampersand in    */
/*            data.                                                  */
/* 03/30/2006 JL Nelson Test for empty member LINENUM Rcode = 4.     */
/* 09/27/2006 CL Fenton Modified ZUSST050 and added ZUSST052.        */
/* 07/09/2007 CL Fenton Removed requirement for UNCLASS systems.     */
/* 08/07/2007 CL Fenton Changed characters that identify breaks to   */
/*            Non-national or special characters that could appear   */
/*            in PASSCHAR control option.  Added ZUSST060.           */
/* 10/01/2008 CL Fenton Changed table to remove text of 8.0 and      */
/*            below.  Added addition requirements for NEWPW.         */
/* 10/01/2008 CL Fenton Added AAMV0420 to table to test for          */
/*            BACKUP(ACTIVE entry.  Deleted TSS0310 and TSS0610      */
/*            because CAT IVs.                                       */
/* 05/08/2009 CL Fenton Added analysis of LUUPDONCE for TSS0450.     */
/*            Removed test for TSS 9.0.                              */
/* 10/09/2009 CL Fenton Added analysis of TSS0460 to be consistant   */
/*            with the VMS check.                                    */
/* 09/27/2010 CL Fenton Added analysis of TSS0290 for CPFTARGET.     */
/* 03/15/2011 CL Fenton Chgd TSS0400 test from 35 to 30 days.        */
/* 05/25/2011 CL Fenton Reverted TSS0400 test from 30 to 35 days.    */
/* 03/08/2013 CL Fenton Added TSS0660, TSS0670, TSS0680, and TSS0690 */
/*            to evaluate NEWPHRASE, PPSCHAR, NPPTHRESH, PPEXP, and  */
/*            PPHIST Control option settings, CSD-AR003262504.       */
/* 03/11/2013 CL Fenton Removed TSS0430, STS-001566.                 */
/* 05/28/2013 CL Fenton Corrected TSS0660 rc=852 error, STS-002990.  */
/*            Also made cosmetic changes to this PDI.                */
/* 09/24/2013 CL Fenton Chgd requirements for TSS0270, STS-003180.   */
/* 12/10/2014 CL Fenton Chgd ZUSST052 to evaluate CHOWNURS with TSS  */
/*            V15 RO6374 PTF remove CHOWNURS control option,         */
/*            STS-006695.                                            */
/* 01/30/2015 CL Fenton Chgd TSS0660 to evaluate MIN=15 for          */
/*            NEWPHRASE, STS-008965.                                 */
/* 01/30/2015 CL Fenton Removed TSS0570 from scripts for option is   */
/*            obsolete, TSS V12 no longer supported, STS-008978.     */
/* 02/04/2015 CL Fenton Chgd TSS0480 to evaluate list of 15 special  */
/*            characters, STS-004529.                                */
/* 02/04/2015 CL Fenton Chgd TSS0660 to evaluate list of 16 special  */
/*            characters and removed ID and NR= requirements,        */
/*            STS-008965.                                            */
/* 08/24/2016 CL Fenton Chgd TSS0400 to INACTIVE(0), STS-015248.     */
/* 07/18/2017 CL Fenton Chgd ZUSST050 to check for setting of        */
/*            UNIQUSER is OFF, STS-017961.                           */
/* 11/15/2017 CL Fenton Added TSS0485 to check the setting of AESENC */
/*            for the value of 128 or 256, STS-018642.               */
/* 03/05/2024 CL Fenton Removed obsolete PDI member automation for   */
/*            TSS0320, TSS0330, TSS0350, TSS0380, TSS0420, TSS0470,  */
/*            TSS0490, TSS0530, TSS0590, TSS0620, TSS0630, TSS0650,  */
/*            and ZUSST052, SCTASK0103747.                           */
/* 11/03/2025 CL Fenton Converted script from CLIST to REXX.         */
/* 11/07/2025 CL Fenton Chgs to add new automation for IBM zSecure   */
/*            Suite, SCTASKU0461677.                                 */
/*                                                                   */
/*                                                                   */
/*                                                                   */
/*********************************************************************/
pgmname = "CATM0009 11/07/25"
sysprompt = "OFF"                       /* CONTROL NOPROMPT          */
sysflush = "OFF"                        /* CONTROL NOFLUSH           */
sysasis = "ON"                          /* CONTROL ASIS - caps off   */
return_code = 0
maxcc = 0
 
/*******************************************/
/* VARIABLES ARE PASSED TO THIS MACRO      */
/* CONSLIST                                */
/* COMLIST                                 */
/* SYMLIST                                 */
/* TERMMSGS                                */
/*******************************************/
Address ISPEXEC "CONTROL NONDISPL ENTER"
Address ISPEXEC "CONTROL ERRORS RETURN"
return_code = 0
Address ISPEXEC "VGET (CONSLIST COMLIST SYMLIST TERMMSGS TEST PDIDD",
  "CATM040A) ASIS"
tm09vget = return_code
If return_code <> 0 then do
  Say pgmname "VGET RC =" return_code  zerrsm
  Say pgmname "CONSLIST/"conslist "COMLIST/"comlist "SYMLIST/"symlist,
    "TERMMSGS/"termmsgs
  Say pgmname "TEST/"test "PDIDD/"pdidd "CATM040A/"catm040a
  return_code = return_code + 16
  SIGNAL ERR_EXIT
  End
 
/*******************************************/
/* TURN ON MESSAGES                        */
/*******************************************/
 
syssymlist = symlist                    /* CONTROL SYMLIST/NOSYMLIST */
sysconlist = conslist                   /* CONTROL CONLIST/NOCONLIST */
syslist = comlist                       /* CONTROL LIST/NOLIST       */
sysmsg = termmsgs                       /* CONTROL MSG/NOMSG         */
 
/*******************************************/
/* This edit Macro provides the Finding    */
/* Details for TSS STATUS command.         */
/*******************************************/
/*********************************************************************/
/* Notes on the following table.                                     */
/* PDINAME                                                           */
/* Blank or 1                                                        */
/*        Blank if no more parameters need to be checked.            */
/*        One if additional parameter checks are to be made.         */
/* Global parameter~                                                 */
/* 'First search field'                                              */
/*        Used to obtain information from the report.                */
/*        Used to determine if information is invalid and for        */
/*        messages.                                                  */
/* 'Second search field' .ZCSR .ZCSR                                 */
/*        Used to test information and set return code.              */
/* <      End of search fields                                       */
/* STIG requirements                                                 */
/* >      End of STIG fields                                         */
/*********************************************************************/
table = "AAMV0420 BACKUP~' BACKUP('~' BACKUP(ACTIVE' .ZCSR .ZCSR",
  "<BACKUP(ACTIVE-xx:xx)",
  ">TSS0249 1NOADMBY~' ADMINBY'~' ADMINBY(YES) ' .ZCSR .ZCSR",
  "<ADMINBY",
  ">TSS0250  ADSP~' ADSP'~' ADSP(NO) ' .ZCSR .ZCSR",
  "<ADSP(NO)",
  ">TSS0260 1AUTH~' AUTH'",
  "<AUTH(OVERRIDE|MERGE,ALLOVER)",
  ">TSS0270 1AUTOERASE~' AUTOERASE'",
  "<AUTOERASE(ALL) for All System",
  ">TSS0275  CANCEL~' CANCEL'~' CANCEL(NO) ' .ZCSR .ZCSR",
  "<CANCEL will not be specified",
  ">TSS0280  CPFRCVUND~' CPFRCVUND'~' CPFRCVUND(NO) ' .ZCSR .ZCSR",
  "<CPFRCVUND(NO)",
  ">TSS0290  CPFTARGET~' CPFTARGET'~' CPFTARGET(LOCAL) ' .ZCSR .ZCSR",
  "<CPFTARGET(LOCAL)",
  ">TSS0360 1DOWN~ ' DOWN'",
  "<DOWN(BW,SB,TN|TW,OW)",
  ">TSS0390 1HPBPW~' HPBPW'",
  "<HPBPW(1-3)",
  ">TSS0400 1INACTIVE~' INACTIVE'",
  "<INACTIVE(0)",
  ">TSS0440 1LOG~' LOG('",
  "<LOG(INIT,SMF,SEC9,MSG)",
  ">TSS0450  LUUPDONCE~' LUUPDONCE'~' LUUPDONCE(NO) ' .ZCSR .ZCSR",
  "<LUUPDONCE(NO)",
  ">TSS0460 1MODE~' MODE'~' MODE(FAIL) ' .ZCSR .ZCSR",
  "<MODE(FAIL)",
  ">TSS0480 1NEWPW~' NEWPW'~' PASSCHAR'",
  "<NEWPW(MIN=8,WARN=(1-10),MINDAYS=01,NR=0,ID,TS,RS,FA,FN,SC,MC,LC,UC)",
  "~  with PASSCHAR(@,#,$,&,*,^,:,=,!,-,%,.,?, _,|).",
  ">TSS0485 1AESENC~' AESENC'",
  "<AESENC(128) or AESENC(256)",
  ">TSS0500 1NPWR THRESH~' NPWRTHRESH'",
  "<NPWRTHRESH(2)",
  ">TSS0505 1OPTIONALS~' OPTIONALS'",
  "<OPTIONALS(004)",
  ">TSS0540 1PTHRESH~' PTHRESH'",
  "<PTHRESH(1-2)",
  ">TSS0550 1PWEXP~' PWEXP'",
  "<PWEXP(1-60)",
  ">TSS0560 1PWHIST~' PWHIST'",
  "<PWHIST(10-64)",
  ">TSS0580 1RECOVER~' RECOVER'",
  "<TSS (default) Recovery File(1-100%)~RECOVER(ON)",
  ">TSS0600  SUBACID~' SUBACID'~' SUBACID(U,8) ' .ZCSR .ZCSR",
  "<SUBACID(U,8)",
  ">TSS0640  TEMPDS~' TEMPDS'~' TEMPDS(YES) ' .ZCSR .ZCSR",
  "<TEMPDS(YES)",
  ">TSS0660 1NEWPHRASE~' NEWPHRASE'~' PPSCHAR'",
  "<NEWPHRASE(MA=1-32,MN=1-32,MAX=100,MIN=15-32,"
table = table"MINDAYS=1,SC=1-32,WARN=1-10)~",
  "with PPSCHAR( ,@,#,$,&,*,^,:,=,!,-,%,., ?,_,|) or",
  "PPSCHAR(40,@,#,$,&,*,^,:,=,!,-,%,.,?,_,|).",
  ">TSS0670 1NPPTHRESH~ ' NPPTHRESH'",
  "<NPPTHRESH(2)",
  ">TSS0680 1PPEXP~' PPEXP'",
  "<PPEXP(1-60)",
  ">TSS0690 1PPHIST~' PPHIST'",
  "<PPHIST(10-64)",
  ">TSS0730 1VTHRESH~' VTHRESH'",
  "<VTHRESH(1-10,NOT,CAN|SUS)",
  ">ZUSST0501OMVS~' UNIQUSER' FIRST",
  "<UNIQUSER(OFF) will be specified for Classified systems.",
  ">ZUSST0601HFSSEC~' HFSSEC'~' HFSSEC(ON) ' .ZCSR .ZCSR",
  "<HFSSEC(OFF) Not Applicable~HFSSEC(ON), DEFPROT attribute",
  "must be specified in the HFSSEC RDT record>"
 
/*******************************************/
/* MAIN PROCESS                            */
/*******************************************/
"(MEMBER) = MEMBER"
"(DSNAME) = DATASET"
return_code = 0
 
"(LASTLINE) = LINENUM .ZLAST"
If return_code > 0 then do
  If lastline = 0 then,
    Say pgmname "Empty file RCode =" return_code "DSN="dsname,
      "MEMBER="member zerrsm
  Else,
    Say pgmname "LINENUM Error RCode =" return_code "DSN="dsname,
      "MEMBER="member  zerrsm
  return_code = return_code +16
  SIGNAL ERR_EXIT
  End
 
lp = "("
rp = ")"
spc = "          "
 
"NULLS ON ALL"
"CAPS OFF"
 
xl = length(table)
Do X = 1 to xl - 1
  disatxt = ""               /*  STIG requirement   */
  findtxt8 = ""              /*  strings not found  */
  parse var table . =(x) pdinum +8 pditext "~" findtxt8 "<",
    disatxt ">" .
  y = pos("~",table,x)
  pdi_data = findtxt8"~"
  y = pos("<",table,x)
  If y > x then,
    x = y + 1
  y = pos(">",table,x)
  "CURSOR = 1 0"
  findrc = 0
  z = pos("~",pdi_data)
 
  Do until pdi_data = ""
    parse var pdi_data find_text "~" pdi_data
 
    return_code = 0
    "FIND" find_text
 
    If test = "FINDING" then, /* test error cond */
      return_code = 8
    findrc = findrc + return_code
    If return_code = 0 & pos(".ZCSR",find_text) = 0 then do
      "(DATA) = LINE .ZCSR"
      "(LINE,COL) = CURSOR"
      "CURSOR =" line 0
/*    parse var data . =(col) fld .*/
      parse var data . =(col) fld ") " .
      If pos("(",fld) > 0 then,
        fld = fld")"
      pditext = pditext"~"fld
      End
    z = pos("~",pdi_data)
    End
  pditext = pditext"<"
  Do A = 1 to length(disatxt)
    b = pos("~",disatxt,a)
    If b = 0 then,
      b = length(disatxt) + 1
    c = substrc(a,b-1,disatxt)
    If a = 1 then,
      Say pgmname pdinum  c
    Else,
      Say pgmname "        "  c
    a = b
    End
  Address ISPEXEC "VPUT (FINDRC PDITEXT DISATXT FINDTXT8) ASIS"
  pdinum = strip(pdinum,"T")
  return_code = 0
  Address ISPEXEC "EDIT DATAID("pdidd") MACRO("catm040a")",
    "MEMBER("pdinum")"
  If return_code > 4 then do
    Say pgmname "EDIT PDI" pdinum "RC =" return_code zerrsm
    return_code = return_code + 16
    SIGNAL ERR_EXIT
    End
  If y > x then,
    x = y
  Else,
    x = xl
  End
 
return_code = 0
Call Process_CACT0001
 
 
ERR_EXIT:
If maxcc >= 16 | return_code > 0 then do
  Address ISPEXEC "VGET (ZISPFRC) SHARED"
  If maxcc > zispfrc then,
    zispfrc = maxcc
  Else,
    zispfrc = return_code
  Address ISPEXEC "VPUT (ZISPFRC) SHARED"
  Say pgmname "ZISPFRC =" zispfrc
  End
tm009rc = return_code
Address ISPEXEC "VPUT (TM09VGET TM009RC) ASIS"
"SAVE"
"END"
Exit 0
 
 
Process_CACT0001:
tabledd = "TABLE"
pdimbr  = ""
return_code = listdsi(tabledd "FILE")
if return_code > 0 then do
  say pgmname "DDNAME:"tabledd "RC:"return_code "SYSREASON:"sysreason
  say pgmname sysmsglvl1
  SIGNAL ERR_EXIT
  end
dsnmbr = sysdsname"(CACT0001)"
If sysdsn("'"dsnmbr"'") <> "OK" then do
  return_code = 8
  say pgmname dsnmbr "=" sysdsn("'"dsnmbr"'")
  return
  end
Address TSO "Alloc f(test) ds('"dsnmbr"') shr reuse"
Address TSO "Execio * diskr test (finis stem in."
pdinum   = ""
findrc   = 0
pditext  = "2"
disatxt  = ""
findtxt8 = ""
Do x = 1 to in.0
  return_code = 0
  if pdinum <> substr(in.x,1,8) &,
     pdinum <> "" then do
    call Process_Details
    end
  pdinum   = substr(in.x,1,8)
  resclass = substr(in.x,9,8)
  pditext = pditext resclass
  end
Call Process_Details
 
Return
 
 
Process_Details:
pditext = pditext "~"
Address ISPEXEC "VPUT (FINDRC PDITEXT DISATXT FINDTXT8) ASIS"
pdinum = strip(pdinum,"T")
return_code = 0
Address ISPEXEC "EDIT DATAID("pdidd") MACRO("catm040a")",
  "MEMBER("pdinum")"
If return_code > 4 then do
  Say pgmname "EDIT PDI" pdinum "RC =" return_code zerrsm
  return_code = return_code + 16
  SIGNAL ERR_EXIT
  End
findrc   = 0
pditext  = "2"
disatxt  = ""
findtxt8 = ""
return
 
 
substrc: Procedure
 If arg(3) = ''
   Then
     Do
     s = Arg(1)
     l = 1
     v = arg(2)
     End
   Else
     Do
     s = arg(1)
     l = arg(2)-arg(1)+1
     v = arg(3)
     End
  Return substr(v,s,l)
 
 
NoValue:
Failure:
Syntax:
say pgmname 'REXX error' rc 'in line' sigl':' strip(ERRORTEXT(rc))
say SOURCELINE(sigl)
SIGNAL ERR_EXIT
 
 
Error:
return_code = RC
if RC > 4 & RC <> 8 then do
  say pgmname "LASTCC =" RC strip(zerrlm)
  say pgmname 'REXX error' rc 'in line' sigl':' ERRORTEXT(rc)
  say SOURCELINE(sigl)
  end
if return_code > maxcc then
  maxcc = return_code
return
 
 
