Tolerate z/OS changes in UNIX APF processing: Technote for zSecure TCIM/TSIEM z/OS Agent

Flash (Alert)


Abstract

For APAR OA41101, the behavior of certain z/OS UNIX Services has been changed.

Content

(Please note: The z/OS agent is also known by the name IBM Tivoli Compliance Insight Manager, Tivoli Security Information and Event Manager, and Compliance Insight Manager Enabler for z/OS.)
This will cause a component of the TSIEM z/OS agent that works with zSecure under z/OS to abend with EC6-xxxxC04A.

After application of the PTF for APAR OA41101, trying to use external links to APF authorized programs will lead to the abend. Therefore files with sticky and APF bits turned on must be used now.
A temporary circumvention is to make the Owner of the symbolic link CKRCARLx to be a userid/group that has UID(0).

To perform the temporary workaround, change the Owner of &C2EPATH/run/CKRCARLx to a userid/group that has UID(0), using the following command sequence - note the '-h' parameter with the chown command in step 3.: that is required to enable the change without following the symbolic link:

1.Enter OMVS
.
2.cd /u/c2eaudit/actuatr1/run/ <==&C2EPATH/run
.
3. chown -h BPXROOT CKRCARLx
.
STOP THE DAEMON TASK WITH /S C2ECSTOP
THEN START THEM UP AGAIN /S C2EAUDIT

(In the above example, BPXROOT userid has already been defined, has UID(0) and is connected to the original userid's group, so group did not need to be specified.)


Cross reference information
Segment Product Component Platform Version Edition
Security Tivoli Compliance Insight Manager 8.5
Security Tivoli Security Information and Event Manager 2.0

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security zSecure Audit

Software version:

1.11, 1.12, 1.13.0, 1.13.1

Operating system(s):

z/OS

Reference #:

1626384

Modified date:

2014-02-07

Translate my page

Machine Translation

Content navigation