Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Auditing access to files and directories z/OS UNIX System Services Planning GA32-0884-00 |
|
The security auditor uses reports formatted from RACF® system management facilities (SMF) records to check successful and failing accesses to kernel resources. An SMF record can be written at each point where the system makes security decisions. Six classes are used to control auditing of security events. These classes do not have any profiles. They do not have to be active to control auditing. Use the SETROPTS command to specify the auditing options for the classes. For a list of the classes used for auditing and an explanation of how to specify the audit options, see z/OS Security Server RACF Auditor's Guide. Audit records are always written for the following events:
You cannot turn off these audit records. You can also specify auditing at the file level in the file system.
Activate this option by:
If you activate auditing for additional levels of file system access, you might generate excessive amounts of SMF Type 80 records. You can also specify, in a RACF user profile, that all actions taken by the user be audited. Actions taken by superusers can be audited or not, determined by RACF commands. If you are using RACF profiles in the UNIXPRIV class to control certain superuser functions, you can use those same profiles to audit those superuser functions. |
Copyright IBM Corporation 1990, 2014
|