GRS_AUTHQLVL_SETTING

Description:
This check reports on whether the system is running with the recommended AUTHQLVL setting.
Reason for check:
If the AUTHQLVL parameter is not set to the maximum level, certain requests may be susceptible to denial of service attacks.
z/OS® releases the check applies to:
z/OS V1R13 and later.
User override of IBM values:
Start of changeThe following sample shows the defaults for customizable values for this check. Use this sample to make permanent check customizations in an HZSPRMxx parmlib member used at IBM Health Checker for z/OS startup. If you just want a one-time only update to the check defaults, omit the first line (ADDREPLACE POLICY) and use the UPDATE statement on a MODIFY hzsproc command. Note that using non-POLICY UPDATEs in HZSPRMxx can lead to unexpected results and is therefore not recommended.End of change
Start of changeADDREPLACE POLICY[(policyname)] [STATEMENT(name)]End of change
UPDATE
CHECK(IBMGRS, GRS_AUTHQLVL_SETTING)
ACTIVE
SEVERITY(LOW)
INTERVAL(ONETIME)
DATE('date_of_the_change')
PARM('2')
REASON('Your reason for making the update.');
Parameters accepted:
Yes, you can specify the AUTHQLVL value you want the check to look for, either 1 or 2. For example, PARM('1')

Default: 2

Reference:
For more information on GRS, see z/OS MVS Planning: Global Resource Serialization.
Messages:
This check issues the following exception messages:
  • ISGH0322E
  • ISGH0323E
And the following information messages:
  • ISGH0102I
  • ISGH0321I
See the ISGH messages in z/OS MVS System Messages, Vol 9 (IGF-IWM).
SECLABEL recommended for multilevel security users:
SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.
Parent topic: Global Resource Serialization checks (IBMGRS)