GRS_AUTHQLVL_SETTING
- Description:
- This check reports on whether the system is running with the recommended AUTHQLVL setting.
- Reason for check:
- If the AUTHQLVL parameter is not set to the maximum level, certain requests may be susceptible to denial of service attacks.
- z/OS® releases the check applies to:
- z/OS V1R13 and later.
- User override of IBM values:
- The following sample shows the defaults for customizable
values for this check. Use this sample to make permanent check
customizations in an HZSPRMxx parmlib member used at
IBM Health Checker for z/OS startup. If you just want a one-time
only update to the check defaults, omit the first line (ADDREPLACE POLICY)
and use the UPDATE statement on a MODIFY hzsproc command.
Note that using non-POLICY UPDATEs in HZSPRMxx can
lead to unexpected results and is therefore not recommended.
ADDREPLACE POLICY[(policyname)] [STATEMENT(name)] UPDATE CHECK(IBMGRS, GRS_AUTHQLVL_SETTING) ACTIVE SEVERITY(LOW) INTERVAL(ONETIME) DATE('date_of_the_change') PARM('2') REASON('Your reason for making the update.');
- Parameters accepted:
- Yes, you can specify the AUTHQLVL value you want the check to
look for, either 1 or 2. For example, PARM('1')
Default: 2
- Reference:
- For more information on GRS, see z/OS MVS Planning: Global Resource Serialization.
- Messages:
- This check issues the following exception messages:
- ISGH0322E
- ISGH0323E
- ISGH0102I
- ISGH0321I
- SECLABEL recommended for multilevel security users:
- SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.