RACF_IBMUSER_REVOKED

Description: Check looks to see if the IBMUSER user ID is still active.

Reason for check:
The IBMUSER user ID is intended for use only during the initial installation process. After installation, the IBMUSER user ID should be revoked so that it cannot be used by unauthorized users.
z/OS® releases the check applies to:
z/OS V1R5 and later.
Parameters accepted:
No.
User override of IBM values:
Start of changeThe following sample shows the defaults for customizable values for this check. Use this sample to make permanent check customizations in an HZSPRMxx parmlib member used at IBM Health Checker for z/OS startup. If you just want a one-time only update to the check defaults, omit the first line (ADDREPLACE POLICY) and use the UPDATE statement on a MODIFY hzsproc command. Note that using non-POLICY UPDATEs in HZSPRMxx can lead to unexpected results and is therefore not recommended.End of change
Start of changeADDREPLACE POLICY[(policyname)] [STATEMENT(name)]End of change
UPDATE
CHECK(IBMRACF,RACF_IBMUSER_REVOKED),
SEVERITY(MED),INTERVAL(24:00),DATE('date_of_the_change')
REASON('Your reason for making the update.')
Debug support:
Yes, the check provides additional error detail in debug mode. You can put a check into debug mode using any of the following:
  • UPDATE,filters,DEBUG=ON parameters on either the MODIFY command or in a POLICY statement in an HZSPRMxx parmlib member
  • Overwrite the OFF value with the ON value in the DEBUG column of the CK panel in SDSF.
Verbose support:
No.
Reference:
For more information on storage increments, see z/OS Security Server RACF Security Administrator's Guide .
Messages:
This check issues the following exception messages:
  • IRRH225E
See z/OS Security Server RACF Messages and Codes.
SECLABEL recommended for multilevel security users:
SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.

Output:

RACF_IBMUSER_REVOKED check - IBMUSER not revoked exception found:
CHECK(IBMRACF,RACF_IBMUSER_REVOKED)
START TIME: 12/02/2005 16:43:31.614417
CHECK DATE: 20050820 CHECK SEVERITY: MEDIUM
* Medium Severity Exception *
IRRH225E The user ID IBMUSER is not revoked.
Explanation: The user ID IBMUSER has not been revoked. IBM recommends
revoking IBMUSER.
System Action: The check continues processing. There is no effect on
the system.
Operator Response: Report this problem to the system security
administrator and the system auditor.
System Programmer Response: Revoke IBMUSER.
Problem Determination: See the RACF Auditor's Guide and the RACF
System Programmer's Guide.
Source:
RACF System Programmer's Guide
RACF Auditor's Guide
Reference Documentation:
RACF System Programmer's Guide
RACF Auditor's Guide
Automation: None.
Check Reason: IBMUSER should be revoked.
END TIME: 12/02/2005 16:43:31.653215 STATUS: EXCEPTION-MED
RACF_IBMUSER_REVOKED check - no exceptions found, IBMUSER has been revoked:
1CHECK(IBMRACF,RACF_IBMUSER_REVOKED)
 START TIME: 03/02/2006 14:50:57.307193
 CHECK DATE: 20051111  CHECK SEVERITY: MEDIUM
 
 IRRH224I The user ID IBMUSER is revoked.
 
 END TIME: 03/02/2006 14:50:57.315063  STATUS: SUCCESSFUL
Parent topic: RACF checks (IBMRACF)