OverviewToday it is rare to find a System z installation that does not use IBM's UNIX System Services (USS). For security administrators and systems programmers working in a System z/USS environment, a sound understanding of how RACF works with USS is essential.<br>Designed, written and presented by specialist RACF consultants, this course introduces the USS RACF interface and describes and explains how RACF is utilised within the USS environment.<br>This course has been updated to reflect changes introduced up to and including z/OS V2.2. In addition there are now a number of hands-on practical exercises included.<br> br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.
PrerequisitesAttendees should have a clear understanding of z/OS at a conceptual level and have an understanding of RACF that can be gained by attending the course RACF Administration & Auditing. A familiarity with UNIX System Services and a knowledge of TSO/ISPF and JCL is also required.
Delegates will learn how to
- describe the necessary requirements to implement a secure UNIX System Services environment
- create users with OMVS segments and their resources
- administer directory and file access using permission bits, ACLs and RACF classes
- list the RACF UNIX System Services General Resource Classes for Security
- move around the UNIX System Services environment
- use UNIX System Services commands with regards to security
- use file systems and ACLs
- recognise and understand USS error messages with regards to security
- understand the security implications for Daemons and Servers
- understand the use of superuser and UID(0)
- recognise the tasks needed to audit USS Security events.
What are 'Open Systems'?; z/OS USS; Benefits of USS; z/OS USS components; z/OS UNIX interfaces; HFS; SAF for z/OS UNIX; USS security with RACF.Users & Groups
UNIX user definition; Users & Groups; User & Group Profiles; RACF User/Group profile extensions; UNIX identity; RACF commands for Users; RACF commands for Groups; System Resource limits; OMVS segment - additions; The SEARCH command; Security administration.Superusers & UID/GID Management
User definition - superuser; BPX.SUPERUSER; Switch to superuser mode; Superuser granularity; UNIPRIV resource names; UNIPRIV class; Managing UIDs; Prevention of shared UIDs; Shared UIDs; Prevention of shared UIDs - example; Search enhancement to map UID & GID; Automatic UID/GID assignment.Application Identity Mapping
Application Identity Mapping.z/OS UNIX File and Function Security
Directories & files; UNIX file security; Protecting directories & files; Access levels; The File Security Packet (FSP); Reading File Permissions; Basic - file authorisation checking; File Permission - examples; Protecting files; chmod command examples; chown command - change file owner; chmod - change file mode (permissions); Protecting files; File authorisation checking with UNIXPRIV; RESTRICTED attribute; Default file permissions & umask; List file & directory information; Interpreting ICH4081 messages; Interpreting BPX messages; Interpreting other messages; Facility Class ,FACILITY class profiles,FSACCESS class,FSEXEC class.Access Control Lists (ACLs)
Access Control Lists (ACLs); Three Types of ACL; Two types of Access ACL - base; Two types of Access ACL - extended; Permission Bits & ACLs ; Authority to create ACLs; The getfacl & setfacl commands; getfacl; setfacl; Managing ACLs; getfacl - no ACLs; getfacl - display ACLs for directory; ACL examples; setfacl - change permission bits; ACL examples; ACL inheritance; Directory default ACLs; File default ACLs; getfacl - display all ACLs; UNIXPRIV & ACLs; Authorisation checking - summary; Recommendations.Security for Daemons & Servers
UNIX level security for daemons; RACF profiles for daemon security; Server overview; UNIX level security for servers; RACF profiles for server security; Recommendations.Auditing UNIX System Services Security Events
What can be audited; New RACF classes; RACF commands to implement; SMF records; UNIX commands to audit file access; File Security Packet (FSP); UNIX commands to implement auditing; List file & directory information; Setting the auditing option in the FSP; Auditing the superuser; FSP reporting - HFS Unload; Health Checkers.