Today it is rare to find a System z installation that does not use IBM's UNIX System Services (USS). For security administrators and systems programmers working in a System z/USS environment, a sound understanding of how RACF works with USS is essential.<br>Designed, written and presented by specialist RACF consultants, this course introduces the USS RACF interface and describes and explains how RACF is utilised within the USS environment.<br><br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.
Using RACF with UNIX System Services (USS)
Attendees should have a clear understanding of z/OS at a conceptual level and have an understanding of RACF that can be gained by attending the course RACF Administration & Auditing. A familiarity with UNIX System Services and a knowledge of TSO/ISPF and JCL is also required.
- describe the necessary requirements to implement a secure UNIX System Services environment
- understand how to administer file access
- list the RACF UNIX System Services General Resource Classes
- move around the UNIX System Services environment and describe the use of shell
- implement UNIX System Services commands
- use file systems and ACLs
- mount and un-mount HFS files
- understand the use of superuser and UID(0).
What are 'Open Systems'?; z/OS USS; Benefits of USS; z/OS USS components; z/OS UNIX interfaces; HFS; SAF for z/OS UNIX; USS security with RACF.Users & Groups
UNIX user definition; Users & Groups; User & Group Profiles; RACF User/Group profile extensions; UNIX identity; RACF commands for Users; RACF commands for Groups; System Resource limits; OMVS segment - additions; The SEARCH command; Security administration.Superusers & UID/GID Management
User definition - superuser; BPX.SUPERUSER; Switch to superuser mode; Superuser granularity; UNIPRIV resource names; UNIPRIV class; Managing UIDs; Prevention of shared UIDs; Shared UIDs; Prevention of shared UIDs - example; Search enhancement to map UID & GID; Automatic UID/GID assignment.Application Identity Mapping
Application Identity Mapping.z/OS UNIX File Security
Directories & files; UNIX file security; Protecting directories & files; Access levels; The File Security Packet (FSP); Reading File Permissions; Basic - file authorisation checking; File Permission - examples; Protecting files; chmod command examples; chown command - change file owner; chmod - change file mode (permissions); Protecting files; File authorisation checking with UNIXPRIV; RESTRICTED attribute; Default file permissions & umask; List file & directory information.Access Control Lists (ACLs)
Access Control Lists (ACLs); Three Types of ACL; Two types of Access ACL - base; Two types of Access ACL - extended; Permission Bits & ACLs ; Authority to create ACLs; The getfacl & setfacl commands; getfacl; setfacl; Managing ACLs; getfacl - no ACLs; getfacl - display ACLs for directory; ACL examples; setfacl - change permission bits; ACL examples; ACL inheritance; Directory default ACLs; File default ACLs; getfacl - display all ACLs; UNIXPRIV & ACLs; Authorisation checking - summary; Recommendations.Security for Daemons & Servers
UNIX level security for Daemons; RACF profiles for daemon security; Server overview; UNIX level security for servers; RACF profiles for server security; Recommendations.Auditing UNIX System Services Security Events
What can be audited; New RACF classes; RACF commands to implement; SMF records; UNIX commands to audit file access; File Security Packet (FSP); UNIX commands to implement auditing; List file & directory information; Setting the auditing option in the FSP; Auditing the superuser; FSP reporting - HFS Unload.Interpreting Messages
Interpreting ICH4081 messages; Interpreting BPX messages; Interpreting other messages.
Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.
Find dates and prices
Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at firstname.lastname@example.org to discuss how we can help.
Fully accredited to ensure we provide the highest possible standards in learning