About this course

Course code TPRAUS
Duration 1 Day

Today it is rare to find a System z installation that does not use IBM's UNIX System Services (USS). For security administrators and systems programmers working in a System z/USS environment, a sound understanding of how RACF works with USS is essential.<br>Designed, written and presented by specialist RACF consultants, this course introduces the USS RACF interface and describes and explains how RACF is utilised within the USS environment.<br><br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.

Prerequisites

Attendees should have a clear understanding of z/OS at a conceptual level and have an understanding of RACF that can be gained by attending the course RACF Administration & Auditing. A familiarity with UNIX System Services and a knowledge of TSO/ISPF and JCL is also required.

Delegates will learn how to

  • describe the necessary requirements to implement a secure UNIX System Services environment
  • understand how to administer file access
  • list the RACF UNIX System Services General Resource Classes
  • move around the UNIX System Services environment and describe the use of shell
  • implement UNIX System Services commands
  • use file systems and ACLs
  • mount and un-mount HFS files
  • understand the use of superuser and UID(0).

Outline

Introduction

What are 'Open Systems'?; z/OS USS; Benefits of USS; z/OS USS components; z/OS UNIX interfaces; HFS; SAF for z/OS UNIX; USS security with RACF.

Users & Groups

UNIX user definition; Users & Groups; User & Group Profiles; RACF User/Group profile extensions; UNIX identity; RACF commands for Users; RACF commands for Groups; System Resource limits; OMVS segment - additions; The SEARCH command; Security administration.

Superusers & UID/GID Management

User definition - superuser; BPX.SUPERUSER; Switch to superuser mode; Superuser granularity; UNIPRIV resource names; UNIPRIV class; Managing UIDs; Prevention of shared UIDs; Shared UIDs; Prevention of shared UIDs - example; Search enhancement to map UID & GID; Automatic UID/GID assignment.

Application Identity Mapping

Application Identity Mapping.

z/OS UNIX File Security

Directories & files; UNIX file security; Protecting directories & files; Access levels; The File Security Packet (FSP); Reading File Permissions; Basic - file authorisation checking; File Permission - examples; Protecting files; chmod command examples; chown command - change file owner; chmod - change file mode (permissions); Protecting files; File authorisation checking with UNIXPRIV; RESTRICTED attribute; Default file permissions & umask; List file & directory information.

Access Control Lists (ACLs)

Access Control Lists (ACLs); Three Types of ACL; Two types of Access ACL - base; Two types of Access ACL - extended; Permission Bits & ACLs ; Authority to create ACLs; The getfacl & setfacl commands; getfacl; setfacl; Managing ACLs; getfacl - no ACLs; getfacl - display ACLs for directory; ACL examples; setfacl - change permission bits; ACL examples; ACL inheritance; Directory default ACLs; File default ACLs; getfacl - display all ACLs; UNIXPRIV & ACLs; Authorisation checking - summary; Recommendations.

Security for Daemons & Servers

UNIX level security for Daemons; RACF profiles for daemon security; Server overview; UNIX level security for servers; RACF profiles for server security; Recommendations.

Auditing UNIX System Services Security Events

What can be audited; New RACF classes; RACF commands to implement; SMF records; UNIX commands to audit file access; File Security Packet (FSP); UNIX commands to implement auditing; List file & directory information; Setting the auditing option in the FSP; Auditing the superuser; FSP reporting - HFS Unload.

Interpreting Messages

Interpreting ICH4081 messages; Interpreting BPX messages; Interpreting other messages.

1 Day

Duration
Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.