Today it is rare to find a System z installation that does not use IBM's UNIX System Services (USS). For security administrators and systems programmers working in a System z/USS environment, a sound understanding of how RACF works with USS is essential.<br>Designed, written and presented by specialist RACF consultants, this course introduces the USS RACF interface and describes and explains how RACF is utilised within the USS environment.<br>This course has been updated to reflect changes introduced up to and including z/OS V2.2. In addition there are now a number of hands-on practical exercises included.<br><br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.
Using RACF with UNIX System Services (USS)
Attendees should have a clear understanding of z/OS at a conceptual level and have an understanding of RACF that can be gained by attending the course RACF Administration & Auditing. A familiarity with UNIX System Services and a knowledge of TSO/ISPF and JCL is also required.
- describe the necessary requirements to implement a secure UNIX System Services environment
- create users with OMVS segments and their resources
- administer directory and file access using permission bits, ACLs and RACF classes
- list the RACF UNIX System Services General Resource Classes for Security
- move around the UNIX System Services environment
- use UNIX System Services commands with regards to security
- use file systems and ACLs
- recognise and understand USS error messages with regards to security
- understand the security implications for Daemons and Servers
- understand the use of superuser and UID(0)
- recognise the tasks needed to audit USS Security events.
What are 'Open Systems'?; z/OS USS; Benefits of USS; z/OS USS components; z/OS UNIX interfaces; HFS; SAF for z/OS UNIX; USS security with RACF.Users & Groups
UNIX user definition; Users & Groups; User & Group Profiles; RACF User/Group profile extensions; UNIX identity; RACF commands for Users; RACF commands for Groups; System Resource limits; OMVS segment - additions; The SEARCH command; Security administration.Superusers & UID/GID Management
User definition - superuser; BPX.SUPERUSER; Switch to superuser mode; Superuser granularity; UNIPRIV resource names; UNIPRIV class; Managing UIDs; Prevention of shared UIDs; Shared UIDs; Prevention of shared UIDs - example; Search enhancement to map UID & GID; Automatic UID/GID assignment.Application Identity Mapping
Application Identity Mapping.z/OS UNIX File and Function Security
Directories & files; UNIX file security; Protecting directories & files; Access levels; The File Security Packet (FSP); Reading File Permissions; Basic - file authorisation checking; File Permission - examples; Protecting files; chmod command examples; chown command - change file owner; chmod - change file mode (permissions); Protecting files; File authorisation checking with UNIXPRIV; RESTRICTED attribute; Default file permissions & umask; List file & directory information; Interpreting ICH4081 messages; Interpreting BPX messages; Interpreting other messages; Facility Class ,FACILITY class profiles,FSACCESS class,FSEXEC class.Access Control Lists (ACLs)
Access Control Lists (ACLs); Three Types of ACL; Two types of Access ACL - base; Two types of Access ACL - extended; Permission Bits & ACLs ; Authority to create ACLs; The getfacl & setfacl commands; getfacl; setfacl; Managing ACLs; getfacl - no ACLs; getfacl - display ACLs for directory; ACL examples; setfacl - change permission bits; ACL examples; ACL inheritance; Directory default ACLs; File default ACLs; getfacl - display all ACLs; UNIXPRIV & ACLs; Authorisation checking - summary; Recommendations.Security for Daemons & Servers
UNIX level security for daemons; RACF profiles for daemon security; Server overview; UNIX level security for servers; RACF profiles for server security; Recommendations.Auditing UNIX System Services Security Events
What can be audited; New RACF classes; RACF commands to implement; SMF records; UNIX commands to audit file access; File Security Packet (FSP); UNIX commands to implement auditing; List file & directory information; Setting the auditing option in the FSP; Auditing the superuser; FSP reporting - HFS Unload; Health Checkers.
Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.
Find dates and prices
We have 3 courses available across 2 locations on 3 different dates
EastCall us on 0113 220 7150 to discuss availability in this region.Contact us
London1 Location / 2 coursesView dates
MidlandsCall us on 0113 220 7150 to discuss availability in this region.Contact us
NorthCall us on 0113 220 7150 to discuss availability in this region.Contact us
ScotlandCall us on 0113 220 7150 to discuss availability in this region.Contact us
South1 Location / 1 courseView dates
Attend from AnywhereCall us on 0113 220 7150 to discuss availability in this region.Contact us
All locations2 Locations / 3 coursesView dates
Fully accredited to ensure we provide the highest possible standards in learning