• Home
• Introduction
• Updates
  • Real-time monitor
  • DEB$RISC/TRAN
  • DEB$HF10
  • DBU$0000
  • SMF$XT50
  • SMF$XT60
  • DEB$XS10
  • OPR$XL10
  • DEB$JLOG
  • DEB$JLOZ
• Download
• Support Issues
• How to. . .
• RA2FM
• RA2FM - HSM-Express
• IBM Literature
• Misc.
• About Us
• Contact

SMF$XT50 - Audit LPA-, LNK- and or APF listed datasets

Critical MVS Libraries

• APF libraries - Identified in SYS1.PARMLIB (IEASYSxx)-- see IEAAPFxx option

• Link List libraries - Identified in SYS1.PARMLIB (IEASYSxx)-- see LNKLSTxx option

• LPA List libraries - Identified in SYS1.PARMLIB (IEASYSxx)-- see LPALSTxx option

The members in certain system libraries are given the ability to bypass security in order to accomplish operating software functions. These three libraries, the APF libraries, the Link List libraries and the LPA List libraries create a possible security exposure because of this level of authority. In order to verify that the installation is using these libraries for only required purposes run SMF$XT50 on a daily basis.





Purpose:
SMF$XT50 is a batch tool which is used to monitor the access to the privileged file definitions e.g. APF, LNK and LPA list. By default all accesses with "INTENT=UPDATE" against APF, LNK and LPA system definitions will be listed. Optionally other INTENTS against these files can be listed too.


A user can as well specify a SMF logger file instead of SYS1.MANx or any other archived SMF file.







//*
//*         CHECK ON WHO ACCESSED LPA,LNK AND/OR APF LIST
//*
//SMFEXTR   EXEC  PGM=IFASMFDP
//STEPLIB   DD DISP=SHR,DSN=RA2002.LINKLIB       <-- UPDATE
//SMFDATA1  DD    DISP=SHR,DSN=YOUR.SMF.FILE     <-- UPDATE
//SMFOUT    DD    DUMMY,DSN=&&SMFFILE,           <-- UPDATE OR DUMMY
//          DISP=(,PASS),
//          DCB=(RECFM=VBS,LRECL=32760,BLKSIZE=6240),
//          UNIT=SYSDA,SPACE=(TRK,(1,1))
//SYSPRINT  DD SYSOUT=*
//*
//*         OUTPUT LISTINGS
//*
//ACINTENT  DD SYSOUT=*      * ACCESS INTENT LIST
//*
//APFLIST   DD SYSOUT=*      * APF LIST "ASIS" AT YOUR INSTALLATION
//LPALIST   DD SYSOUT=*      * LPA LIST "ASIS" AT YOUR INSTALLATION
//LNKLIST   DD SYSOUT=*      * LNK LIST "ASIS" AT YOUR INSTALLATION
//*
//*         OPTIONAL TRIGGER(S) TO LIST OTHERS THAN JUST INTENT=UPDATE
//*         (DEFAULT IS:INTENT=UPDATE IF NO //I?????? DD FOUND)
//*
//*IALL     DD DUMMY         * TRIGGER TO LIST INTENT= * ALL
//*IALTER   DD DUMMY         * TRIGGER TO LIST INTENT=ALTER
//*ICONTROL DD DUMMY         * TRIGGER TO LIST INTENT=CONTROL
//*IEXECUTE DD DUMMY         * TRIGGER TO LIST INTENT=EXECUTE
//*IREAD    DD DUMMY         * TRIGGER TO LIST INTENT=READ
//*IUPDATE  DD DUMMY         * TRIGGER TO LIST INTENT=UPDATE
//*
//*
//*
//SYSIN     DD    *
INDD(SMFDATA1,OPTIONS(DUMP))
ABEND(NORETRY)
OUTDD(SMFOUT,TYPE(80))
USER2(SMF$XT50)
USER3(SMF$XT51)
/*
//
//*
//*         OPTIONAL SMF RECORD FILTERING
//*
//FLTPRINT  DD   SYSOUT=*
//FLTINPUT  DD  *
*OPTIONS    DUMPREC=V,HITS=ONLY
+INCLUDE    COND=(SMF80RTY,*,*,EQ,50)
//


Access list based on SMF records:

APF list:

LPA list:

LINK list: