IronSphere Product Pack - DB2 TSS
Product Pack : Package DB2 checks for Top Secret.
License : Z/OSDB2
Description : DB2 checks for TSS and native DB2 security.
Instructions :
- Download the attached file to your workstation.
- Upload file to the mainframe as Binary, FB, 80, 3120.
- Using the administrator menu of the web interface generate a license request file and send it to support@securiteam.co.il, or open a ticket in customer care.
- Install the license received from support.
- Update <prefix>.SQIFPARM(QIFCHKxx) with check definitions described in section Parmlib update.
- Update check QIFINSTL with the DSNAME of the file uploaded in step 1. Use the following command or update via SDSF/CK: f hzsproc,update,check=(*,mvr_INS_TAL_ER),PARM('QIF.PPQISHMC.XMI')
- Verify installation by reviewing messages in SYSLOG and debug file (if DEBUG is set).
Parmlib update : Place the below definitions in <prefix>.SQIFPARM(QIFCHKxx).
Note: The last check is defined with a comma!
{
"NAME":"QISDB200",
"CKNAME":"MVT_DB2_010_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB201",
"CKNAME":"MVT_DB2_020_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB202",
"CKNAME":"MVT_DB2_030_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB203",
"CKNAME":"MVT_DB2_040_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB204",
"CKNAME":"MVT_DB2_050_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB205",
"CKNAME":"MVT_DB2_060_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB206",
"CKNAME":"MVT_DB2_070_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 INSTALLATION USER-IDS ARE NOT PROTECTED
PROPERLY.
"
},
{
"NAME":"QISDB207",
"CKNAME":"MVT_DB2_080_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"Access to sensitive catalog tables is not properly
protected.
"
},
{
"NAME":"QISDB208",
"CKNAME":"MVT_DB2_090_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"Access to DB2 should be controled by external security
manager.
"
},
{
"NAME":"QISDB209",
"CKNAME":"MVT_DB2_100_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"Access to DB2 installation datasets is not properly
protected.
"
},
{
"NAME":"QISDB210",
"CKNAME":"MVT_DB2_110_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 Started task(s) must be properly defined to the
STARTED resource class for TSS.
"
},
{
"NAME":"QISDB211",
"CKNAME":"MVT_DB2_120_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"The DB2 dataspaces should be protecte in accordance to
the security requirements.
"
},
{
"NAME":"QISDB212",
"CKNAME":"MVT_DB2_130_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"The DB2 authorization exits should be activated and
loaded.
"
},
{
"NAME":"QISDB213",
"CKNAME":"MVT_DB2_140_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 VERSION NUMBER IS NOT SUPPORTED.
"
},
{
"NAME":"QISDB214",
"CKNAME":"MVT_DB2_150_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 TSS RESOURCE CLASSES SHOULD BE ACTIVATED.
"
},
{
"NAME":"QISDB215",
"CKNAME":"MVT_DB2_160_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 STC(s) datasets must be properly protected
"
},
{
"NAME":"QISDB216",
"CKNAME":"MVT_DB2_170_00",
"ESM":"TSS",
"PARM":" ",
"STRTHH":"06",
"STRTMM":"00",
"INTERVAL":"12",
"STATUS":"ACTIVE",
"TITLE":"DB2 trusted context should require authentication.