This intermediate-level course is intended for users that are involved in maintaining USS-related security definitions or auditing the z/OS USS environment. For example, security administrators, compliance officers, system programmers, and auditors.
This course describes the security-related aspects of a z/OS UNIX System Services (USS) environment. Learn USS concepts, followed by an overview of the USS-related functions and applications of the IBM Security zSecure Admin and Audit products. Using the zSecure built-in reports and standard interface, you learn how to obtain USS-related information from RACF profiles and review the contents of the USS reports. Audit recommendations and the RACF concerns that are applicable to a z/OS USS environment are described. In addition, you learn about the USS-related resource profiles in the FACILITY and UNIXPRIV classes.
Chapter 1: z/OS UNIX System Services (USS) security concepts Explain z/OS USS identification and authentication Use the hierarchical file system (HFS) and z/OS file system (zFS) Secure USS daemons and servers Chapter 2: Protect files and directories List the fields in the file security packet (FSP) Interpret and modify file access rights and extended attributes Secure USS files with extended access control lists (ACLs) Chapter 3: Reporting and auditing in a USS environment Generate extended program attributes reports Explain HFS and zFS auditing concepts Use the USS-related RACF profiles Avoid common HFS and zFS auditing RACF pitfalls Generate reports about trust reasons in USS Audit daemons and servers Generate reports about USS-related SMF records
Explain the authorization checking process to access a UNIX file or directory Create the appropriate RACF definitions to define a z/OS UNIX System Services user ID Describe the audit options for z/OS UNIX System Services Set up permissions to control access to a file or directory List and maintain extended access control list (ACL) entries List and maintain the audit settings for a file or directory