Objective: to produce a report from SMF records showing attempts to access resources as UNIX Superuser.

This customization is useful to show how quickly, when demonstrating, you can provide USS/OMVS access information to an auditor.
NOTE: make sure that you select the input set named “Live SMF data sets” as input. Go back to the main zSecure menu and use option “SE.1” to verify this selection.

Exercise

Run this CARLa program to generate the required report. If resource BPX.SUPERUSER is accessed, observe and verify that the output report shows something like the following sample:

Notes regarding CARLa code used for showing UNIX Superuser usage.

• The “SUP CKFREEZE” statement is used again to prevent reading the allocated CKFREEZE data set.
  
• The toptitle (“TT=”) definition generates the literal string “User ID: ” in the top title of the report.
  
• The “TITLE=” (can be abbreviated to “T=”) definition specifies that the title of the report must be: “Accesses as UNIX Superuser [BPX.SUPERUSER]”
  
• When no UNIX Superuser switches occurred in the live SMF data sets that you process, description “No UNIX Superuser switch occurred” is generated in the report. This description is specified by the “EMPTY=” definition.
  
• Output modifier PAGE in the SORTLIST for “user” specifies that when the user value changes, a page break must be inserted in the report.
  
• Output modifier TT (short for toptitle) in the SORTLIST for “user” specifies that the value of field user must be printed in the top title. This specification causes the user ID to be printed in the top title behind string “User ID: ” instead of in the report.

If at first attempt your report is empty, logon to USS with command “TSO OMVS” and press Enter. Then, issue command SU (Switch User) and exit the OMVS shell. When you run the CARLa program again, this Superuser switch must now be reported.

 

 

Continue with Using SMF to report commands

 

© Copyright IBM Corp. 2012, 2020

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.