OA60783: ZUSS0034 DOES NOT SHOW "ACTUAL VALUE OF TEST FIELD" NOR "COMPLIANCE COMPARISON VALUE" FOR AUDIT SETTINGS.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• ZUSS0034 does not show "Actual value of test field" nor
  "Compliance comparison value" for audit settings.  The fields
  are shown as blank.  It properly checks for compliance, but the
  fields are left blank.
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of zSecure Audit exploiting STIG       *
  *                 compliance rules IFTP0070, ISLG0030,         *
  *                 ITCP0040, IUTN0040, ZUSS0034, and ZUSS0035.  *
  ****************************************************************
  * PROBLEM DESCRIPTION: The following zSecure Audit STIG        *
  *                      compliance rules do not display values  *
  *                      for "Actual value of test field" and    *
  *                      "Compliance comparison value" fields    *
  *                      for audit settings: IFTP0070, ISLG0030, *
  *                      ITCP0040, IUTN0040, ZUSS0034, and       *
  *                      ZUSS0035.                               *
  *                                                              *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF provided.                      *
  ****************************************************************
  When the following zSecure Audit compliance rules are evaluated,
  the "Actual value of test field" and "Compliance comparison
  value" fields for audit settings do not contain any values:
  
   - IFTP0070: the permission bits and user audit audit bits for
               UNIX objects that are part of the FTP Server
               component must be properly configured.
   - ISLG0030: The permission bits and user audit bits for FS
               objects that are part of the syslog daemon
               component must be properly configured.
   - ITCP0040: The permission bits and user audit bits for FS
               objects that are part of the base TCP/IP component
               must be properly configured.
   - IUTN0040: The permission bits and the user audit bits or the
               FS objects that are part of the z/OS UNIX Telnet
               server must be properly configured.
   - ZUSS0034: z/OS UNIX FS permission bits and audit bits for
               each directory must be properly specified.
   - ZUSS0035: z/OS UNIX FS permission bits and audit bits for
               each file must be properly specified.
  

Problem conclusion

• zSecure Audit has been modified so that STIG compliance rules
  ISLG0030, ITCP0040, IUTN0040, ZUSS0034, and ZUSS0035 display
  values for "Actual value of test field" and "Compliance
  comparison value" fields for audit settings properly.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ04833

Modules/Macros

• C2RGF070 C2RGIU40 C2RGTC40 C2RGZU34 C2RGZU35 CKAGSD30
  

Fix information

• Fixed component name

  ZSEC BASE,ADMIN

• Fixed component ID

  5655T0100

Applicable component levels

• R240 PSY UJ04833

     UP21/02/12 P F102

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.