IBM Support

VM66459: RACF SMF REPORT WRITER EXIT SUPPORT

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • Add RACF SMF Report Writer Exit Support

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users who have RACF installed.           *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION: APPLY PTF                                    *
****************************************************************
RACFVM currently allows for auditing of security-relevant
events on the z/VM system via audit logs.  SMF records
are cached in a running tally, then stored on disk when
a system programmer (or system automation) sends
a particular command to do so.  This can potentially
lead to lag in detecting security events, as logs are not
available for processing software to peruse at the instant
an event occurs.

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • A new exit, ICHRSWX1, has been created for RACFVM.
This exit, when configured, allows for transmission of an
audit record at the time the record is created.  This does
not impede normal RACF auditing, and an audit log
will still be retained on the z/VM system in question.

Please review the updated Security Server System Programmer's
Guide,  Chapter 6. RACF Installation Exits, for more details.

    



APAR Information




    

  • APAR number
    VM66459
    • 

  • Reported component name
    RACF/VM SUPPORT
    • 

  • Reported component ID
    576700201
    • 

  • Reported release
    720
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    YesSpecatt / New Function / Xsystem
    • 

  • Submitted date
    2020-09-25
    • 

  • Closed date
    2021-01-22
    • 

  • Last modified date
    2021-02-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UV99386
    

    • 



Modules/Macros


    

  • ICHAUD00 ICHCRL00 ICHCTV00 ICHPRCVT ICHRAU02 ICHSEC00 ICHSEC07
ICHSEC10 ICHSEC11 IRRDSM20 IRRENV00 IRRMDR00 IRRRAX00 IRRREQ03
IRRSEC13 IRRXTR00 RPIAUD   RPIVPDBS SETRACF

    



Fix information


    

  • Fixed component name
    RACF/VM SUPPORT
    • 

  • Fixed component ID
    576700201
    • 



Applicable component levels


    

  • R720  PSY  UV99386
       UP21/02/03  I  1000
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Platform":[{"code":"PF054","label":"z\/OS"}],"Version":"720"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            27 February 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback