Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Discovering if signed programs currently execute on your systems z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can optionally enable SMF logging of signature verification events by performing Steps for discovering if signed programs currently execute on your systems (optional). By doing so, you can later examine the SMF records using the SMF data unload utility (IRRADU00) to discover if any of your controlled programs are digitally signed and if so, by whom. Once you identify a signer, obtain the signer's root CA in preparation for completing Steps for verifying a signed program. For information about using the SMF data unload utility (IRRADU00), see z/OS Security Server RACF Auditor's Guide. To enable SMF logging for this purpose, modify one or more PROGRAM
profiles to specify the following signature verification options.
Using these specific options ensures that no load failures occur due
to signature verification failures.
Once you perform Steps for discovering if signed programs currently execute on your systems (optional), if any controlled program is digitally signed, RACF® will attempt to verify the signature upon load. Each signature verification will result in a failure until you complete Steps for preparing RACF to verify signed programs (one-time setup) and Steps for verifying a signed program. Each signature verification failure will be logged to SMF and related error messages will be issued to the console. Sample error messages:
|
Copyright IBM Corporation 1990, 2014
|