Assessing RACF vulnerabilities
If you use IBM Db2® for z/OS®, you can use vulnerability assessment tests to assess your RACF vulnerabilities. You must have at least version 9.1 of Guardium installed to use RACF assessments.
About this task
In order to use these tests, you must obtain and install IBM Security zSecure Audit, Version 2.1. This product enables the commands that are used in these tests to interact with RACF.
Tests that examine entitlements do not return a pass/fail grade; they return a list of entitled users. Examples of these reports include table and view privileges granted to grantees and package privileges granted to grantees. In a large environment that includes very large numbers of users and applications, these reports generate an overwhelming amount of data. When you run these reports in such a large environment, the process can run for a long time and consume large amounts of resources, and it might eventually time out.
Procedure
- Upgrade the database schema used to support vulnerability assessment on your database server.
- Install zSecure Audit on your database server.
Use the instructions and tools that are provided with zSecure Audit to learn how to populate approximately 24 tables in the CKADBVA schema to support the new zSecure tests.
- The zSecure team will issue a PTF that enables zSecure Audit to work with Guardium vulnerability assessment. Obtain this PTF and apply it according to the accompanying instructions.
Results
What to do next
Choose the new tests that you want to run to assess your RACF vulnerabilities. Configure and run the tests.