To implement IBM®
Security Guardium®
S-TAP® for IMS™ on z/OS® auditing of Type-2 and
Type-1 commands issued from IMS Single Point Of Control (SPOC), the initialization/termination exit
AUIOMEIT and the output exit AUIOMECM must be defined to IMS Base Primitive Environment
(BPE).
Procedure
-
Add the following to the Operations Manager (OM) procedure:
PARM=('BPECFG=BPECONFG').
- In the OM procedure
PROCLIB DSN, add PROCLIB member
BPECONFG. - In the
BPECONFG PROCLIB member, add the following statement:
EXITMBR=(BPEOMXIT,OM) - In
PROCLIB member BPEOMXIT, in column two, add the
following two statements:
EXITDEF (TYPE=INITTERM,EXITS=(AUIOMEIT),ABLIM=0,COMP=OMEXITDEF (TYPE=OUTPUT,EXITS=(AUIOMECM),ABLIM=0,COMP=OM)
- You must include the
SAUIIMOD load library in the IMS OM procedure’s
STEPLIB concatenation. -
Set
AUIOMECM_EXIT(Y) and
IMSNAME_EQ_IMSSSID(Y) in the agent configuration file. You must
set IMSNAME_EQ_IMSSSID(Y) in the agent configuration file
because the IMS control region(s) are not required to run on the same LPAR as
the OM region, and the audited IMSID is not always available to the OM
exit.
- Optional: After installation, if you want AUIOMECM to not audit commands
entered from SPOC, add //AUIOME86 DD DUMMY to the IMS Operations Manager started task JCL and
restart Operations Manager. Subsequently, status messages are not written. You do not have to remove
the EXITDEF statements for AUIOMEIT and AUIOMECM from The BPEOMXIT member in PROCLIB. Note, however,
that this does not prevent the exits from being called; it only prevents them from auditing
commands. However, they do take the shortest code paths possible, then exit.