IBM Health Checker for z/OS

IBM® Health Checker for z/OS® is a z/OS component that installations can use to gather information about their system environment and system parameters to help identify potential configuration problems before they impact availability or cause outages. Individual products, z/OS components, or ISV software can provide checks that take advantage of the IBM Health Checker for z/OS framework.

For more information about IBM Health Checker for z/OS, see IBM Health Checker for z/OS: User's Guide.

z/OS Communications Server TCP/IP provides the following checks:
Start of changeStart of changeCSAPP_FTPD_ANONYMOUS_JESEnd of changeEnd of change
Start of changeStart of change Checks whether the following statements have been configured for an FTP server:
  • ANONYMOUS
  • ANONYMOUSLEVEL 3
  • ANONYMOUSFILETYPEJES FALSE
When ANONYMOUS FTP is allowed on the FTP server, it is recommended that the value specified for ANONYMOUSLEVEL be 3 and that the value specified for ANONYMOUSFILETYPEJES be FALSE. Otherwise, anonymous users can submit jobs to run on the system.End of changeEnd of change
Start of changeCSAPP_MVRSHD_RHOSTS_DATAEnd of change
Start of changeChecks whether the MVRSHD server is active and if an RSH client has been detected using RHOSTS.DATA datasets for authentication. The MVRSHD server supports the RSH and REXEC protocols which transfer user ID and password information in the clear. There is also the potential of weak authentication for RSH clients that use RHOSTS.DATA datasets. This authentication method allows remote command execution without requiring the RSH client to supply a password.End of change
Start of changeCSAPP_SMTPD_MAIL_RELAYEnd of change
Start of changeChecks whether the INBOUNDOPENLIMIT statement has been set to 0 in the SMTP configuration file. The SMTP server is implicitly exploitable by remote users as a mail relay when the INBOUNDOPENLIMIT statement is explicitly configured with a value other than 0 or is allowed to default to the value of 256.End of change
Start of changeCSAPP_SNMPAGENT_PUBLIC_COMMUNITYEnd of change
Start of changeChecks whether the SNMP agent has been configured with a community name of public. The community name of public is a well-known name and should not be used with community-based security due to security considerations.End of change
CSRES_AUTOQ_GLOBALTCPIPDATA
Checks whether the AUTOQUIESCE operand has been specified on the UNRESPONSIVETHRESHOLD resolver setup statement and that the GLOBALTCPIPDATA resolver setup statement has not been specified in the resolver setup file.
CSRES_AUTOQ_RESOLVEVIA
Checks whether the RESOLVEVIA statement has been specified with the value TCP in the global TCPIP.DATA file when the autonomic quiescing of unresponsive name servers function is active.
CSRES_AUTOQ_TIMEOUT
Checks whether the configured resolver timeout value in the global TCPIP.DATA file exceeds the optimal setting when the autonomic quiescing of unresponsive name servers function is active. By default, this check is performed once when the resolver is initialized and whenever a MODIFY REFRESH command is issued. This default value can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command.
CSTCP_CINET_PORTRNG_RSV_TCPIPstackname
Checks whether the port range specified by INADDRANYPORT and INADDRANYCOUNT in the BPXPRMxx parmlib member is reserved for OMVS on this stack, when operating in a CINET environment. A port range is reserved on a TCP/IP stack using the PORTRANGE TCP/IP profile statement. By default, this check is performed once at stack initialization. This default can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. The check name is suffixed by TCPIPstackname, which is the job name of each TCP/IP stack that is started, to define a separate check for each stack.
CSTCP_IPMAXRT4_TCPIPstackname
Checks whether the total number of IPv4 indirect routes in the TCP/IP stack routing table has exceeded the maximum threshold. When this threshold is exceeded, OMPROUTE and the TCP/IP stack can potentially experience high CPU consumption from routing changes. A large routing table is considered to be inefficient in network design and operation. By default, this check is performed at the following times:
  • Whenever the total number of indirect routes exceeds the maximum threshold (default 2000)
  • 30 minutes after stack initialization (provided that the maximum threshold has not been exceeded)
  • Specified interval (default 168 hours for weekly)
The defaults for the maximum threshold and interval can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. The check name is suffixed by TCPIPstackname, which is the job name of each TCP/IP stack that is started, to define a separate check for each stack.
CSTCP_IPMAXRT6_TCPIPstackname
Checks whether the total number of IPv6 indirect routes in the TCP/IP stack routing table has exceeded the maximum threshold. When this threshold is exceeded, OMPROUTE and the TCP/IP stack can potentially experience high CPU consumption from routing changes. A large routing table is considered to be inefficient in network design and operation. By default, this check is performed at the following times:
  • Whenever the total number of indirect routes exceeds the maximum threshold (default 2000)
  • 30 minutes after stack initialization (provided that the maximum threshold has not been exceeded)
  • Specified interval (default 168 hours for weekly)

The defaults for the maximum threshold and interval can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. The check name is suffixed by TCPIPstackname, which is the job name of each TCP/IP stack that is started, to define a separate check for each stack.

CSTCP_SYSTCPIP_CTRACE_TCPIPstackname
Checks whether TCP/IP Event Trace (SYSTCPIP) is active with options other than the default options (MINIMUM, INIT, OPCMDS, or OPMSGS). By default, this check will be performed once at stack initialization and then will be repeated once every 24 hours. This default can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. The check name is suffixed by TCPIPstackname, which is the job name of each TCP stack that is started, to define a separate check for each stack.
CSTCP_SYSPLEXMON_RECOV_TCPIPstackname
Checks whether the IPCONFIG DYNAMICXCF or IPCONFIG6 DYNAMICXCF parameters have been specified and the GLOBALCONFIG SYSPLEXMONITOR RECOVERY parameter has been specified. This check produces an exception message if the IPCONFIG DYNAMICXCF or IPCONFIG6 DYNAMICXCF parameters were specified, but the GLOBALCONFIG SYSPLEXMONITOR NORECOVERY parameter is in effect. By default, this check is performed once at stack initialization. This default can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. The check name is suffixed by TCPIPstackname, which is the job name of each TCP stack that is started, to define a separate check for each stack.
CSTCP_TCPMAXRCVBUFRSIZE_TCPIPstackname
Checks whether the configured TCP maximum receive buffer size is sufficient to provide optimal support to the z/OS Communications Server FTP Server. By default, this check is performed once at stack initialization and whenever a VARY TCPIP,,OBEYFILE command changes the TCPMAXRCVBUFRSIZE parameter. By default, it checks that TCPMAXRCVBUFRSIZE is at least 180K. These defaults can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. The check name is suffixed by TCPIPstackname, which is the job name of each TCP stack that is started, to define a separate check for each stack.
Start of changeZOSMIGV2R2_NEXT_CS_LEGACYDEVICEEnd of change
Start of changeChecks whether any TCP/IP profile statements for legacy device types have been configured on this system. The check pertains to the following profile statements:
  • LINK statement for links IBMTR and FDDI for DEVICE LCS
  • LINK statement for link IPAQTR for DEVICE MPCIPA
  • DEVICE and LINK statements for MPCOSA and its OSAENET and OSAFDDI links
By default, this check is inactive. This default can be overridden on either a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_SENDMAILDAEMNEnd of change
Start of changeChecks whether the sendmail daemon is in use on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_SENDMAILCLIENEnd of change
Start of changeChecks whether the sendmail client is in use on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_SENDMAILMTAEnd of change
Start of changeChecks whether sendmail is used as a Mail Transfer Agent (MTA) listening on port 25 on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_SENDMAILMSAEnd of change
Start of changeChecks whether sendmail is used as a Mail Submission Agent (MSA) listening on port 587 on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_SMTPDDAEMONEnd of change
Start of changeChecks whether the SMTPD daemon is in use on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_SMTPDMTAEnd of change
Start of changeChecks whether the SMTPD daemon is in use as a Mail Transfer Agent (MTA) listening on port 25 on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRMxx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change
Start of changeZOSMIGV2R2_Next_CS_TFTPEnd of change
Start of changeChecks whether the Trivial File Transfer Protocol (TFTP) daemon is in use on this system. By default, this check is inactive. This default can be overridden on a POLICY statement in the HZSPRM xx parmlib member or on a MODIFY command. If an IBM Health Checker for z/OS exception message is generated, migration must be performed.End of change