VM66646: QUERY SYSTEMS SECURITY AND COMPLIANCE

Obtain the fix for this APAR.

APAR status

• Closed as new function.

Error description

• This APAR provides a utility to gather security-relevant
  configuration information from various z/VM components.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All clients using CMS programs and           *
  *                 applications                                 *
  ****************************************************************
  * PROBLEM DESCRIPTION: Provision of the COMPEXTR security and  *
  *                      compliance utility                      *
  ****************************************************************
  * RECOMMENDATION: APPLY PTF                                    *
  ****************************************************************
  This APAR provides a new CMS utility called COMPEXTR, which
  allows an authorized virtual machine to gather
  all security-relevant information on a local z/VM system,
  including information about TCP/IP and TLS usage,
  active CP settings, and RACF-relevant data. This allows a
  z/VM system administrator to gather data for
  internal or external audit through a single command, and
  allows for snapshots to be taken to measure compliance
  drift over time.
  
  The following changes are implemented by the updates
  provided via this APAR:
  
  * The COMPEXTR utility is introduced, which gathers
  security-relevant data from a running z/VM system.
  Appropriate authorizations are required in order to
  execute COMPEXTR. The COMPEXTR utility can be executed
  either from the CMS command line, or via a new Systems
  Management API call, System_Compliance_Information_Query.
  * RXCOMEXT MODULE supports the COMPEXTR utility.
  * COMPEXTR README provides a list of security settings
  gathered during execution. This content is provided in
  Markdown format for reference and verification purposes.
  * TESTPROD SAMPLE is a sample exit usable by system
  administrators or ISVs in order to add more security-relevant
  content to the execution of the COMPEXTR utility.
  * COMPEXTR HELPCMS for HELP information related to the
  COMPEXTR utility.
  * SYSCOMIQ HELPMSOC for HELP information related to the
  SMAPI System_Compliance_Information_Query API call.
  
  Publication change:
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
  Publication Title: z/VM: CMS Commands and Utilities Reference
  Release:      z/VM 7.3.0
  Order number: SC24-6260-73    SC24626073
  
  Updates related to the COMPEXTR utility are added, which
  describe its syntax and use, as well as use of the
  TESTPROD SAMPLE file.
  
  
  Publication Title: z/VM: Systems Management Application
  Programming
  Release:      z/VM 7.3.0
  Order number: SC24-6327-73    SC24632773
  
  Updates related to the System_Information_Compliance_Query
  API, which describes its syntax and use in the
  context of SMAPI programming.
  
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
  For publication change details, consult the updated PDF
  instances of the aforementioned publications, which are
  available via this URL:
  
    https://www.ibm.com/docs/en/zvm/7.3
  

Problem conclusion

Temporary fix

• FOR RELEASE ES-CMS-730-BASE :
  PREREQ: VM66453 VM66626
  CO-REQ: NONE
  IF-REQ: NONE
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UM90295

Modules/Macros

• CMSUTIL  CMSXLOAD COMPEXTR DMSBL493 DMSSIDAT DMSSIPRM DTCSMAPI
  RXCOMEXT SMAPI    SMCFGDM  SYSCOMIQ TESTPROD
  

Fix information

• Fixed component name

  VM CMS

• Fixed component ID

  568411201

Applicable component levels

• R730 PSY UM90295

     UP23/06/26 P 2401  

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.