IBM Support

VM66646: QUERY SYSTEMS SECURITY AND COMPLIANCE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • This APAR provides a utility to gather security-relevant
    configuration information from various z/VM components.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All clients using CMS programs and           *
    *                 applications                                 *
    ****************************************************************
    * PROBLEM DESCRIPTION: Provision of the COMPEXTR security and  *
    *                      compliance utility                      *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
    This APAR provides a new CMS utility called COMPEXTR, which
    allows an authorized virtual machine to gather
    all security-relevant information on a local z/VM system,
    including information about TCP/IP and TLS usage,
    active CP settings, and RACF-relevant data. This allows a
    z/VM system administrator to gather data for
    internal or external audit through a single command, and
    allows for snapshots to be taken to measure compliance
    drift over time.
    
    The following changes are implemented by the updates
    provided via this APAR:
    
    * The COMPEXTR utility is introduced, which gathers
    security-relevant data from a running z/VM system.
    Appropriate authorizations are required in order to
    execute COMPEXTR. The COMPEXTR utility can be executed
    either from the CMS command line, or via a new Systems
    Management API call, System_Compliance_Information_Query.
    * RXCOMEXT MODULE supports the COMPEXTR utility.
    * COMPEXTR README provides a list of security settings
    gathered during execution. This content is provided in
    Markdown format for reference and verification purposes.
    * TESTPROD SAMPLE is a sample exit usable by system
    administrators or ISVs in order to add more security-relevant
    content to the execution of the COMPEXTR utility.
    * COMPEXTR HELPCMS for HELP information related to the
    COMPEXTR utility.
    * SYSCOMIQ HELPMSOC for HELP information related to the
    SMAPI System_Compliance_Information_Query API call.
    
    Publication change:
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    
    Publication Title: z/VM: CMS Commands and Utilities Reference
    Release:      z/VM 7.3.0
    Order number: SC24-6260-73    SC24626073
    
    Updates related to the COMPEXTR utility are added, which
    describe its syntax and use, as well as use of the
    TESTPROD SAMPLE file.
    
    
    Publication Title: z/VM: Systems Management Application
    Programming
    Release:      z/VM 7.3.0
    Order number: SC24-6327-73    SC24632773
    
    Updates related to the System_Information_Compliance_Query
    API, which describes its syntax and use in the
    context of SMAPI programming.
    
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    
    For publication change details, consult the updated PDF
    instances of the aforementioned publications, which are
    available via this URL:
    
      https://www.ibm.com/docs/en/zvm/7.3
    

Problem conclusion

Temporary fix

  • FOR RELEASE ES-CMS-730-BASE :
    PREREQ: VM66453 VM66626
    CO-REQ: NONE
    IF-REQ: NONE
    

Comments

APAR Information

  • APAR number

    VM66646

  • Reported component name

    VM CMS

  • Reported component ID

    568411201

  • Reported release

    730

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2022-10-21

  • Closed date

    2023-06-16

  • Last modified date

    2024-04-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UM90295

Modules/Macros

  • CMSUTIL  CMSXLOAD COMPEXTR DMSBL493 DMSSIDAT DMSSIPRM DTCSMAPI
    RXCOMEXT SMAPI    SMCFGDM  SYSCOMIQ TESTPROD
    

Publications Referenced
SC24626073GC24629473GC24628673SC24632773 

Fix information

  • Fixed component name

    VM CMS

  • Fixed component ID

    568411201

Applicable component levels

  • R730 PSY UM90295

       UP23/06/26 P 2401  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG27M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"730"}]

Document Information

Modified date:
04 April 2024