A fix is available
APAR status
Closed as new function.
Error description
This APAR provides a utility to gather security-relevant configuration information from various z/VM components.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All clients using CMS programs and * * applications * **************************************************************** * PROBLEM DESCRIPTION: Provision of the COMPEXTR security and * * compliance utility * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** This APAR provides a new CMS utility called COMPEXTR, which allows an authorized virtual machine to gather all security-relevant information on a local z/VM system, including information about TCP/IP and TLS usage, active CP settings, and RACF-relevant data. This allows a z/VM system administrator to gather data for internal or external audit through a single command, and allows for snapshots to be taken to measure compliance drift over time. The following changes are implemented by the updates provided via this APAR: * The COMPEXTR utility is introduced, which gathers security-relevant data from a running z/VM system. Appropriate authorizations are required in order to execute COMPEXTR. The COMPEXTR utility can be executed either from the CMS command line, or via a new Systems Management API call, System_Compliance_Information_Query. * RXCOMEXT MODULE supports the COMPEXTR utility. * COMPEXTR README provides a list of security settings gathered during execution. This content is provided in Markdown format for reference and verification purposes. * TESTPROD SAMPLE is a sample exit usable by system administrators or ISVs in order to add more security-relevant content to the execution of the COMPEXTR utility. * COMPEXTR HELPCMS for HELP information related to the COMPEXTR utility. * SYSCOMIQ HELPMSOC for HELP information related to the SMAPI System_Compliance_Information_Query API call. Publication change: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Publication Title: z/VM: CMS Commands and Utilities Reference Release: z/VM 7.3.0 Order number: SC24-6260-73 SC24626073 Updates related to the COMPEXTR utility are added, which describe its syntax and use, as well as use of the TESTPROD SAMPLE file. Publication Title: z/VM: Systems Management Application Programming Release: z/VM 7.3.0 Order number: SC24-6327-73 SC24632773 Updates related to the System_Information_Compliance_Query API, which describes its syntax and use in the context of SMAPI programming. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= For publication change details, consult the updated PDF instances of the aforementioned publications, which are available via this URL: https://www.ibm.com/docs/en/zvm/7.3
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
VM66646
Reported component name
VM CMS
Reported component ID
568411201
Reported release
730
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2022-10-21
Closed date
2023-06-16
Last modified date
2024-04-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UM90295
Modules/Macros
CMSUTIL CMSXLOAD COMPEXTR DMSBL493 DMSSIDAT DMSSIPRM DTCSMAPI RXCOMEXT SMAPI SMCFGDM SYSCOMIQ TESTPROD
SC24626073 | GC24629473 | GC24628673 | SC24632773 |
Fix information
Fixed component name
VM CMS
Fixed component ID
568411201
Applicable component levels
R730 PSY UM90295
UP23/06/26 P 2401
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG27M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"730"}]
Document Information
Modified date:
04 April 2024