SDSF: System Display and Search Facility Review Following was contributed to AuditNet LLC by (Rey LeClerc) rey@massusa.net Objective: To ensure that adequate security procedures have been established over SDSF. General Description: The System Display and Search Facility (SDSF) is a system management tool that allows users to efficiently monitor and control the operations of an MVS/JES2 system. Audit Program 1. Ascertain whether any user exit routines have been established that could affect the SDSF user authorization methodology at this installation. a. Obtain the source code for the user exit module currently being used. This module supplements the standards SDSF authorization module, i.e. ISFPARMS (reviewed below in audit step #2). It is called ISF and is always present. b. Review the ISFUSER module to determine its functions. Evaluate its effect on the SDSF authorization environment and consider its impact when reviewing the ISFPARMS in the next audit step. There are seven SDSF exit points available in the ISFUSER module. These are: the installation exit point; the command authority installation exit point; the SYSOUT display installation exit point; the SDSF termination exit point; the pre-SAF exit point; the SAF indeterminate exit point; and the table build exit point. Note: As supplied by IBM, ISFUSER performs no authorization functions. The complete module as provided by IBM is documented in the SDSF Guide and Reference Manual (in the Customizing and Maintaining SDSF section). Compare the code shown in this document to the installation's ISFUSER to determine whether any changes have been made. 2. Determine the impact of the specified SDSF parameters on the controls in the
�effect at this data center. a. Obtain the source code of the SDSF initialization and user authorization parameters defined in the ISFPARMS module. b. Review the ISFGRP macro. Identify any occurrences where sensitive group function parameters have been set to allow the execution of powerful capabilities. Some of these parameters include: 1) ACTION= (the default is NONE).
2) AUTH = 3) CMDAUTH =
4) CMDLVL = x, where x is a digit from 0 to 7, increasing the level of authority (the default is 0). 5) DSPAUTH = Display authority. display all output jobs. 6) 7) Note that ALL gives the user ability to
XDSPD = x , cannot display files with the prefix = x. IDSPD = x, can display jobs including those with the prefix = x.
c. For those groups defined with sensitive SDSF authorities in the above procedure, evaluate whether access has been appropriately defined to restrict access to sensitive SDSF capabilities to only those individuals that require to perform their job functions. 3. Verify that the SDSF product libraries have adequate data set protection. a. Obtain the names of the SDSF executable and LPA library. provided names are, respectively, ISF.V1R2M0.ISFLOAD and ISF.V1R2M0.ISFLPA. Vendor
b. Determine the individuals that are directly responsible for maintaining the product (i.e. the system programmers). c. Examine the data set access rules/profiles to ensure that update access is restricted to those individuals responsible for maintaining the product.
�