VM/BATCH Following was contributed to AuditNet LLC by (Rey LeClerc) rey@massusa.net Objective: To ensure that adequate security procedures have been established over VM BATCH. Audit Program 1. Obtain and review the VMBATCH configuration file. Key files for the VMBATCH configuration file that should be reviewed here are: - ACCESS - identifies the VMBATCH database minidisks. these are restricted to the appropriate users only. Make sure that
- AUTHORIZ - this record grants VMBATCH subcommand authorizations to the specified users. Determine who has access to the ADMIN, OPERATOR, MANAGER, and installation defined (if there are any) VMBATCH authorizations. Verify that only the appropriate individuals have these capabilities. - DIRECT - contains the virtual address of the read-only link between VMBATCH and the CP object directory minidisk. Verify that access has been provided only on an as needed basis. - NODE - identified any RSCS nodes to be considered as part of a multiple-CPU VMBATCH configuration. If this is defined, its also specifies various processing options for each node in this configuration. - NOUSERIDF - controls whether a job can run on a remote VMBATCH system when the submitting User-ID can not be found on the remote system. - PREVENT - this record specifies any exceptions to the authorizations granted ion the AUTHORIZ record. Review this in conjunction with the AUTHORIZ record. - RESOURCE - allows the identification of special resources provided to certain worker machines. This is significant only where the RESOURCE is coded in the WORKER record and is used to control the foundations of a WORKER machine.
�- USEREXIT - these optional records are used to specify the filenames of user routines to receive control at various points in VMBATCH's operation. Determine whether any exits are being used, and if so, which ones. Obtain the source code for these exits and review them. Briefly describe their function and evaluate their effect on VMBATCH controls. - WORKER - specifies the User-IDs and characteristics of the worker machines. Identify the production worker machines and the applications specifically designated to them (in environment that have made associations between the worker machines and specific applications). 2. Identify the users and groups that have been provided with access to the production worker machines. This can be determined by reviewing the VMBATCH user and group limits. a. Using the VMBATCH configuration file, determine whether any of the AUTHORIZ USER users are defined in (VMBATCH configuration file's) GROUP records. GROUP records identify the User-IDs or subgroups that belong to specified group. It also identified group managers. User and groups can be only belong to one group; in the event that multiple entries of this type have been made, VMBATCH insiders only the first entry to be valid. If the GROUP definitions rely on ACIGROUP definitions, review the CP directory to determine the User-IDs of the group member entries. Identify any AUTHORIZ USER User-IDs that are not in the GROUP definitions (e.g., those missing ACIGROPU definitions in their CP directory entries, where ACIGROUP definitions are being relied upon). b. Signon to VMBATCH from a valid VMBATCH MANAGER account (the configuration file AUTHOR MANAGER - and PREVENT - records specify who can perform this function. From the Manager Function Menu, select LIMIT. Select CHANGE, specifying each AUTHOR USER entry listed in the VMBATCH configuration file. Evaluate the limits on the groups for the AUTHORIZ USER User-IDs first (i.e.
�the User-IDs defined to the GROUP records). This is because group level limits override user level limits ( and system level limits and user level limits). Compare these limits with the characteristics defined to the production worker machines in the WORKER records of the VMBATCH configuration file). Determine who can run their jobs under the production WORKER User-IDs.
Reference Manual VMBATCH System Administrators' Manual VMBATCH User's and Group Manager's Guide
�