IMAGE SENTRY 5.1.0 /*******************************Important Notice*****************************/ /* */ /* NewEra Software is always enhancing and updating its Software Products. */ /* If you are installing from the NewEra Product CD, it is considered best */ /* to contact NewEra Technical Support prior to installation and determine */ /* if a more current release is available. The latest product releases are */ /* always available for download from the NewEra Web Site, www.newera.com. */ /* */ /* NewEra Technical Support, 1.800.421.5035 or support@newera.com */ /* */ /*******************************Important Notice*****************************/ /*=================== What's new in IMAGE SENTRY 5.1.0 ===================*/ IMAGE Sentry is a replacement for IMAGE Analysis. /*============= What's new in IMAGE SENTRY 5.1.0 Patch 1 =====================*/ 1. The APF List parsing routine has been corrected to accommodate APF ADD entries that span multiple lines. This should correct the problem reported from CUNA that the DSNLst Database build showed a value of '0' for All Datasets. 2. A check has been added to the DSNLst Audit Build to check for '0' APF List Datasets. If this condition exist a warning is displayed and the program returns to the prior menu. This should correct the problem reported from CUNA that indicated that their was a math error from failure to initialize the VARIABLE "USRDUPS". 3. A number of message displays have been added to accompany the DSNLst Data Base building process. This messages carry unique Return Codes i.e. (RC1) to indicate the point of entry into the build process. These should be noted so that they can be reported to technical support in the event of a system failure. 4. Message displays have been added to accompany the DSNLst Data Base building process in order to distinguish a build using the Dynamic Inspector (The Running System) or a IMAGE Inspection (A Remote System) each carries a unique Message and/or Return Code. These should be noted so that that can be reported to technical support in the event of a system failure. 5. The JCL used to call IFOBATA is now displayed in ISPF Edit prior to job submission. Care should be taken if it is necessary to edit Job Accounting information not to invalidate other entries. This is an intermediate enhancement. 6. The IEDITOR option has been removed from the IMAGE Sentry primary menu. The IEDITOR is still an optional command when working within the Member Worksheet. 7. The IREPORTS has been upgraded with numerous new Parmlib Audit Reports. A - Why IMAGE Sentry? IMAGE Focus IMAGE Focus is a unique System Management Application that systematically identifies, locates and inspects the thousands of critical parameters in a z/OS Sysplex of Images and subsystems. It supports real-time Image Change Control by monitoring and reporting on events that would result in an IPL failure. IMAGE Configuration Files, which are shared with the NewEra products IMAGE Sentry and Stand Alone Environment (SAE), are automatically created as Images are inspected and documented. IMAGE Sentry IMAGE Sentry enhances and extends IMAGE Focus by providing a set of additional Image Management Tools that can assist you in understand and tracking configuration change and preparing for an Information System audit. Working together IMAGE Focus and IMAGE Sentry provide a continuum of adaptable Level One and Level Two Audit Solutions. Level One Audit Solutions Level One Solutions are repetitive, structured and automatic activities. They benefit z/OS technical and security professionals while they perform other more pressing tasks by providing constant integrity surveillance and guidance. Typically the focus of a Level One Solution is at the Volume, System Dataset, Parmlib Member and Subsystem configuration definition level. The end result is an ongoing awareness of change events that could result in z/OS vulnerability and/or inoperability. The typical frequency of notification will vary from daily to weekly depending on your assessment of your organization’s change dynamics. Nonetheless, the repetitiveness and structure of Level One Solutions will result in standard reports that can be used to certify practices designed to ensure the ongoing operational resilience of the z/OS environment. Level Two Audit Solutions Level Two Solutions are designed to address issues unanswered at Level One. Typically these are concerns about specific modules, EXIT and SVC attributes. These queries will often arise during internal and/or external Information System audits. Appreciate, of course, that while the level of generally available knowledge concerning the conduct of such audits will be high within this auditing community, specific knowledge of z/OS will not. Level Two Solutions address this issue by providing z/OS technical and security staff with preprogrammed techniques that will satisfy at least 75% of standard audit requests and ad hoc methods of addressing the remainder. In addition, when compliance requires a in-depth understanding of change and/or alert event tracking, Level Two Solutions will prove technically and economically useful. B - Installing IMAGE Sentry: Transferring IMAGE Sentry to your Host IMAGE Sentry and its components are available as downloads only. Once you have selected a product and downloaded it to your desktop, you must self-extract it and move the INSTALL component to your HOST system for execution. Normally the transfer of INSTALL to your MVS system is done using a TSO File Transfer program. This file transfer is done in BINARY and not in ASCII/EBCDIC format. Before you attempt to move INSTALL to your HOST, you will want to pre-allocate a destination dataset with the correct DCB attributes. Pre-allocating the destination dataset on your Host: On the HOST system, the destination dataset must be: RECFM=FB, LRECL=80, BLKSIZE=27920. The dataset will require about 21 CYL on a 3390. Transfer the INSTALL file to your MVS system: Normally the transfer of INSTALL to your MVS system is done using a TSO File Transfer program. When transferring the file to MVS, specify BINARY. An example of the Allocate Screen you will use is shown on the next page. Sample TSO Option 3.2 - Allocation Panel Allocate New Data Set Command ===> Data Set Name . . . : prefix.INSTALL Management class . . . (Blank for default management class) Storage class . . . . (Blank for default storage class) Volume serial . . . . (Blank for system default volume) Device type . . . . . (Generic unit or device address) Data class . . . . . . (Blank for default data class) Space units . . . . . CYLINDER (BLKS, TRKS, CYLS, KB, MB, BYTES or RECORDS) Average record unit (M, K, or U) Primary quantity . . 21 (In above units) Secondary quantity 2 (In above units) Directory blocks . . 0 (Zero for sequential data set) Record format . . . .FB Record length . . . .80 Block size . . . . .27920 Data set name type : (LIBRARY, HFS, PDS, or blank) (YY/MM/DD, YYYY/MM/DD Expiration date . . . YY.DDD, YYYY.DDD in Julian form Enter "/" to select option DDDD for retention period in days Allocate Multiple Volumes or blank) Where prefix is your TSO Prefix. If you encounter problems during the file download, you should email NewEra Technical Support at: support@newera.com Modifying the JOB CARD to Site Standards Now that you have the file INSTALL on your HOST, modify the JOB card and the PROC statement with your installation specific information. //INSTALL JOB 1,'INSTALL SENTRY', <===== MODIFY // CLASS=A, <===== MODIFY // MSGCLASS=A <===== MODIFY //******************************************************************* //* * //* JOB: INSTALL FUNCTION: INSTALL FROM INLINE DATA * //* * //* * //* STEP:LKED1 LINK EDITS THE LOAD PROGRAM * //* STEP:LOAD VERIFIES JOBSTREAM * //* STEP:ALCDSN ALLOCATES THE SENTRY DATASETS * //* STEP:UPDAT1 CREATES THE TEMPLIB USING IEBUPDTE * //* STEP:BLDLIBS COPIES DATA INTO THE SENTRY DATASETS * //* STEP:LKED2 LINK EDITS AN INSTALL PROGRAM * //* STEP:PREP RUNS AN INSTALL PROGRAM * //* STEP:UPDAT2 LOADS THE OBJECT CODE PDS * //* STEP:LKED3 LINKS THE RENT RUNTIME MODULES * //* STEP:LKED4 LINKS THE NON-RENT RUNTIME MODULES * //* STEP:COPY1 COPIES THE SENTRY MEMBER TO A TEMP DATA SET * //* STEP:UPDAT3 UPDATES THE SENTRY MODULE * //* STEP:COPY2 COPIES THE SENTRY MEMBER BACK * //* STEP:DELCOPY DELETES DATASETS IF QUALIFIERS NOT VALID * //* STEP:DELTMP DELETES TEMPORARY INSTALL DATASET(S) * //* * //******************************************************************* //* SENPRFX - THE PARAMETER THAT DEFINES THE FULLY QUALIFIED NAME * //* OF THE DATA SET USED TO HOUSE IMAGE SENTRY REXX * //* EXEC AND RELATED ISPF APPLICATION PANELS. THE DATA * //* SET CREATED WILL BE A PDSE. * //* * //* SENPRFX = PREFIX.URFILE * //* WHERE PREFIX AND URFILE ARE: * //* * //* PREFIX - THE FIRST QUALIFIER(s) OF THE DATA SET USED TO HOUSE * //* THE IMAGE SENTRY REXX EXEC AND RELATED ISPF * //* APPLICATION PANELS. PREFIX MAY CONTAIN ONE OR TWO * //* QUALIFIERS. * //* * //* EXAMPLE PREFIX = DEMO.IFOCUS OR * //* PREFIX = DEMO * //* * //* URFILE - THE LOW QUALIFER OF A DATA SET USED TO HOUSE THE * //* IMAGE SENTRY REXX EXEC AND RELATED ISPF APPLICATION * //* PANELS. URFILE MUST CONTAIN ONLY ONE QUALIFIER. * //* * //* EXAMPLE URFILE = SENTRY * //* * //* DSKUNIT - UNIT NAME FOR SENTRY DATASETS * //* * //* DSKVOLU - VOLUME SERIAL NUMBER FOR SENTRY DATASETS * //* * //* USRPRFX - USER HLQ FOR SENTRY GENERATED TEMPORARY DATASETS. * //* THE VALUE MUST CONFORM TO THE RULES USED FOR HLQ * //* ONLY ONE QUALIFIER CAN BE USED. * //* IF NONE IS SPECIFIED THE TSO USERID WILL BE USED. * //* * //INSTALL PROC SENPRFX='PREFIX.URFILE', <===== MODIFY DSN // DSKUNIT=3390, <===== MODIFY DISK UNIT // DSKVOLU=??????, <===== MODIFY VOL SERIAL // USRPRFX='NONE' <===== MODIFY USER HLQ //* //* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *** //* *** //* DO NOT MAKE ANY MODIFICATIONS TO THE FILE AFTER THIS LINE *** //* *** //* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *** Where: SENPRFX = The parameter that defines the fully qualified name of the dataset used to house IMAGE SENTRY REXX EXEC and related ISPF application panels. The dataset created will be a PDSE. SENPRFX = PREFIX.URFILE Where PREFIX and URFILE are: PREFIX - The first qualifier(s) of the data set used to house the IMAGE SENTRY REXX EXEC and related ISPF application panels. PREFIX may contain one or two qualifiers. Example PREFIX = DEMO.IFOCUS or PREFIX = DEMO URFILE - The low qualifier of a dataset used to house the IMAGE SENTRY REXX EXEC and related application panels. Example URFILE = SENTRY DSKUNIT = UNIT name for SENTRY DATASETS. Example: 3390 DSKVOLU = VOLUME SERIAL NUMBER for SENTRY DATASETS. USRPRFX = User HLQ for SENTRY generated temporary datasets. the value must conform to the rules used for HLQ. Only one qualifier can be used. If NONE is specified the TSO USER ID will be used. C - Integrating Sentry into IMAGE Focus Once Sentry is Installed you will next need to integrate it into IMAGE Focus. To do this you will need to navigate to the Custom Application Definition Panel shown below. To do this select Definitions from the IMAGE Focus Main Menu, then Custom, then Applications. This will display the Custom Application Selection Menu. Now Select Sentry from the menu to display the following panel. The Sentry Application Definition Panel is predefined with the exception of the value 'DATASET NAME' which you will need to provide. The name must match the prefix.URFILE values assigned during installation. Custom Application Definition Panel Image Focus Define Custom Application COMMAND ===> Name : SENTRY (Name of Application) Title ===> SENTRY (1 to 32 Character Title) APPICATION PROGRAM Line Command Chars: (2 Character Line Commands) ===> IS ===> IC ===> ===> ===> ===> Rexx Program Name ===> SENTRY (7 Characters) Rexx Program Resides in: (fully qualified Data Set Name) Data Set Name ===> P390P.DSRPT Volume Serial ===> REPORTS Indexed Report member select extracts full report? Y (Y/N) Indexed Report members allowed: ===> * ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> Inspection Reports allowed: (Y/N) Workbench: Sysplex ===> Y Sysplex Release ===> N Single Image ===> Y Subsystem ===> N Production: Sysplex ===> N Accessing Sentry for the First Time Under IMAGE Focus Now that IMAGE Sentry is Installed you can test the installation by going to the IMAGE Focus Workbench, Selecting a IMAGE to Work with and running a new IMAGE Inspection. When the Inspection is complete the IMAGE Inspection Index will be displayed. If the value SENTRY and IS appear in the panel your installation is successful. IMAGE Inspection Index Report Image Focus - IMAGE Report Index for IMAGE01 Row 1 to 32 of 91 COMMAND ===> SCROLL ===> 0005 SORT ===> R (R - Result; M - Member; S - Sequence) Line Commands: S - Select E - Edit Mode Report Line Commands Report Line Commands INDEX SF M P SENTRY IS IC Report Filtering for SF, M, and P line commands: Report Level ==> 1 (1, 2, 3, or 4) Member Display ==> Y (Y/N) LINE Member Status Insp. Record CMD Name Code Name Count .. ++ALL WARNING 5.0 P20. 7812 .. +JES2 WARNING JES2 883 .. +TCPIP NOTICE TCPIP 912 .. PROG00 NOTICE OPSYS 284 .. +DSN_RPT OK OPSYS 525 .. +HEADER OK OPSYS 5 .. +IODF OK OPSYS 1 .. +IODF OK OPSYS 8 .. +IPLINFO OK OPSYS 31 If the installation is successful you can now enter the 'IS' Line Command on the line with the Member Name '++ALL' and press enter. This will display the IMAGE Sentry Main Menu as shown below. IMAGE Inspection Index Report ------------------------------ IMAGE Sentry Main Menu ------------------------------ ----------------------- System/Sysplex Pair - P390/ADCDPL ------------------------ Line Command: S - Select -Cm- -Option- --------- Application Description --------- .. IReport > Access IMAGE Reports: Getting Audit Ready .. IEditor > Update Parmlib Member: Controlled Editing .. IAudits > Update DNSLst Audit: APF, LNK, LPA, USRLst .. IChange > Access BluePrint: Changes, Events & Alerts To continue select or place cursor under an Option & press enter. D - Running under TSO If you intend to run IMAGE Sentry outside of IMAGE Focus, you will want to get an authorization code from NewEra Technical Support. support@newera.com Once you have the code, you may authorize your use of IMAGE Sentry in one of two ways. First, during the installation process you can enter the code in the Installation Job by overtyping the value of BCODE=. A segment of the Install Job is shown below: Install Job Segment /****************************************************************************/ /* Authorization Control Card */ /****************************************************************************/ /* The IMAGE Sentry is automatically fully authorized for 90days. */ /* You may change this default authorization by overtyping the value shown */ /* with Authorization Codes provided to you by NewEra Technical Support. */ /****************************************************************************/ BCODE=BUILDRAUTHCODE Second, if you have already installed, logon to IMAGE Sentry, when the Main Menu is displayed, place an "L" after the Sentry Selection Pointer and press enter. The Sentry License Record for the installation CPU is displayed. Now following the instructions given by Technical Support, update either or all of the Terms, Products or Authorization Code Fields and press enter. You will be asked to confirm the License Update. When you confirm, the license will be validated. If the validation fails, a message will be displayed and you will be placed back in the License Record. Product License Record -------------------- IMAGE Sentry License Record - CPU 010F89 ----------------- The Product Licensing Variables for the CPU noted above are shown below. If you would like to change the Term of your license or the Products to which you have access, contact NewEra for a New Authorization Code. support@newera.com - 1.800.421.5035 - 1.408.201.7000 Product License Variables: Terms == BT Products == 0768 Authorization Code == 3CDEA875F7F532 Update License Now ==> N NewEra Software, Inc. Our Job? Help you avoid problems and improve IPL integrity. =================================End of Read Me=====================================