RACF - Securing z/OS UNIX

Course:  RACUNX
Duration:  2 Days
Level:  II
Course Summary

This course is essential for anyone who intends to assume responsibility for maintaining z/OS Unix controls or wants to verify their z/OS Unix environment is properly secured and monitored. Participants will gain a solid understanding of z/OS Unix and how it can be secured in a system protected by RACF. The course will explore the assignment of user UID and group GID Unix identities and offer best practices for managing them. Powerful Daemon and Superuser authorities will be discussed along with guidance on their assignment and alternatives offered by UNIXPRIV profiles. Considerable time and attention will be devoted to file and directory access controls. Participants will learn how permission bits and Extended Access Control Lists (ACLs) grant access as well as how UNIXPRIV profiles influence access authorization. Techniques and best practices for granting permissions will be provided. The course includes descriptions and lab exercises for all commands used for administering permissions.

« Hide The Details
Topics Covered In This Course

Introduction to z/OS Unix

  • Overview, background, & functions
  • OMVS Procedure & BPXPRMxx parameters
  • Unix File System
  • /etc Configuration Files
  • Security Levels

Users & Groups

  • Introduction to Unix uids and gids
  • OMVS user and group profile segments
  • User Security Packet (USP)
  • Real, Effective, & Saved UID
  • Supplemental GIDs
  • Automatic ID assignment
  • Preventing duplicate UID assignment
  • Default User - BPX.DEFAULT.USER
  • Surrogate authority

High Level Authorities

  • Daemons
  • Servers
  • Superuser
  • PRIVILEGED & TRUSTED Started Tasks
  • FACILITY class BPX profiles & authorities
  • UNIXPRIV class profiles and authorities

Program Controls & Attributes

  • Maintaining a clean program environment
  • Program profiles & libraries
  • File extended attributes & authorities

File System Security

  • Physical & Logical File System
  • Navigating the directory structure
  • File Security Packet (FSP)
  • RACF's role in file access authorization
  • Setuid and Setgid
  • Listing the FSP
  • Superuser, Owner, Group, & Other authority
  • Permissions bitsExtended Access Control Lists (ACLs)
  • Access permit levels
  • UNIXPRIV class profiles affecting authorization
  • Access authorization logic

Monitoring & Logging

  • User auditing
  • File and directory audit bits
  • UNIXPRIV profile auditing
  • SMF options & other factors effecting auditing
  • Reporting tools - SMF unload & RACFICE

Other Control Issues

  • FACILITY & FIELD class administration profiles
  • Identity Mapping - UNIXMAP & AIM
  • Performance Tuning
What You Can Expect

On completing this course, students will have learned:

  • Security-related z/OS Unix configuration options
  • How z/OS Unix UIDs and GIDs are assigned
  • Ways to grant full and limited Superuser authority
  • Controlling Daemons and Servers
  • How file and directory access is permitted
  • Effective use of UNIXPRIV profiles
  • Best practices for using permission bits and ACLs
  • Ensuring security access events are logged
Who Should Take This Course
  • RACF Administrators & Analysts who want to take control of z/OS Unix security
  • IT Auditors seeking to ensure regulatory compliance
  • Systems Programmers who provide Unix and RACF technical support or implement system controls
Recommended Prerequisites

Completion of an introductory RACF Administration course or equivalent RACF experience.

Training Style

Instructor-led with hands-on lab sessions.

« Hide The Details
Related Courses
Code Course Title Duration Level
zFS Exploitation
2 Days
5 Days
RACF Administration
4 Days
UNIX System Services for z/OS
3 Days

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]