Customizing for BMC AMI IND$defender
This topic describes how to customize BMC AMI Defender for z/OS for IND$defender.
SYS1.PARMLIB member IKJTSOxx
You must add CZAWSMFT as an AUTHTSF program to the relevant IKJTSOxx member in your SYS1.PARMLIB concatenation. AUTHTSF is discussed in the IBM documentation. You (or an authorized system programmer) must then issue the TSO command.
PARMLIB UPDATE(xx)
where xx is your IKJTSOxx suffix.
Replacing IND$FILE for TSO users with IND$defender
You must configure your system such that TSO file transfer users invoke IND$defender (module CZAIND$D, aliases IND$FILE and APVUFILE) rather than invoking IBM IND$FILE. You might do this in one of the three ways. The choice depends on your system configuration and your preferences. Also, see Important security note.
BMC AMI Defender load library as TSO session STEPLIB
This method is recommended only if all of your existing TSO session STEPLIB data sets are APF-authorized. It does not work if any data sets in the TSO session STEPLIB concatenation are not APF-authorized.
You can add the BMC AMI Defender for z/OS load library, or another APF-authorized load library where CZAIND$D and CZAWSMFT is moved or copied, to the TSO startup procedure STEPLIB concatenation. BMC AMI Defender for z/OS load library must be ahead of any library containing IBM IND$FILE (normally SYS1.CMDLIB). Placing BMC AMI Defender for z/OS load library first in the concatenation is recommended, such as:
//STEPLIB DD DISP=SHR,DSN=<amihlq>.CZAGENT.LOAD
// DD DISP=SHR,DSN=REXX.SEAGLPA
// DD DISP=SHR,DSN=SYSP.LOADLIB
// DD DISP=SHR,DSN=SYS1.SHASMIG
Adding BMC AMI Defender load Library to the LINKLIST
This method is recommended only if some of the data sets in your TSO session startup procedure are not APF-authorized.
Add BMC AMI Defender for z/OS load library, amihlq.CZAGENT.LOAD to your installation linklist by placing a statement similar to the following in the PROGxx member of your SYS1.PARMLIB concatenation:
You also have to specify a VOLUME parameter if BMC AMI Defender for z/OS load library is not cataloged in the master catalog.
You must specify BMC AMI Defender for z/OS load library ahead of any data set containing IBM IND$FILE, normally SYS1.CMDLIB.
Refresh the link-list with the command SET PROG=xx or
SETPROG LNKLST,…
Copying
This method is recommended only if some of the data sets in your TSO session startup procedure are not APF-authorized and for some reason do not add BMC AMI Defender for z/OS load library to your link-list. Use IEBCOPY or ISPF function 3.3 to copy CZAWSMFT, and CZAIND$D and its aliases IND$FILE and APVUFILE to a link-listed load library. You should copy them to a library that is ahead of any library containing IBM IND$FILE, normally SYS1.CMDLIB.
Important security note
SMF configuration
If you configure IND$defender or allow the configuration to default logging IND$FILE events using SMF, you must also configure z/OS SMF to allow the recording of the relevant SMF record type, by default Type 202. z/OS SMF configuration is discussed in some detail in BMC AMI Defender for z/OS Installation and Operation in the section checking the configuration of SMF and other z/OS subsystems, TYPE parameters. Briefly, you must specify SYS(TYPE(… 202 …)) in the SYS1.PARMLIB concatenation member SMFPRMxx. If you fail to enable Type 202 correctly, then the startupBMC AMI Defender for z/OS displays message CZA0278W. No specified subsystem configured to write SMF Type 202 records in SYSx.PARMLIB(SMFPRMxx) and you do not receive IND$FILE events at your syslog server.
Related topics