Installing the Top Secret installation exit TSSINSTX (TSS only)

To use CA Top Secret (TSS) resources, BMC AMI Security Policy Manager requires use of the Top Secret installation exit (TSSINSTX) to capture events that happen within a Top Secret protected system. Security Policy Manager captures all Top Secret commands that are entered and any password changes that occur through the TSSINSTX exit.

Related topics

Installation-overview

Creating-ESM-resources

Installing

If your site does not currently use TSSINSTX, you can use the sample exit provided in the RSMSAMP library. BMC supplies a sample exit that utilizes a macro, ECIDYNX, which dynamically loads the exit code that is required for effective Security Policy Manager operation.

If your site uses TSSINSTX, it requires a modification for BMC code to be called. You must insert the supplied ECIDYNX macro into your site’s TSSINSTX.

BMC supplies exits designed to be pseudo-dynamically loaded. The ECIDYNX macro calls a dynamically loaded exit loaded by the master address space. After you apply maintenance to Security Policy Manager, which involves changes to exit routines, only the master address space needs to be restarted to activate the new exit code.

Using the ECIDYNX macro

Use the ECIDYNX macro to call the supplied exit routines from an existing exit routine.

Use the following statement:

ECIDYNX  NAME=TSSINSTX,TOKEN=RSMZDTEC

The statement uses the following values:

  • TSSINSTX is the name of the exit to be called.
  • {{code language="none"}}
    RSMZDTEC
    {{/code}}     is the name of the master address space token.

The ECIDYNX macro requires Register 1 to point to the original parameter list supplied by TSS when the exit was called.

Linkage

System exits that invoke the ECIDYNX macro must include ECIMSTXT from RSMLOAD.

Example

The full code for a sample exit is supplied in the RSMSAMP data set, in the TSSINSTX member.

Add the following code to the existing TSSINSTX exit routine after the matrix code.

***********************************************************************
*  Call RSS Exit                                                      *
***********************************************************************
          ECIDYNX  NAME=TSSINSTX,TOKEN=RSMWFCEC

Use the following sample JCL to assemble and link the sample TSSINSTX exit.

Note

To load the TSSINSTX exit, copy the compiled module in the same linklist library of CA TSS.

The following TSS command loads the TSSINSTX:

TSS MODIFY EXIT ON 

The library suffix is usually hlq.CAKOLINK, and when the command is correctly executed, TSS issues the following syslog message:

TSS9225I MODULE TSSINSTX mm/dd/yy LOADED FROM LIBRARY hlq.CAKOLINK

//ASM      EXEC PGM=ASMA90,                                      
// PARM=('SYSPARM(),LINECOUNT(0),SUPRWARN(042)',                 
// 'NOXREF,NODXREF,NORXREF,NOMXREF,NORLD,USING(NOMAP),RENT')     
//SYSLIB   DD DISP=SHR,DSN=<hlq>.SAMPLIB                         
//         DD DISP=SHR,DSN=SYS1.MACLIB                           
//         DD DISP=SHR,DSN=SYS1.MODGEN                           
//SYSUT1   DD UNIT=SYSDA,SPACE=(CYL,(3,2))                       
//SYSLIN   DD DISP=(,PASS),SPACE=(CYL,(5,0,0)),                  
//            DCB=BLKSIZE=400,DSN=&&EXIT                         
//SYSPRINT DD SYSOUT=*                                           
//SYSIN    DD DISP=SHR,DSN=<hlq>.SAMPLIB(TSSINSTX)               
//*                                                              
//LINK     EXEC PGM=IEWL,                                        
// PARM='LIST,XREF,LET,AMODE=31,RMODE=ANY,AC(1),CASE=MIXED,      
//             RENT,REUS'                                        
//RSMLOAD  DD DISP=SHR,DSN=<hlq>.RSMLOAD                         
//SYSLMOD  DD DISP=SHR,DSN=<hlq>.LOADLIB                         
//SYSUT1   DD UNIT=SYSDA,SPACE=(CYL,(3,2))                       
//SYSLIN   DD DISP=(OLD,DELETE),DSN=&&EXIT                       
//         DD *                                                  
  INCLUDE RSMLOAD(ECIMSTXT)                                      
  ENTRY TSSINSTX                                                 
  NAME TSSINSTX(R)                                               
//SYSPRINT DD SYSOUT=*                                           
//                                                               

Where to go from here

After you install the TSS installation exit, see Creating-ESM-resources and Configuring-ESM-definitions.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*