Application: system security macro (TPR)
Macro type: GC type (C form, D form, E form, L form, M form)
SAT can be called from a system exit. The $SATANY interface allows privileged users to write data of their own into the SAT logging file. If $SATANY is used in exit routine 110, a protection mechanism prevents recursive exit routine calls. The ANY event can be rejected if the security administrator has not selected it for auditing.
The $SATANY macro is used in privileged mode to write audit records for security-relevant, user-specific events into the SAT logging file.
This macro introduces the global event ANY. A user-specific subcode four characters in length can be created for this event. This option facilitates editing of the events using the evaluator SATUT (cf. the “SECOS” manual [12]).
The user can have the following information audited:
type of event
result of event
sub-event code
data type
data reference
long data reference
SAT complements this information with the following data:
TSN of the calling task
user ID of the calling task
time stamp
group ID (if provided)
chipcard ID, if a chipcard is usedor alternativelythe personal user ID if SRPM is being used and access via personal identification has been specified for a user ID.
Note
In some cases, particularly in the event of an unsuccessful logon attempt, SAT cannot audit any user IDs. This interface does not permit the calling task’s user ID to be overwritten.
Macro format and operands description
[name] $SATANY |
[,TYPE=*NONE/<variable>/*ANY] [,RESULT=*NONE/<variable>/*SUCC/*FAIL] [,SUBCOD=*NONE/<variable>/*TEXT/*HEXA/*BOTH] [,DATATYP=*NONE/<variable>] [,DATAPTR=*NONE/<variable>] [,DATALEN=*NONE/<variable>] [,LDTAPTR=*NONE/<variable>] [,LDTALEN=*NONE/<variable>] |
TYPE=
Determines the event type.
=*NONE
The operand is not used (default with MF=L).
= <variable>
Symbolic address of a three-byte field containing the event type (always ANY).
=*ANY
Event of the type ANY.
RESULT
Defines the result of the event.
=*NONE
The operand is not used (default with MF=L).
=<variable>
Symbolic address of a one-byte field with the event result (SUCC or FAIL).
=*SUCC
The event has been executed completely and successfully.
=*FAIL
A fatal error occurred during the event.
SUBCOD
Subcode for an event.
This determines the name of the subevent within the event. The field must be left-justified. It can be less than or equal to 4 characters. If the subevent is less than 4 characters, the field must be padded with blanks.
=*NONE
The operand is not used (default with MF=L).
=<variable>
Determines the symbolic address of a four-byte field.
DATATYP
Determines the type of information to be audited.
=*NONE
The operand is not used (default with MF=L).
=<variable>
Determines the symbolic address of a two-byte field containing the type of the information to be audited:
X'0060' = type *TEXT
X'0061' = type *HEXA
X'0062' = type *BOTH
=*TEXT
The field is output as a character string.
=*HEXA
The field is output in hexadecimal form.
=*BOTH
Specifies that the field contains both text and hexadecimal characters. The first line of the output contains text, and the next two lines contain the corresponding hexadecimal code (in accordance with the EDT output in hexadecimal mode).
DATAPTR
Data pointer (data must not be longer than 255 bytes).
=*NONE
The operand is not used (default with MF=L).
=<variable>
Symbolic address of a four-byte field containing the address of the first byte of the data field to be audited.
DATALEN
Length of the information.
=*NONE
The operand is not used (default with MF=L).
=<variable>
Symbolic address of a one-byte field containing the size (in bytes) of the data field to be audited.
LDTAPTR
Pointer to data with a length greater than 255 bytes.
=*NONE
The operand is not used (default with MF=L).
=<variable>
Symbolic address of a four-byte field containing the address of the first byte of the data field to be audited.
LDTALEN
Length of the information.
=*NONE
The operand is not used (default with MF=L).
=<variable>
Symbolic address of a two-byte field containing the size (in bytes) of the data field specified by LDTAPTR.
Relationships between the operands:
The following table shows how the $SATANY operands are interconnected, i.e. the mandatory and the optional parameters for the ANY event.
SAT information | ||||||||
Event | TYPE | RESULT | SUBCODE | DATATYP | DATAPTR | DATALEN | LDTAPTR | LDTALEN |
ANY event | ANY | M | O | O | O | O | O | O |
M = mandatory, O = optional
If either DATATYP, DATAPTR or DATALEN is assigned the value *NONE, no data field is audited.
The data field specified by LDTAPTR and LDTALEN is audited only if the security administrator has activated the auditing of additional information for events (/MODIFY-SAT-PRESELECTION LOGGING-QUANTITY=*EXTENDED).
Entry name: SATANY