Yeah... I know. That being said... perhaps the READ ONLY option is something that we can try. Thanks for making that suggestion.
Larre <snip> There is no way in **** that I'd be messing with permissions bits on anything IBM provided. We do mount all of that READ only however so that contents cannot be changed. <snip> -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Larre Shiller Sent: Wednesday, September 26, 2018 12:34 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] DISA STIG and permission/audit bits As part of a recent audit, we have been goaded into updating the permission and/or audit bits on certain Unix directories per the DISA STIG (which we use as our risk model). Those directories include many that are shipped by IBM and it's a fair bit of research/work. So... you can easily imagine the problem here--when IBM ships a new release of z/OS or makes changes to either the directory structure or to the existing directories, our changes are backed out. We have been trying to figure out a semi-automated "best practice" that would satisfy the Audit requirement, but have not had much success. So... we started to wonder if anybody else is doing this and if so, how do they manage to keep track of directory changes and keep them updated per the STIG. Any advice would be gratefully appreciated... Thanks. Larre Shiller US Social Security Administration “The opinions expressed in this e-mail are mine personally and do not necessarily reflect the opinion of the US Social Security Administration and/or the US Government.” ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
