The Open-BPM Architectural Portal
Hercules Hosting on Linux
Command to start Hercules (Needs to be changed to a script).
go to the mvs380 directory
su hercules (important!)
nohup her4cules -d -f conf/open-bpm.conf &
To view output: tail -f nohup.out
Connect terminals 3270 (how do we activate / deactivete instead terminals after IPL?)
Go to Web Console
MVS Operations
IPL
At web console
ipl 148
At "IEA101A SPECIFY SYSTEM PARAMETERS FOR RELEASE 03.8 .VS2"
/r 00,clpa - for cold boot - then shutdown and warmboot.
/r 00 - for warm boot
/r 0,sysp=RA - For RAKF
Start Services
(should not be needed)
/s jes2
/s bsppilot
Shutdown
At console:
/f bsppilot,shutdown
/f bsppilot,shutfast
/f bsppilot,shutnow
Adding Terminals
Changed hercules.conf to have
00c0 3270 # Terminal session # 1
00c1 3270 # Terminal session # 2
00c2 3270 # Terminal session # 3
00c3 3270 # Terminal session # 4
00c4 3270 # Terminal session # 5
00c5 3270 # Terminal session # 6
00c6 3270 # Terminal session # 7
01c0 3270 # Terminal session # 8
01c1 3270 # Terminal session # 9
01c2 3270 # Terminal session # 10
01c3 3270 # Terminal session # 11
01c4 3270 # Terminal session # 12
01c5 3270 # Terminal session # 13
01c6 3270 # Terminal session # 14
Then have to modify the vtam list and then will have to reipl.(amrith)
MVS Hardening
Setting User Passwords
Logon as IBMUSER or HERC01 or HERC02
ALLOC F(SYSUADS) DA('SYS1.UADS') SHR
ALLOC F(SYSLBC) DA('SYS1.BRODCAST') shr
ACCOUNT
SYNC
CHANGE (userid * ) DATA(password) - If a user has no password it seems it cannot be changed - err...!
See also SYS2.JCLLIB(CHGPWD)
Recreate IBMUSER
list (ibmuser)
Gives
=====
IBMUSER USER ATTRIBUTES: OPER ACCT JCL NOMOUNT
INSTALLATION ATTRIBUTES, IN HEX: 0000
MAXSIZE: NOLIM
USER PROFILE TABLE:
00000000000000000000000000000000
DESTINATION = CENTRAL SITE DEFAULT
NO PERFORMANCE GROUPS
(*)
(*)
IKJACCNT PROCSIZE= 44K, UNIT NAME= (NONE)
Copy user entry just in case ...
rename 'sys1.uads(ibmuser0)' 'sys1.uads(olduser0)'
Enter: account
help add
add, delete, and list ibmuser until it matches
what you want and somewhat matches the copy/paste.
Don'r set a password of SYS1 because that is a default.
end
Account ADD Sub-Command Help
Account Add
)F FUNCTION -
THE ADD COMMAND PROCESSOR PERFORMS THE ADMINISTRATIVE FUNCTION OF
ADDING A NEW USER TO THE SYSTEM OR OF ADDING NEW CONTROL INFORMATION
TO AN EXISTING USER ENTRY. THE ADD COMMAND IS AVAILABLE ONLY TO
USERS WITH ASSIGNED ACCOUNT ABILITY.
)X SYNTAX -
ADD ('USERID' 'PASSWORD'/* 'ACCTNMBR'/* 'PROCNAME')
MAXSIZE('INTEGER')/NOLIM OPER/NOOPER ACCT/NOACCT
JCL/NOJCL MOUNT/NOMOUNT USERDATA('DIGITS')
PERFORM('DIGITS')/NOPERFORM SIZE('INTEGER')
UNIT('NAME') DEST('NAME')
OR
('USERID'/*) DATA('PASSWORD'/('PASSWORD',...)/*
'ACCTNMBR'/('ACCTNMBR',...)/*
'PROCNAME'/('PROCNAME',...))
SIZE('INTEGER') UNIT('NAME')
OR
('USERID'/* 'PASSWORD'/*)
DATA('ACCTNMBR'/('ACCTNMBR',...)/*
'PROCNAME'/('PROCNAME',...))
SIZE('INTEGER') UNIT('NAME')
OR
('USERID'/* 'PASSWORD'/* 'ACCTNMBR'/*)
DATA('PROCNAME',...) SIZE('INTEGER') UNIT('NAME')
OPTIONAL - MAXSIZE('INTEGER')/NOLIM OPER/NOOPER ACCT/NOACCT
JCL/NOJCL MOUNT/NOMOUNT USERDATA('DIGITS') DEST('NAME')
PERFORM('DIGITS')/NOPERFORM SIZE('INTEGER') UNIT('NAME')
DEFAULTS - NOLIM NOOPER NOACCT NOJCL NOMOUNT USERDATA(0000)
DEST('CENTRAL') NOPERFORM SIZE(0) UNIT(' ')
ALIAS - A
NOTE - THE FIRST FORMAT IS USED TO IDENTIFY A NEW USER TO THE
SYSTEM. THIS FORMAT IS TO BE USED WHEN THE USER HAS NOT
BEEN PREVIOUSLY IDENTIFIED TO THE SYSTEM.
NOTE - THE '*' IN THE FIRST FORMAT MEANS 'THIS ITEM WILL NOT BE
SUPPORTED FOR THIS USER'. IF THE '*' IS USED, ALL
SUBSEQUENT REFERENCES TO THIS USER IDENTITY MUST CONTAIN
AN '*' FOR THAT ITEM.
NOTE - ALL FORMATS OTHER THAN THE FIRST ARE USED TO ADD
ADDITIONAL CONTROL INFORMATION TO AN EXISTING USER ENTRY.
THE FIRST OPERAND IN THESE FORMATS MUST CONTAIN A
COMBINATION OF ITEMS WHICH HAS BEEN PREVIOUSLY ADDED. THE
FIRST SUBPARAMETER OF THE 'DATA' KEYWORD MUST FORM A NEW
COMBINATION OF ITEMS.
NOTE - IF AN '*' WAS USED IN A COMMAND OF THE FIRST FORMAT, THEN
AN '*' IN THE CORRESPONDING POSITION IN THE OTHER FORMATS
MEANS 'THIS ITEM IS NOT SUPPORTED FOR THIS USER'.
NOTE - IN ALL FORMATS OTHER THAN THE FIRST, AN '*' USED IN THE
FIRST OPERAND (EVERYTHING WITHIN THE FIRST PAIR OF
PARENTHESES) MAY MEAN ALL ITEMS PREVIOUSLY ENTERED IN THE
POSITION WHERE THE '*' APPEARS ARE TO BE USED IN FORMING
THE COMBINATIONS OF ITEMS WHICH ARE TO BE AUGMENTED.
)O OPERANDS -
'USERID' - USER'S UNIQUE SYSTEM IDENTIFICATION
FIRST CHARACTER - ALPHABETIC OR NATIONAL (£,@,#)
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 7
'PASSWORD'
- USER'S AUTHORIZATION FOR SYSTEM FACILITIES
FIRST CHARACTER - ALPHABETIC, NATIONAL, OR NUMERIC
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 8
'ACCTNMBR'
- USER'S ACCOUNTING DATA IDENTIFICATION
ANY EBCDIC CHARACTERS EXCEPT BLANK, COMMA, TAB,
SEMICOLON, AND APOSTROPHE
MAXIMUM LENGTH - 40
'PROCNAME'
- PROCEDURE NAME FOR LOGON
FIRST CHARACTER - ALPHABETIC OR NATIONAL (£,@,#)
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 8
))MAXSIZE('INTEGER')
- MAXIMUM REGION SIZE FOR THIS USER IDENTITY, ALLOWED ONLY
WHEN CREATING A NEW USER ENTRY
'INTEGER'
- NUMBER OF 1024 BYTE UNITS - MAXIMUM VALUE IS 65534
))NOLIM - NO LIMIT TO USER'S MAXIMUM REGION SIZE, ALLOWED ONLY WHEN
CREATING A NEW USER ENTRY
NOTE - NO LIMIT MAY ALSO BE ACHIEVED BY MAXSIZE(0)
))OPER - IDENTIFIES THIS USER AS A TERMINAL USER WITH AUTHORITY TO
ISSUE THE OPERATOR COMMANDS, ALLOWED ONLY WHEN CREATING A
NEW USER ENTRY
))NOOPER - MEANS THIS USER MAY NOT ISSUE THE OPERATOR COMMANDS,
ALLOWED ONLY WHEN CREATING A NEW USER ENTRY
))ACCT - IDENTIFIES THIS USER AS A TERMINAL USER WITH AUTHORITY TO
ISSUE THE ACCOUNT COMMANDS, ALLOWED ONLY WHEN CREATING A
NEW USER ENTRY
))NOACCT - MEANS THIS USER MAY NOT ISSUE THE ACCOUNT COMMANDS,
ALLOWED ONLY WHEN CREATING A NEW USER ENTRY
))JCL - IDENTIFIES THIS USER AS A TERMINAL USER WITH AUTHORITY TO
ISSUE THE SUBMIT, CANCEL, STATUS, AND OUTPUT COMMANDS,
ALLOWED ONLY WHEN CREATING A NEW USER ENTRY
))NOJCL - MEANS THIS USER MAY NOT ISSUE THE SUBMIT, CANCEL, STATUS,
AND OUTPUT COMMANDS, ALLOWED ONLY WHEN CREATING A NEW USER
ENTRY
))MOUNT - IDENTIFIES THIS USER AS A TERMINAL USER WITH THE ABILITY
TO ISSUE DYNAMIC ALLOCATION REQUESTS THAT CAUSE VOLUME
MOUNTING, ALLOWED ONLY WHEN CREATING A NEW USER ENTRY
))NOMOUNT - MEANS THIS USER MAY NOT USE THE MOUNT FUNCTION, ALLOWED
ONLY WHEN CREATING A NEW USER ENTRY
))USERDATA('DIGITS')
- INSTALLATION DATA FOR THIS USER IDENTITY, ALLOWED ONLY
WHEN CREATING A NEW USER ENTRY
'DIGITS'
- FOUR EBCDIC CHARACTERS REPRESENTING HEXADECIMAL DIGITS
))DEST('NAME')
- DESTINATION TO WHICH SYSOUT DATA SETS WILL BE ROUTED,
ALLOWED ONLY WHEN CREATING A NEW USER ENTRY
'NAME' - FIRST CHARACTER - ALPHABETIC, NATIONAL, OR NUMERIC
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 7
))PERFORM('DIGITS')
- SPECIFIES THE PERFORMANCE GROUPS THE USER IS AUTHORIZED
TO REQUEST AT LOGON, ALLOWED ONLY WHEN CREATING A NEW
USER ENTRY
'DIGITS'
- A LIST OF NUMBERS FROM 1 TO 255
))NOPERFORM
- THIS USER IS NOT AUTHORIZED TO SPECIFY PERFORMANCE GROUPS
AT LOGON, ALLOWED ONLY WHEN CREATING A NEW USER ENTRY
))SIZE('INTEGER')
- REGION SIZE FOR PROCEDURE NAMED IN 'PROCNAME'
'INTEGER'
- NUMBER OF 1024 BYTE UNITS - MAXIMUM VALUE IS 65534
NOTE - THE 'SIZE' VALUE SHOULD BE LESS THAN THE 'MAXSIZE' VALUE.
IF IT IS NOT, THE 'MAXSIZE' VALUE WILL BE USED INSTEAD.
))UNIT('NAME')
- DEVICE GROUP ESOTERIC NAME FOR DYNAMIC ALLOCATION
'NAME' - FIRST CHARACTER - ALPHABETIC, NATIONAL, OR NUMERIC
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 8
NOTE - IF UNIT IS OMITTED, A FIELD OF 8 BLANKS IS CREATED
))DATA('PASSWORD'/('PASSWORD',...)/* 'ACCTNMBR'/('ACCTNMBR',...)/*
'PROCNAME'/('PROCNAME',...))
- NEW INFORMATION TO BE ADDED TO AN EXISTING ENTRY AS
SPECIFIED IN THE FIRST OPERAND.
'PASSWORD'
- USER'S AUTHORIZATION FOR SYSTEM FACILITIES
FIRST CHARACTER - ALPHABETIC, NATIONAL, OR NUMERIC
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 8
'ACCTNMBR'
- USER'S ACCOUNTING DATA IDENTIFICATION
ANY EBCDIC CHARACTERS EXCEPT BLANK, COMMA, TAB,
SEMICOLON, AND APOSTROPHE
MAXIMUM LENGTH - 40
'PROCNAME'
- PROCEDURE NAME FOR LOGON
FIRST CHARACTER - ALPHABETIC OR NATIONAL (£,@,#)
OTHER CHARACTERS - ALPHABETIC, NATIONAL, OR NUMERIC
MAXIMUM LENGTH - 8
RAKF
SU1TK3 Settings
SYS1.PROCLIB(RAKFINIT)
//RAKFINIT PROC
//RAKFINIT EXEC PGM=RAKFINIT
//SYSABEND DD SYSOUT=P
SYS1.PROCLIB(RAKFPROF)
//RAKFPROF PROC
//RAKFPROF EXEC PGM=RAKFPROF
//INPUT DD DISP=SHR,DSN=SYS2.RAKFPROF
SYS1.PROCLIB(RAKFUSER)
//RAKFUSER PROC
//RAKFUSER EXEC PGM=RAKFUSER
//INPUT DD DISP=SHR,DSN=SYS2.RAKFUSER
SYS1.PROCLIB(RAKFPWUP)
//RAKFPWUP PROC
//RAKFPWUP EXEC PGM=RAKFPWUP
//INPUT DD DISP=SHR,DSN=SYS2.RAKFUSER
"Finally, it is recommended to make a slight change to the OPEN processing in MVS so that RAKF is always called. This can be achieved by applying the following zap…
// EXEC PGM=AMASPZAP
//SYSLIB DD DISP=SHR,DSN=SYS1.LPALIB
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
NAME IFG0194A IFG0194C
VER 1392 47E0
REP 1392 4700
VER 13FA 47E0
REP 13FA 4700
"This ZAP has UZ74083 as a prerequisite. This is the level of Volker’s Turnkey 3 system.
It is not know if this was applied in TK3SU1
---
SYS2.RAKFPROF
DATASET * READ
DATASET RAKF.V1R0M0.CNTL NONE
DATASET RAKF.V1R0M0.CNTL RAKFADM UPDATE
DATASET SYS* ALTER
DATASET SYS1.* READ
DATASET SYS1.BRODCAST UPDATE
DATASET SYS2.* READ
DATASET SYS2.RAKF* NONE
DATASET SYS2.RAKF* RAKFADM UPDATE
PROGRAM * READ
TERMINAL* READ
This has been changed to
DASDVOL * NONE
DATASET * READ
DATASET RAKF.V1R0M0.CNTL NONE
DATASET RAKF.V1R0M0.CNTL RAKFADM UPDATE
DATASET SYS1.BRODCAST UPDATE
DATASET SYS2.RAKF* NONE
DATASET SYS2.RAKF* RAKFADM UPDATE
PROGRAM * READ
TAPEVOL * NONE
TERMINAL* READ
---
SYS2.RAKFUSER
HERC01 RAKFADM *BIGFOOT Y OPERATIONS
HERC01 SYSTEM *BIGFOOT Y OPERATIONS
HERC02 RAKFADM *PINKY Y OPERATIONS
HERC02 SYSTEM *PINKY Y OPERATIONS
HERC03 USER SIMPLE N Normal user
HERC04 USER ACOL N Normal user
IBMUSER RAKFADM *HENRY Y Emergency user
IBMUSER SYSTEM *HENRY Y Emergency user
HERC01 RAKFADM BIGFOOT Y OPERATIONS
HERC02 RAKFADM PINKY Y OPERATIONS
HERC03 USER SIMPLE N Normal user
HERC04 USER ACOL N Normal user
IBMUSER RAKFADM HENRY Y Emergency user
IPL Option
/r 0,sysp=RA
Messaage (normal - seem to be random - order of start-up?)
19.51.01 STC 163 RAKF0003 RESOURCE TABLE INVALID/MISSING: ALLOWED:STC
19.51.01 STC 163 RAKF0009 STC ,RAKFUSER,DATASET ,SYS2.RAKFUSER