//*
//*******************************************************************
//* THIS WILL READ THE SMF EXTRACT DATASET OF RACF RELATED SMF
//* RECORDS (TYPES 30, 80, 81, 82, 83) AND USE THE SORT TOOL
//* TO SORT THE DATA AND GENERATE A REPORT.
//*
//* THIS JOB WILL REPORT ALL USERIDS WHICH HAD AN EXCESSIVE
//* NUMBER OF INCORRECT PASSWORDS AND TERMINALS WHERE EXCESSIVE
//* PASSWORDS WERE ATTEMPTED.
//*
//*******************************************************************
//REPORT EXEC PGM=ICETOOL
//SMFDATA DD DISP=SHR,DSN=PROD.RACF.SMF.UNLOAD(0)
//TEMP0001 DD DISP=(NEW,DELETE,DELETE),SPACE=(0,(1000,350))
//TEMP0002 DD DISP=(NEW,DELETE,DELETE),SPACE=(0,(1000,350))
//TEMP0003 DD DISP=(NEW,DELETE,DELETE),SPACE=(0,(1000,350))
//TOOLMSG DD SYSOUT=*
//PRINT DD SYSOUT=(A,,STD),DEST=U0022,HOLD=YES
//DFSMSG DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSMSG DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//SYSIN DD *
/*
//*------------------------------------------------------------------
//TOOLIN DD *
COPY FROM(SMFDATA) TO(TEMP0001) USING(RACF)
OCCURS FROM(TEMP0001) LIST(PRINT) -
PAGE -
TITLE('USERIDS WITH OVER 3 INCORRECT PASSWORDS') -
DATE(YMD/) -
TIME(12:) -
BLANK -
ON(63,8,CH) HEADER('USER ID') -
ON(560,20,CH) HEADER('USER NAME') -
ON(286,8,CH) HEADER('REGION') -
ON(VALCNT) HEADER('NUMBER OF ATTEMPTS') -
HIGHER(3)
/*
//*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//* DEFINE REPORT CRITERIA
//*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//RACFCNTL DD *
SORT FIELDS=(63,8,CH,A)
INCLUDE COND=(5,8,CH,EQ,C'JOBINIT',AND,
14,8,CH,EQ,C'INVPSWD')
OPTION VLSHRT
/*
//
//* <--END-OF-JOB
//*
32,10,CH,EQ,C'1999-12-21',AND,
//****************************************************************
//* FOR A REPORT CONTAINING THE DETAIL RECORDS INSTEAD OF THE
//* SUMMARY, MAKE THE FOLLOWING CHANGES ABOVE:
//*
//* - CHANGE 'OCCUR' TO 'DISPLAY'
//*
//* - REMOVE THE LINE "ON(VALCNT) HEADER('COUNT')"
//*
//* - INSERT THE LINE BEFORE "HEADER('DATE')" LINE:
//*
//* ON(23,8,CH) HEADER('TIME') -
//*
//* - REMOVE THE '-' AT THE END OF THE "HEADER('PROFILE')" STATEMENT
//*