SERVAUTH Class
© 2021 RSH Consulting, Inc. All Rights Reserved.
GSE UK
Security Working Group
June 2021
33
Controlling Dynamic Virtual IP Addresses (DVIPA)
▪ Dynamic Virtual IP Address (DVIPA) is a function that allows the system to move
IP addresses to other systems in the event of an application, system or stack
failure
▪ EZB.BINDDVIPARANGE.sysname.tcpname
• Control whether an application can create and bind to a DVIPA defined on PROFILE.TCP VIPARANGE
statement
❖ SAF No Decision Action: PERMIT
❖ SMF Type 80 record LOGSTR: TCPIP BINDDVIPA ACCESS CHECK
▪ EZB.BINDDVIPARANGE.sysname.tcpname.resname
• Control whether an application can create and bind to a DVIPA defined on PROFILE.TCP VIPARANGE
statement that includes a SAF resname parameter
❖ SAF No Decision Action: DENY
❖ SMF Type 80 record LOGSTR: TCPIP BINDDVIPA SAF ACCESS CHECK
▪ EZB.MODDVIPA.sysname.tcpname
• Control whether an application can create and bind to a DVIPA defined on PROFILE.TCP VIPARANGE
statement using SIOCVIPA ioctl call
❖ SAF No Decision Action: DENY unless user is APF authorized or superuser/UID(0)
❖ SMF Type 80 record LOGSTR: TCPIP MODDVIPA or SIOCSVIPA(6) ACCESS CHECK
▪ EZB.MODDVIPA.sysname.tcpname.resname
• Control whether an application can create and bind to a DVIPA defined on PROFILE.TCP VIPARANGE
statement using SIOCVIPA ioctl call that includes a SAF resname parameter
❖ SAF No Decision Action: DENY
❖ SMF Type 80 record LOGSTR: TCPIP MODDVIPA or SIOCSVIPA(6) SAF ACCESS CHECK