Security Services Tools

Description

You are using security relates services and tools like the EWA, SOS, System Recommendations, Configuration Validation or a Security Dashboard in the SAP Solution Manager. You want to dig deeper into these topics and want to build own reporting capabilities on top. In this case you can use the ABAP reports in this repository as a starting point for further analysis and development.

Basis

• Report ZSHOW_BG_JOB_USER
  Show user type of background job steps

• Report ZSHOW_INSTALLED_COMPS
  Show installed software components and verify the age of the support packages

• Report ZRFC_STATRECS_SUMMARY
  Show Workload Statistic of RFC calls
  See blog How to get RFC call traces to build authorizations for S_RFC for free!
  Standard transaction STRFCTRACE can replace this Z-report (see note 2080378)
  Updated 18.01.2023 Tooltip for column Logon Procedure (trusted, basic, no user)
  Updated 14.09.2023 Show SNC status of outgoing destinations
  Updated 15.09.2023 Show http connections, too

• Report ZSM04000_SNC
  Show SNC status of active users on current application server
  See blog Report ZSM04000_SNC – Show SNC status of current user sessions
  You can use the Z-reports from note 748424 - Evaluation of SAP GUI versions and patches
  Updated 09.05.2023 Tooltip for column Logon Procedure (trusted, basic, no user)

• Report ZCLEANUP_PASSWORD_HASH_VALUESX
  Remove all weak password hash values in user master data, change documents and password history
  See blog Remove weak password hash values
  Updated 22.12.2022

• Report ZSHOW_SECPOL
  Show security policy attributes (SECPOL) and compare them with the default values
  See blog Show overview about security policies (SECPOL)
  Updated 19.10.2022 Selection mode: single cell
  Updated 05.02.2024 Extension to 40 columns
  Updated 29.07.2024 Replace CALL 'C_SAPGPARAM' with CL_SPFL_PROFILE_PARAMETER (note 3334028)

• Report ZSECPOL_API
  Example for using the API to manage security policies (SECPOL)
  Created 01.07.2024 New

• Report ZSPFRECOMMENDED
  Show recommended profile parameter values according to the secure-by-default project of S/4HANA
  See corresponding chapter at SAP Secure By Default for S/4HANA on-premise 2022
  Updated 19.04.2023 Show long lines in a textedit control; Change recommendation for rdisp/gui_auto_logout from 1H to 3600
  Updated 15.11.2023 Parameter added for S/4HANA 2023

• Report ZSHOW_GWMON_LOG
  Show settings, and log and trace files of the RFC gateway
  Updated 31.01.2023

• Report ZRSPFPAR_DYNAMIC_CD
  Show history of dynamic profile parameters
  Updated 29.03.2023 Show all instance specific change documents (and the changing client if available depending on the release)

• Report ZSUSR_SNC_GUIFLAG
  Set/unset the SNC GUIFLAG of users which permits/disallows password based logon instead of using single sign-on
  New 14.09.2023
  Updated 15.09.2023 Refactored for using an interactive ALV

• Report ZRSAU_API_GET_LOG_DATA
  Show usage of RFC function RSAU_API_GET_LOG_DATA to get event from the Security Audit Log
  The report requires SAP_BASIS 7.50 as well as note 3054326 - API for remote reading of audit logs as of 7.50
  12.03.2024 Initial version
  08.07.2024 Improved robustness for older releases or support packages

• Report ZBNAME_RESTRICT
  Check user names concerning parameter BNAME_RESTRICT in table PRGN_CUST
  see Note 1731549
  or Online Help

• Report ZSHOW_UCON_RFC_DATA
  Maintain UCON settings for RFC functions similar like transaction UCONCOCKPIT.
  The report shows additional selections and information about:
  Function groups
  Packages
  Software components
  Switched components
  Blocklist for S/4HANA
  Authorizations of the called user
  New 26.04.2024
  Updated 14.06.2024

• Report ZSICFCHK
  Show public ICF services and services with logon data
  This is an extended version of standard report RSICFCHK
  23.09.2021 Initial version

SAP Solution Manager (SolMan)

Security Optimization Service

• Report ZSOS_OVERVIEW
  Show overview about results from the Security Optimization Service
  See blog Show the results of the Security Optimization Service
  Updated 30.05.2023 Show user count for SOS, too
  Updated 04.09.2023 Process not only GSS SOS but normal SOS as well

System Recommendations

• Report ZSYSREC_NOTELIST_72_SP08
  Show results from application System Recommendations
  See blog Report ZSYSREC_NOTELIST – Show results of System Recommendation
  Updated 18.04.2023 Solved error which was introduced in recent update from February 2023
  Updated 28.03.2024 Opion to restrict the size of the header (important for backgroud processing)

• Report ZCHECK_NOTE_2934135
  Check the implementation status of note 2934135 for connected Java systems
  See note 2953257
  Updated 28.08.2020

• Report ZCHECK_NOTE_3089413
  Check the implementation status of note 3089413 for connected ABAP systems
  See Security Notes Webinar 2023-02
  Updated 28.03.2023 New check about generic authorizations for S_RFCACL (configuration in CCDB needed)
  Updated 29.06.2023 Updated Kernel prerequisites as described in note 3224161
  Updated 29.06.2023 Updated Note prerequisites for note 3287611 v9
  Updated 06.07.2023 Typo in text corrected
  Updated 08.09.2023 Extended syntax check

Configuration Validation

• Report ZSHOW_CCDB_CUSTOMIZING
  Show Store Customization of CCDB
  Updated 19.04.2023 Corrections for showing only systems which use a specific customizing
  Updated 08.09.2023 Extended syntax check

• Report ZDIAGCV_TSCUS_HDR
  Maintain descriptions of Target Systems of application Configuration Validation
  See ZIP archive Security Baseline Template
  Updated 02.09.2022
  Updated 25.03.2024 Selection by description added

• Report ZDSH_BUILDER_SHOW
  Show Dashboard Builder definitions
  See see ZIP archive Security Baseline Template
  Updated 29.07.2022

• Report ZDIAGST_GET_STORES
  Show Configuration Stores

• Report ZSHOW_KERNEL_STORES
  Show ABAP release, Kernel patch level and version of the CommonCryptoLib using the configuration stores SAP_KERNEL and CRYPTOLIB

SAP Focused Run (FRUN)

Configuration & Security Analysis

• Report ZCCDB_GET_STORES
  Show configuration stores and content
  New 27.01.2023
  Updated 21.05.2024 Enhance robustness if case of no data

• Report ZSHOW_TARGET_SYSTEM
  Show CSA target systems (policies)
  Updated 27.04.2023 Show button to call CSA policy management

• Report ZSHOW_COMPOSITE_POLICIES
  Show CSA Composite policies
  New 27.04.2023

• Report ZCHECK_NOTE_3089413_FRUN
  Check the implementation status of note 3089413 for connected ABAP systems.
  You find a corresponding FRUN policy on page 3089413_ext.
  See Security Notes Webinar 2023-02
  Updated 13.03.2023 Updated note 3287611, new note 3304520
  Updated 10.07.2023 Updated Kernel prerequisites as described in note 3224161
  Updated 10.07.2023 Updated Note prerequisites for note 3287611 v9

Requirements

None

Download and Installation

Use the raw view to copy & paste the source code of the reports into a custom program.

You can use abapGit to load the compleate package from branch abapGit into an SAP Solution Manager. In any other system you might want to use the function 'Advanced -> Selective Pull' to get only the basis objects.

Known Issues

No known issues.

How to obtain support

Create an issue in this repository if you find a bug, have a request or a suggestion about the content.

Start a discussion in this repository if you have questions about the content.

Ask the SAP security community in case of other topics concerning security.

Contributing

If you wish to contribute code, offer fixes or improvements, please send a pull request. Due to legal reasons, contributors will be asked to accept a DCO when they create the first pull request to this project. This happens in an automated fashion during the submission process. SAP uses the standard DCO text of the Linux Foundation.

License

Copyright (c) 2023 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the LICENSE file.