Security Services Tools

Description

You are using security relates services and tools like the EWA, SOS, System Recommendations, Configuration Validation or a Security Dashboard in the SAP Solution Manager. You want to dig deeper into these topics and want to build own reporting capabilities on top. In this case you can use the ABAP reports in this repository as a starting point for further analysis and development.

Basis

• Report ZSHOW_BG_JOB_USER
  Show user type of background job steps

• Report ZSHOW_INSTALLED_COMPS
  Show installed software components and verify the age of the support packages

• Report ZRFC_STATRECS_SUMMARY
  Show Workload Statistic of RFC calls
  See blog How to get RFC call traces to build authorizations for S_RFC for free!
  Standard transaction STRFCTRACE can replace this Z-report (see note 2080378)
  Updated 18.01.2023

• Report ZSM04000_SNC
  Show SNC status of active users on current application server
  See blog Report ZSM04000_SNC – Show SNC status of current user sessions
  You can use the Z-reports from note 748424 - Evaluation of SAP GUI versions and patches
  Updated 11.10.2022

• Report ZCLEANUP_PASSWORD_HASH_VALUESX
  Remove all weak password hash values in user master data, change documents and password history
  See blog Remove weak password hash values
  Updated 22.12.2022

• Report ZSHOW_SECPOL
  Show security policy attributes (SECPOL) and compare them with the default values
  See blog Show overview about security policies (SECPOL)
  Updated 19.10.2022

• Report ZSPFRECOMMENDED
  Show recommended profile parameter values according to the secure-by-default project of S/4HANA
  See corresponding chapter at SAP Secure By Default for S/4HANA on-premise 2022
  Updated 19.04.2023 Show long lines in a textedit control; Change recommendation for rdisp/gui_auto_logout from 1H to 3600

• Report ZSHOW_GWMON_LOG
  Show settings, and log and trace files of the RFC gateway
  Updated 31.01.2023

• Report ZRSPFPAR_DYNAMIC_CD
  Show history of dynamic profile parameters
  Updated 29.03.2023 Show all instance specific change documents (and the changing client if available depending on the release)

SAP Solution Manager (SolMan)

Security Optimization Service

• Report ZSOS_OVERVIEW
  Show overview about results from the Security Optimization Service
  See blog Show the results of the Security Optimization Service
  Updated 27.07.2022: You can now use the same report to view the rating overview tables of the EarlyWatch Alert (EWA).

System Recommendations

• Report ZSYSREC_NOTELIST_72_SP08
  Show results from application System Recommendations
  See blog Report ZSYSREC_NOTELIST – Show results of System Recommendation
  Updated 18.04.2023 Solved error which was introduced in recent update from February 2023

• Report ZCHECK_NOTE_2934135
  Check the implementation status of note 2934135 for connected Java systems
  See note 2953257
  Updated 28.08.2020

• Report ZCHECK_NOTE_3089413
  Check the implementation status of note 3089413 for connected ABAP systems
  See Security Notes Webinar 2023-02
  Updated 28.03.2023 New check about generic authorizations for S_RFCACL (configuration in CCDB needed)

Configuration Validation

• Report ZSHOW_CCDB_CUSTOMIZING
  Show Store Customization of CCDB
  Updated 19.04.2023 Corrections for showing only systems which ue a specific customizing

• Report ZDIAGCV_TSCUS_HDR
  Maintain descriptions of Target Systems of application Configuration Validation
  See ZIP archive Security Baseline Template
  Updated 02.09.2022

• Report ZDSH_BUILDER_SHOW
  Show Dashboard Builder definitions
  See see ZIP archive Security Baseline Template
  Updated 29.07.2022

• Report ZDIAGST_GET_STORES
  Show Configuration Stores

• Report ZSHOW_KERNEL_STORES
  Show ABAP release, Kernel patch level and version of the CommonCryptoLib using the configuration stores SAP_KERNEL and CRYPTOLIB

SAP Focused Run (FRUN)

Configuration & Security Analysis

• Report ZCCDB_GET_STORES
  Show configuration stores and content
  New 27.01.2023

• Report ZSHOW_TARGET_SYSTEM
  Show CSA target systems (policies)
  Updated 27.04.2023 Show button to call CSA policy management

• Report ZSHOW_COMPOSITE_POLICIES
  Show CSA Composite policies
  New 27.04.2023

• Report ZCHECK_NOTE_3089413_FRUN
  Check the implementation status of note 3089413 for connected ABAP systems
  See Security Notes Webinar 2023-02
  Updated 13.03.2023 Updated note 3287611, new note 3304520

Requirements

None

Download and Installation

Use the raw view to copy & paste the source code of the reports into a custom program.

You can use abapGit to load the compleate package from branch abapGit into an SAP Solution Manager. In any other system you might want to use the function 'Advanced -> Selective Pull' to get only the basis objects.

Known Issues

No known issues.

How to obtain support

Create an issue in this repository if you find a bug, have a request or a suggestion about the content.

Start a discussion in this repository if you have questions about the content.

Ask the SAP security community in case of other topics concerning security.

Contributing

If you wish to contribute code, offer fixes or improvements, please send a pull request. Due to legal reasons, contributors will be asked to accept a DCO when they create the first pull request to this project. This happens in an automated fashion during the submission process. SAP uses the standard DCO text of the Linux Foundation.

License

Copyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the LICENSE file.