Security management, system audits, hardening and monitoring
Advantages of SAP Basis Support
Support Packages from SAPNet - Web Frontend or Collection CDs are available in a compressed format. Note that you must unpack the support packages before processing. Download the support packages from the SAPNet - Web Frontend or mount the appropriate CD. Log in with the following user: Operating system users UNIX adm AS/400 OFR Windows NT adm Go to the following subdirectory in your system: Operating system UNIX and AS/400 usr/sap/trans/tmp Windows NT :\usr\sap\TRANS\TMP Unzip the archive containing the support packages with the following command: Operating system command UNIX CAR -xvf ///_CAR AS/400 CAR '-xvf /QOPT///_CAR' Windows NT CAR -xvf :\\ CHIVE>.CAR Put the unpacked support packages in the EPS inbox of your transport directory: Operating system EPS-Inbox of the transport directory UNIX /usr/sap/trans/EPS/in AS/400 /usr/sap/trans/EPS/in Windows NT :\usr\sap\trans\EPS\in Now bring the support packages into your system with Support Package Upload. You will see a list of uploaded support packages that are now known with all their attributes in the SAP system and can be handled in the right way by the SAP Patch Manager. Select Back to return to the SPAM entry screen.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
SAP PI(XI)
Maintaining the availability of critical business processes not only requires a high-quality infrastructure, but also places equally high demands on the management and operation of the underlying SAP NetWeaver and SAP HANA platforms due to their high complexity. These platforms are often referred to as SAP Basis.
A BW system often plays a very central role in larger companies. Here the data from the various connected source systems are analysed and reported centrally. A previous customer of mine had a BW system, to which a total of over 20 other SAPP production systems were connected. With such a large and mostly living system landscape, it is normal that individual systems are dismantled from time to time. However, especially with large SAP landscapes, there are strict regulations regarding the permissions of technical RFC users. For this reason, the simple "right-click —> delete" of a source system in RSA1 will often not lead to the target, but rather to a failed permission check. With this blog post, I'll show you a workaround on how to clean a source system from a BW system using the RSAR_LOGICAL_SYSTEM_DELETE and RSAP_BIW_DISCONNECT function blocks.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
On www.sap-corner.de you will also find useful information about SAP basis.
Using various user, administration and monitoring tools, the SAP Basis system is controlled and managed by an administrator, who is thus responsible for its trouble-free operation.
The effort would be so infinitely large and expensive that such a manipulation can practically not be implemented.