Beruflich Dokumente
Kultur Dokumente
Are IBM DST(Dedicated Service Tools or SST(System Service Tools) are being used ?
Have the passwords for the DST default users been changed ?
Are different groups being used ? If yes, list out groups and members
How the segregation is done between staging/production environment ?
Determine users having passsword same as username
Is there any user who has left the organisation and have active account in the system
Are other services like FTP, SMPT,POP3 running with same credentials ?
Is FTP directly accessible to all users ? It should be accessible to only selected users
based on requirements
Analyze default passwords for profiles
Check QSECURITY value. Recommended to use 40-50
Check QMAXSIGN value . Recommended to use 3
Check QMAXSGNACN value. User should be disabled once reach the MAXXSIGN
Process to unlock the disabled account
Check the configuration for remote sign-on
Print all System Values related to password parameters
Print all user profiles and review the assigned roles, permission etc
Review the IBM supplied profiles(Start with Q) for passwords (*NONE). Some of IBM
supplied profiles are
QSECOFR, QSECADM, QPGMR, QSRV, QUSER, QSYSOPR
Review if the Access Control related commands are set to proper attribute i.e *PUBLIC,
*EXLCUDE
AS/400 Security Configuration Audit Checklist
ANZDFTPWD
QSECURITY
QMAXSIGN
QMAXSGNACN
QRMTSIGN
WRKSYSVAL SYSVAL(QPWD*)
OUTPUT(*PRINT)
QPWDEXPITV
QPWDMINLEN
QPWDRQDDIF
QAUDLVL
WRKSYSVAL SYSVAL(*SEC)
OUTPUT(*PRINT)
PCSACC OUTPUT(*PRINT)
DSPNETA OUTPUT(*PRINT)
*SECADM
*PGMR
*SYSOPR
*USER
*SECOFR
PRTUSRPRF TYPE(*ALL)
SELECT(*SPCAUT) SPCAUT(*ALL)
*ALLOBJ
*SECADM
*JOBCTL
*SPLCTL
*SAVSYS
*SERVICE
*IOSYSCFG
*AUDIT
PRTPVTAUT OBJTYPE(*LIB)
LIB(QSYS)
PRTPVTAUT OBJTYPE(*FILE)
LIB(DATALIB)
PRTPVTAUT OBJTYPE(*AUTL)
LIB(QSYS)
DSPAUTUSR