Google

Tuesday, August 12, 2008

Easy way to Audit System i (AS/400)

Download the free software from:
http://www.powertech.com/powertech/auditor.asp

Install it at any PC connected to the server.

Run the software and ask the IT staff with *ALLOBJ authority to sign-on using his or her System i id.

The software will generate an Executive Summary for the following area:
  • User Access to Data
  • Public Authority to Libraries
  • User Security
  • System Security
  • System Auditing
  • Administrative Right

1. User Access to Data

Beside the menu access, user can access the data via 2 ways i.e.:
  • Network Access
  • Command line Access
It is important to control and restrict the 2 access above to only authorised personnel. To further review the network access, use the DISPNETA command.

To further review who have access to the command line, use the PRTAUTUSR command to get the "User Profile Information" report and look under the "Limited Capability" column. Those with "Limited Capability" = *NO means that they have access to the command line. (NO simply means unlimited capability). However the PRTAUTUSR does not include the text i.e. the description of the user ids. Therefore use the DSPAUTUSR command to get the "Display Authorized Users" report.

2. Public authority to Libraries

*PUBLIC access to libraries is a simple measurement that provides a strong indication of how accessible the system is to the average end user. “Public” simply means “the rest of the users” other than those specifically defined to have access. Libraries are equivalent to folders in Windows environment.

Audit concerns are the libraries with *ALL and *CHANGE authorities granted to “Public.
  • *ALL = Users can manage, rename, specify security for, or delete the library data
  • *CHANGE = Users can manage, rename, specify security for, or delete the library data

To further review the libraries use the DSPOBJAUT OBJ(Library Name) OUTPUT(*PRINT)

3. User Security

By default, System i assigns a default password that is the same as the username. To further review which user profile have the same password as per the username, use the ANZDFTPWD ACTION (*NONE) command.

4. System Security

The most important of the system values is QSECURITY, which defines the overall security level of the operating system itself. QSECURITY value of 30 indicates an unprotected system, many well-known exposures at this level.

The see all the security related system values, use WRKSYSVAL SYSVAL (*SEC) OUTPUT(*PRINT)

technorati tags: