×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. MIDRANGE-L
  3. March 2011

QMAXSGNACN

We had "yet another security audit". This time we are getting dinged
because we have QMAXSGNACN sent to 1=Disable device. It is recommended
that we use 3=Disable device and profile. Their concern is that someone
could mount a Denial Of Service attack on us and disable all of our
virtual devices. My thought is, that if I set it to disable user profiles
wouldn't that just expand the DOS attack to include user profiles also?
Let's see, sign on 3 times and disable QSECOFR, then try QSYSOPR and
several others. Granted, you could use this to recover QSECOFR (which is
quite drastic)
http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/topic/rzamh/rzamhrecover.htm
or you could sign on as someone else with that level of authority and
reset it there.

Anyone with command line access can do a
wrkobj qusrsys/*all *msgq
and get a list of all your user profiles. I just signed on as this user
crtusrprf dummy
and was able to perform that. (Please do not take offense at the user
name - it's just a habit of mine. The operator knows to kill it on
sight.)

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.