We had "yet another security audit". This time we are getting dinged
because we have QMAXSGNACN sent to 1=Disable device. It is recommended
that we use 3=Disable device and profile. Their concern is that someone
could mount a Denial Of Service attack on us and disable all of our
virtual devices. My thought is, that if I set it to disable user profiles
wouldn't that just expand the DOS attack to include user profiles also?
Let's see, sign on 3 times and disable QSECOFR, then try QSYSOPR and
several others. Granted, you could use this to recover QSECOFR (which is
or you could sign on as someone else with that level of authority and
reset it there.
Anyone with command line access can do a
wrkobj qusrsys/*all *msgq
and get a list of all your user profiles. I just signed on as this user
and was able to perform that. (Please do not take offense at the user
name - it's just a habit of mine. The operator knows to kill it on
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
Kendallville, IN 46755
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.