|
We had "yet another security audit". This time we are getting dinged
because we have QMAXSGNACN sent to 1=Disable device. It is recommended
that we use 3=Disable device and profile. Their concern is that someone
could mount a Denial Of Service attack on us and disable all of our
virtual devices. My thought is, that if I set it to disable user profiles
wouldn't that just expand the DOS attack to include user profiles also?
Let's see, sign on 3 times and disable QSECOFR, then try QSYSOPR and
several others. Granted, you could use this to recover QSECOFR (which is
quite drastic)
http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/topic/rzamh/rzamhrecover.htm
or you could sign on as someone else with that level of authority and
reset it there.
Anyone with command line access can do a
wrkobj qusrsys/*all *msgq
and get a list of all your user profiles. I just signed on as this user
crtusrprf dummy
and was able to perform that. (Please do not take offense at the user
name - it's just a habit of mine. The operator knows to kill it on
sight.)
Rob Berendt
--
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.