Rob,
Remember Rob, auditors are our friends. To be especially sure about security on what you send them first encrypt the outfile contents, then save it to a save file with compress set to *HIGH and then save the save file to another save file. You can then send them the final save file via an encrypted email.
All kidding aside, the auditor is more than likely looking for special authorities (*ALLOBJ, *SECADM), whether a user has access to a command line, if a user can run commands from the command line, how often a user is required to change their password and if the last password change date is reasonable to the display date in the out file.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, January 28, 2014 7:52 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Crowe Chizek IT audit
Any suggestions? Should I offer it to them on a 5 1/4" diskette? :-)
A. Create a data file with all user profiles attributes.
DSPUSRPRF <enter>
*ALL
*BASIC
*OUTFILE
*CROWE <data file name>
*QGPL <designated library>
B. Create a query to select attributes from the file obtained.
WRKQRY
Select a file <CROWE, in QGPL library>
Sequence the fields. (USER PROFILE, USER CLASS, STATUS, LIMITED CAPABILITIES, DESCRIPTION, PASSWORD OF *NONE, SIGN-ON ATTEMPTS NOT VALID, LIMITED DEVICE SESSIONS, SPECIAL AUTHORITIES, INTITIAL PROGRAM, INITIAL PROGRAM LIBRARY, GROUP PROFILE, GROUP AUTHORITY, PASSWORD CHANGE INTERVAL, PASSWORD CHANGE DATE, PREVIOUS SIGN-ON DATE)
Sort the data <by user profile name, “A”scending>
Select output form <identify output to go to a file and export it off of the AS/400 using Client Access to a diskette>
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
midrange.com
