Auditing an AS/400 Server

85 pts.
Tags:
AS/400
AS/400 administration
AS/400 audit
Hello all, I want to audit an AS/400 Server. How can I proceed? Thank you
ASKED: April 1, 2009  10:24 AM
UPDATED: August 13, 2013  6:29 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

What sort of auditing do you want to do? What sort of information do you need to obtain?

Regards,

Martin Gilbert.

Discuss This Question: 12  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Backtrack
    It's a security audit i want to investigate on: 1/User security and rihts; 2/System values; 3/Auditing and logging; Thank you
    85 pointsBadges:
    report
  • Gilly400
    Hi, 1. You can start by getting a list of users and their rights :- WRKUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(Yourlib/Yourfile) This creates a file called Yourfile in library Yourlib. You can then use Query to format and print the file (WRKQRY). 2. You can get a list of system values by using the following command :- WRKSYSVAL SYSVAL(*ALL) OUTPUT(*PRINT) This will create a spooled file containing all the current system values. 3. Auditing and logging will depend very much on what you need to know. It also depends to a certain extent on your applications. Your applications may provide enough auditing and logging for your purposes. Maybe you will need to turn on the security auditing and check the security journals. The AS400 keeps logs of a lot of things which happen in the system regarding security - if you look at the system logs using DSPLOG you can get an ida of what gets logged (for example users getting disabled because of incorrect passwords, connections and disconnections from other systems, jobs starting and ending - which can also be users signing on and off). Regards, Martin Gilbert.
    23,730 pointsBadges:
    report
  • Backtrack
    Hi Martin, Can i import the reult of the first command in an Excel file? Thanks for your answer
    85 pointsBadges:
    report
  • Gilly400
    Hi, Yes, you can import it into excel, no problem. If you have client access/i-series access, there is a plug-in for excel which you can use. Alternatively you can use the CPYTOIMPF command to create a comma delimited file that you can then import into excel. Regards, Martin Gilbert.
    23,730 pointsBadges:
    report
  • Backtrack
    Thank you
    85 pointsBadges:
    report
  • Backtrack
    Hi Martin I have another question please Can the command "WRKUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(Yourlib/Yourfile)" show me the special authorities of all users. Regards Mohamed Habib
    85 pointsBadges:
    report
  • Gilly400
    Hi, My mistake - that should be DSPUSRPRF instead of WRKUSRPRF.... The command should list user class and special authorities. Regards, Martin Gilbert.
    23,730 pointsBadges:
    report
  • Backtrack
    THANKS
    85 pointsBadges:
    report
  • Backtrack
    Good Morning Martin Can you tell me, is there any tool (free or open source like nessus) that can passively scan an AS400 server and report the vulnerabilies ? THANK YOU
    85 pointsBadges:
    report
  • Gilly400
    Hi, Sorry, I don't know of any such tool. There seem to be plenty of commercial tools available, but I suspect these can be quite expensive. Regards, Martin Gilbert.
    23,730 pointsBadges:
    report
  • DanD
    On all iSeries there is the IBM supplied Security menu. Type Go Security and you will get a large number of security reports. Also, here is a link to a "best practices" security White Paper from NetIQ http://download.netiq.com/CMS/WHITEPAPER/NetIQ_WP_iSeriesSec_BestPractices.PDF
    2,865 pointsBadges:
    report
  • mcl
    Tools - well, you can invest $$$ in something like Net IQ. Of course, then you have to learn how to use it. The IT Security folks where I work scan the systems with AppDetective, Webinspect and Foundstone - but they tell me that AppDetective won't scan the AS 400 systems. DanD mentioned the security menu. When you get to Option #8 (the Security Tools menu) you may need *SECADM and *AUDIT authority. You should also check the HELP on each option BEFORE you run it. Unfortunately, the report options only generate printed reports - so you would have to do as Martin suggested with DSPUSRPRF to and outfile to get something for Excel. That white paper from NetIQ is pretty standard stuff and is a good guideline for what you should have set up. Regards Mike
    2,740 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following