TAA Tools

The Print Security Audit  command is intended for the  Security Officer
or Auditor  to make a review  of the important security  aspects of the

You  must have (or  adopt) *ALLOBJ authority and  you must have *SECADM
authority to use PRTSECAUD.

A typical command is entered as:


The command provides spooled output which includes:

  **   A summary of the major system characteristics

  **   The major security system values

  **   The network attributes related to security

  **   Profile names  that are eligible  to signon,  but have not  done
       so in the last N days (default is 90 days)

  **   Profiles that use the profile name as the password

  **   A summary of all the system and user profiles

  **   Storage owned by QDFTOWN

  **   Last save/restore information for user profiles

  **   User profiles  with a high  degree of authority (e.g.   *ALLOBJ,
       *SERVICE)  and those profiles  that are members of  a group with
       this authority

  **   Profiles that are specified as LMTCPB(*NO)

  **   Libraries on the  system portion of  the library list  (QSYSLIBL
       system value) and the authorizations to the libraries.

  **   Security tips

  **   WRKSYSVAL output (default to Security system values)

  **   DSPSECRVW basic listing (TAA Tool) one line per user

  **   DSPAUTUSR group  profile listing  (listing by  group) same  name
       as the password.

The  output  includes suggestions  as to  how  to cleanup  some  of the
items found.   It also describes  other TAA Tools which  may be  useful
in a security audit.

Command parameters                                    *CMD

   LASTSGNDAT    The number  of days to  be used to  check if any  user
                 profiles  that are  eligible to  signon have  not done
                 so.  The default is 90.

   SYSVALUES     Whether  to print the system  values with WRKSYSVAL to
                 the spooled  file QSYSPRT.   The default is  *SECURITY
                 which prints  just the  security system values.   *ALL
                 prints  all  the  system  values.    *NONE avoids  any

   DSPSECRVW     Whether to  print  a  listing  of  all  user  profiles
                 using  the  TAA  Tool  DSPSECRVW.   This  is  a  basic
                 listing  with one  line per  user profile  and several
                 columns of information.   *YES  is the  default.   The
                 output is to the spooled file USRPRF.

   DSPAUTUSR     Whether  to  use the  DSPAUTUSR  system  command  with
                 SEQ(*GRPPRF)  specified.  The  default is *YES.   This
                 provides  a listing  by group.   The output  is to the
                 spooled file QPAUTUSR.

   CHKSAMPWD     Whether to check the  profiles to see if the  password
                 is  the same  as the  profile  name.   The default  is
                 *YES.   *YES  causes the  system ANZDFTPWD  command to
                 be run and makes a  separate listing.  ANZDFTPWD  does
                 not  cause  any  change   to  the  internal  count  of
                 invalid passwords entered.

                 *NO avoids the ANZDFTPWD command.


You  must have (or adopt)  *ALLOBJ authority and you  must have *SECADM
authority to use PRTSECAUD.


The following TAA Tools must be on your system:

     ADDDAT       Add date
     ALCTMPMBR    Allocate temporary member
     CVTSYSSTS    Convert system status
     DSPSECRVW    Display security review
     RPGSTSDS     RPG status data structure
     RTVRELID     Retrieve release ID
     RTVSPCAUT    Retrieve special authority
     SNDCOMPMSG   Send completion message
     SNDESCMSG    Send escape message
     SNDSTSMSG    Send status message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   PRTSECAUD     *CMD                   TAASECO       QATTCMD
   TAASECOC      *PGM       CLP         TAASECOC      QATTCL
   TAASECOC2     *PGM       CLP         TAASECOC2     QATTCL
   TAASECOR      *PGM       RPG         TAASECOR      QATTRPG


     TAASECOR       *RPG
        TAASECOC2      *CLP

Added to TAA Productivity tools April 1, 1995

Home Page Up to Top