Risk Assessor for IBM i

July 2022

Version 3.3

July 19, 2022

Enhancements
  • New password strength report feature identifies user profile passwords that are contained in available lists of cracked passwords.

Fixes
  • Updated to Log4j 2.17 to resolve vulnerabilities.

  • Product Information menu now shows correct product version.

  • SKYASSESS report now accurately indicates when QPWDEXPWRN deviates from the recommended value.

  • Fixed MCH1210 error that occurs when there are over 9999 User Profiles without *PUBLIC EXCLUDE authority.

  • Fixed issue with print files that were missing.

  • Fixed issue that caused the Security Assessment job log to wrap.

  • Fixed issue reporting on user and supplemental groups.

  • Fixed issue when setting the Certificate Store Password.

June 2020

Version 3.2

June 1, 2020

  • The member file size for Risk Assessor files has been adjusted.

April 2020

Version 3.1

April 14, 2020

  • A problem causing ‘/’ to be incorrectly listed in place of ‘/QOpenSys’ in the SKYASSESS document has been corrected.
  • An issue causing the SKYGRPPTF report to be empty when the IBM i does not have an Internet connection has been resolved. The report is now populated with the group PTFs that are currently installed.
  • In the System Value table of the SKYASSESS document, the QATNPGM value is no longer incorrectly flagged as deviating from the Recommended setting. (It is at the recommended setting.)
  • An issue causing the PTF Group SF99333 to be incorrect in the SKYGRPPTF report in some cases has been corrected.
  • A CPF3309 error caused by a large number of trigger programs on the system has been addressed, and no longer results in assessment failures.

January 2019

Version 3.0
New features
  • When emailing supplemental reports, they are now sent as a zip file attachments rather than individual .txt attachments reducing the chance they are too large to be emailed off the system.
  • A ‘From’ parameter has been added to the email option in order to specify a valid email address when the sender’s user profile@system name is not a valid email address.
Enhancements

Additions and changes to the SKYASSESS.RTF document:

  • System Value Section:
    • QATNPGM has been added to the first system value table.
    • The QSSL* system values now only retrieves the current values and does not provide guidance on specific settings, due to rapidly changing requirements in this area.
  • User Section:
    • QSECOFR is now listed in the table of IBM profiles with a password, along with its last sign-on date.
  • Telnet Section:
    • Whether the telnet server only allows secure communications is now listed.
  • Miscellaneous Section:
    • Dates are included for the last System save and Save Security Data (SAVSECDTA).
    • The text for sign-on messages CPF1120 and CPF1107 has been updated.
    • Options are now provided when you press System Request.
    • An additional recommendation to modify the sign-on display has been added, leaving only the User profile and Password fields.

New Reports:

  • A report listing all exit programs registered to exit points (SKYREGINF).
  • A report showing the list of certificates in DCM (Digital Certificate Manager), with their expiration date (SKYCERTINF).
  • A report of EIM (Enterprise Identity Mapping) associations (SKYEIMUSER).
  • A report of group PTFs and whether the most recent version has been installed (SKYGRPPTF).
Fixes
  • Proxy commands are no longer listed in the SKYQSYSUSR report. (SKYQSYSUSR lists user objects created into QSYS.)
  • Licensing: The traditional HelpSystems license is now used.
  • The calculation for how many additional users have a special authority from their group has been fixed.

Back to Powertech Products