Risk Assessor for IBM i
July 2022
Version 3.3
July 19, 2022
Enhancements
-
New password strength report feature identifies user profile passwords that are contained in available lists of cracked passwords.
Fixes
-
Updated to Log4j 2.17 to resolve vulnerabilities.
-
Product Information menu now shows correct product version.
-
SKYASSESS report now accurately indicates when QPWDEXPWRN deviates from the recommended value.
-
Fixed MCH1210 error that occurs when there are over 9999 User Profiles without *PUBLIC EXCLUDE authority.
-
Fixed issue with print files that were missing.
-
Fixed issue that caused the Security Assessment job log to wrap.
-
Fixed issue reporting on user and supplemental groups.
-
Fixed issue when setting the Certificate Store Password.
June 2020
Version 3.2
June 1, 2020
- The member file size for Risk Assessor files has been adjusted.
April 2020
Version 3.1
April 14, 2020
- A problem causing ‘/’ to be incorrectly listed in place of ‘/QOpenSys’ in the SKYASSESS document has been corrected.
- An issue causing the SKYGRPPTF report to be empty when the IBM i does not have an Internet connection has been resolved. The report is now populated with the group PTFs that are currently installed.
- In the System Value table of the SKYASSESS document, the QATNPGM value is no longer incorrectly flagged as deviating from the Recommended setting. (It is at the recommended setting.)
- An issue causing the PTF Group SF99333 to be incorrect in the SKYGRPPTF report in some cases has been corrected.
- A CPF3309 error caused by a large number of trigger programs on the system has been addressed, and no longer results in assessment failures.
January 2019
Version 3.0
New features
- When emailing supplemental reports, they are now sent as a zip file attachments rather than individual .txt attachments reducing the chance they are too large to be emailed off the system.
- A ‘From’ parameter has been added to the email option in order to specify a valid email address when the sender’s user profile@system name is not a valid email address.
Enhancements
Additions and changes to the SKYASSESS.RTF document:
- System Value Section:
- QATNPGM has been added to the first system value table.
- The QSSL* system values now only retrieves the current values and does not provide guidance on specific settings, due to rapidly changing requirements in this area.
- User Section:
- QSECOFR is now listed in the table of IBM profiles with a password, along with its last sign-on date.
- Telnet Section:
- Whether the telnet server only allows secure communications is now listed.
- Miscellaneous Section:
- Dates are included for the last System save and Save Security Data (SAVSECDTA).
- The text for sign-on messages CPF1120 and CPF1107 has been updated.
- Options are now provided when you press System Request.
- An additional recommendation to modify the sign-on display has been added, leaving only the User profile and Password fields.
New Reports:
- A report listing all exit programs registered to exit points (SKYREGINF).
- A report showing the list of certificates in DCM (Digital Certificate Manager), with their expiration date (SKYCERTINF).
- A report of EIM (Enterprise Identity Mapping) associations (SKYEIMUSER).
- A report of group PTFs and whether the most recent version has been installed (SKYGRPPTF).
Fixes
- Proxy commands are no longer listed in the SKYQSYSUSR report. (SKYQSYSUSR lists user objects created into QSYS.)
- Licensing: The traditional HelpSystems license is now used.
- The calculation for how many additional users have a special authority from their group has been fixed.