Resolution
How can I verify the results from the PSAudit Security Check-up report?
fact
System Auditing and Reporting (SAR)
fact
System Auditing and Reporting Checkup Report
fact
PSAudit 7.5
fact
PSAudit 8.0
fact
NetIQ Security Solutions for iSeries 8.0
fact
VigilEnt Security Agent for iSeries 7.5
symptom
The reports recommended by the PSAudit Security Check-up report do not match the results of the check-up report.
cause
The PSAudit Security Check-up reports are run with pre-defined filters.
fix
The information below describes the PSAudit Security Check-up report checks that may not match the results of the individual verification reports recommended by the Security Check-up report. To reconcile the checks with the individual reports, run the reports using the described filters.
Check-Up report check #1: User Profiles Pass Intvl NOT SYSVAL
Run the Profile Password Last Change Date report (AACL80UG) using a filter to select UPPWEI NE 0 (zero).
To access the Profile Password Last Change Date report, from PSMENU select options 1, 1, 8, 20, and 4.
Check-Up Report check #2: Group Profiles that have a password
Run the Profile Parameter Analysis report (AACL80UB) using a filter to select UPGRPI EQ *YES and UPPWON EQ *NO.
To access the Profile Parameter Analysis report, from PSMENU select options 1, 1, 8, and 2.
Check-Up report check #3: Group Profiles w/ ALLOBJ Authority
Run the Users with Special Authority report (AACL80UM) using a filter to select UPSPAU CT ALLOBJ and UPGRPI EQ *YES.
To access the Users with Special Authority report, from PSMENU select options 1, 1, 8, 20, and 9.
You can also run report the Profile Parameter Analysis (AACL80UB) using a filter to select UPSPAU CT ALLOBJ and UPGRPI EQ *YES.
To access the Profile Parameter Analysis report, from PSMENU select options 1, 1, 8, and 2.
Check-Up report check #9: User Profiles *USER with LMTCPB *NO
Run the Profiles w/Limt Capabilities = *NO report (AACL80U3) using a filter to select UPUSCL EQ *USER and UPLTCP EQ *NO.
To access the Profiles w/Limt Capabilities = *NO report, from PSMENU select options 1, 1, 8, and 6.
Check-Up report check #13: User Profiles with JOBCTL Authority
Run the Users with Special Authority report (AACL80UM) using a filter to select UPSPAU CT JOBCTL, UPUPRF NE QLPAUTO, UPUPRF NE QLPINSTALL, UPUPRF NE QPGMR, UPUPRF NE QSECOFR, UPUPRF NE QSRV, UPUPRF NE QSRVBAS, UPUPRF NE QSYS, and UPUPRF NE QSYSOPR.
To access the Users with Special Authority report, from PSMENU select options 1, 1, 8, 20, and 9.
Check-Up report check #14: User Profiles with SAVSYS Authority
Run the Users with Special Authority report (AACL80UM) using a filter to select UPSPAU CT SAVSYS, UPUPRF NE QLPAUTO, UPUPRF NE QLPINSTALL, UPUPRF NE QSECOFR, UPUPRF NE QSYS, and UPUPRF NE QSYSOPR.
To access the Users with Special Authority report, from PSMENU select options 1, 1, 8, 20, and 9.
Check-Up report check #19: User Profiles not used in 60 days
For more information about User Profiles not used in 60 days check, see knowledge base article NETIQKB37032.