How do I omit certain user profiles from iSeries security checks in Vulnerability Manager?
Is there a way to exclude user profiles from iSeries security checks in Vulnerability Manager?
NetIQ Security Solutions for iSeries 8.0
NetIQ Vulnerability Manager 5.5
You can use exclusion lists in Vulnerability Manager to omit user profiles for the following iSeries security checks (divided by category):
User domain objects in libraries
Attention program differs from System value
Display sign-on info differs from system
Enabled inactive profiles
Group profiles with passwords
Limit device sessions differs from system value
Password is the same as the profile
Passwords that are expired
Passwords with questionable expiration date
Profiles with all object authority
Profiles with audit authority
Profiles with command line access
Profiles with job control authority
Profiles with no password
Profiles with save system authority
Profiles with security admin authority
Profiles with service authority
Profiles with spool control authority
Profiles with system config authority
Special environment differs from system value
User profiles with Q* names
To use an exclusion list in the check parameters for the checks above:
- Edit the check in the template, or just select to run the check on the iSeries endpoint and go to the Parameters section.
- Click on the Exclusion list setting and expand it by clicking on the ... button.
- On the Select Saved List window, click New List.
- In the Saved List wizard, for Data type, select Text.
- Add the user profile names to the Values field and add them to the list by clicking Add to list.
- After you add all profile names, click Next.
- Name the saved list and click Finish.
- Return to the Select Saved List window, select the newly created list so that it highlights in dark blue, and click OK. The list should now display in the Exclusion list option on the selected check.
You can now run the check with the exclusion list.