At Kisco Systems, you'll hear us talk a lot about "legacy risk." When the system has been embedded in a business for as long as the IBM i tends to be, the configuration doesn't always keep up with the operating systems' capabilities. For example, even though newer OS releases include more and more security options, it's very likely that the actual security configuration is out of date.
One example is user profiles. Some user profile conditions create risk for unauthorized access and abuse:
A condition where more than one of the above exists in the same profiles is considered to be HIGH RISK. In particular, we are interested in user profiles with elevated priviledges AND default password.
A SQL script in IBM i SQL Services will show us immediately if we're at risk.
We can get what we need from table QSYS2.USER_INFO_BASIC.
IBM i SQL for users with default password
Using "run sql scripts" from ACS:
select * from QSYS2.USER_INFO_BASIC
WHERE
USER_DEFAULT_PASSWORD = 'YES'
Other ways to check for default password accounts
If you're new to USER_INFO_BASIC then query for * so you take a few minutes to familiarize yourself with the available columns in the view.
Any user profile with default password is worth remidiating, but if any of these also have elevated privilidges then you are in an extremely high risk position.
This query will list any profiles that need immediate attendtion. Note that we are now specifying columns to return, rather than * all.
select AUTHORIZATION_NAME, PREVIOUS_SIGNON, STATUS, USER_DEFAULT_PASSWORD, USER_CLASS_NAME, SPECIAL_AUTHORITIES, LIMIT_CAPABILITIES, USER_EXPIRATION_DATE
from QSYS2.USER_INFO_BASIC
WHERE
USER_DEFAULT_PASSWORD = 'YES' AND
SPECIAL_AUTHORITIES LIKE '%*ALLOBJ%'
If any rows are returned we recommend you address the user profiles ASAP.
You can also tweak the query to return other conditions that might be of interest:
Kisco Solutions
SafeNet/i uses exit points to add extra security rules that can block access all but the most critical priviledged user profiles.
iSecMap audits IBM i security in real time and will report and notify for events related to password and special authorities.