Created
May 8, 2020 16:54
-
-
Save forstie/bff5d8f242979ff3ee2244d7931e9ed4 to your computer and use it in GitHub Desktop.
This is a probe of current network activity, showing what non-SSL interfaces are being used by users who have *ALLOBJ special authority. The idea here is to raise awareness to sensitive data being accessed over unencrypted interfaces.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- | |
| -- Reference: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzajr/rzajrservicesandports.htm | |
| -- | |
| -- description: Which users with *ALLOBJ (either directly or indirectly via group profile membership) are accessing the IBM i via a non-SSL interface right now? | |
| -- | |
| select authorization_name as user_name, j.* | |
| from qsys2.netstat_job_info j | |
| where local_port in (23, 446, 449, 2001, 4402, 5544, 5555, 8470, 8471, 8472, 8473, 8474, 8475, 8476) | |
| and j.authorization_name in (select authorization_name text_description | |
| from qsys2.user_info | |
| where special_authorities like '%*ALLOBJ%' | |
| or authorization_name in (select user_profile_name | |
| from qsys2.group_profile_entries | |
| where group_profile_name in (select authorization_name | |
| from qsys2.user_info | |
| where special_authorities like '%*ALLOBJ%'))); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment