If you’re looking to tighten your IBM i security, it can be quite daunting to know where to start. Do you look at securing the perimeter by looking at an exit point solution, or do embark on lengthy object level security project? Or both?!
A quick win for many could be preventing the changing of key security related System Values, and System Service Tools (SST) provides just that level of control.
Use the command STRSST, and enter your SST user id and password.
From the resultant display choose option 7 ‘Work with System Security’
By changing ‘Allow System Value Security Changes’ from 1 (Yes) to 2 (No) will result in a number of System Values being locked, preventing them from being changed by anybody.
Systems Values locked by this feature are listed below:
Any attempt to change a locked System Value will result in CPF18C0 ‘System Value cannot be changed’ being produced.
Note. This can also be done via Dedicated Service Tools (DST) too.
Leave a Reply