1-About it
As you may know, SECTCP is an Easy400.net-provided utility to protect access to your IBM i FTP and TELNET Servers.
With SECTCP you may establish rules by which only some IP addresses can access these servers. Attempts from other IP addresses to access FTP and TELNET servers are rejected and documented in daily access logs.
If you are a SECTCP user, you may now and then have a look at the FTP and TELNET access logs and realize that an expected number of IP addresses tried to connect to those servers.
As you feel safe from those attempts, you may not care to where those clients are from. Let us however assume that one day you would like to understand what is going on out there.
Utility ESECTCP is the tool for answering to your questions, by providing locations of the rejected IP addresses, plus some statistics on that.
Site Easy400.net runs SECTCP and ESECTCP. We have periodically a look at these statistics. You can also do that (real data are there) in order to evaluate
your interest on this tool: press this link.
2-Prerequisites
- Minimum OS/400 release: V7R2
- 57xx-WDS Compiler ILE RPG IV (needed only during the installation process)
- A recent version of library SECTCP (dated at least December 8, 2017).
Run command SECTCP/RELEASED to display the release date of your version.
- (Highly recommended, but not mandatory): a recent version of library WSECTCP (dated at least December 8, 2017).
Run command WSECTCP/RELEASED to to display the release date of your version.
3-Installation
- Download file esectcp.zip from the Easy400 download page and unzip it.
- Follow the esectcp.txt instructions to upload and to restore library ESECTCP.
- On your IBM i
- Sign on with a class *SECOFR user profile
- Run the following procedure:
STRREXPRC SRCMBR(INSTALL) SRCFILE(ESECTCP/QREXSRC)
It does the following:
- creates objects in library ESECTCP
- restores IFS directory /esectcp
- creates and populates library ESECTCPDTA (Local data)
- installs the HTTP instance ESECTCP (listening on port 8020). HTTP directives and instructions are in file /esectcp/conf/httpd.conf .
- Run the following commands:
- CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB')
USER(*PUBLIC) DTAAUT(*R)
- CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB')
USER(*PUBLIC) DTAAUT(*R)
- Run command SECTCP/WRKFTPEPGM ACTION(*ON) PGM(ESECTCP/FTPEPGM)
This command sets up the SECTCP user exit point for FTP.
Program ESECTCP/FTPEPGM cares for documenting FTP-rejected client IP addresses.
- Run command SECTCP/WRKTLNEPGM ACTION(*ON) PGM(ESECTCP/TLNEPGM)
This command sets up the SECTCP user exit point for TELNET.
Program ESECTCP/TLNEPGM cares for documenting TELNET-rejected client IP addresses.
- Create the HTTP instance ESECTCP as follow:
- CPYF FROMFILE(ESECTCP/QATMHINSTC) TOFILE(QUSRSYS/QATMHINSTC)
FROMMBR(ESECTCP) TOMBR(ESECTCP) MBROPT(*REPLACE) CRTFILE(*YES)
- Start the ESECTCP HTTP instance as follow:
- STRTCPSVR SERVER(*HTTP) HTTPSVR(ESECTCP)
4 - Updates
To know about the latest updates to this tool, press this link.
To know about the release date of the ESECTCP version you may have installed, on your IBM i execute command ESECTCP/RELEASED .
|