| Independently from FTP and/or TELNET log enablements, one may want warning messages
(♣)
be sent to some non-program message queues every time SECTCP detects a FTP and/or TELNET access violation.
This can be done through command SECTCP/NFYACSRJT (Notify Access Rejection) command:
Notify Access Rejection (NFYACSRJT)
Type choices, press Enter.
Type of access . . . . . . . . . ACCTYPE *FTP, *TELNET, *BOTH
Set it ... . . . . . . . . . . . SET *ON *ON, *OFF
For message queue . . . . . . . MSGQ QSYSOPR Name
Library . . . . . . . . . . . QSYS Name, *LIBL
|
| Command NFYACSRJT |
Use this command to enable or disable the SECTCP sending of
FTP/TELNET access-reject messages to a given message queue.
All message queues are eligible: QSYSOPR (default), workstations, user profiles, etc.
Type of access (ACCTYPE) - The type of access to be monitored.
Select one of the following:
- *FTP to monitor FTP access-reject messages.
- *TELNET to monitor TELNET access-reject messages.
- *BOTH to monitor both FTP and TELNET access-reject messages.
Set it ... (SET) - Whether the sending of access-reject messages
should be enabled or disabled. Select:
- *ON to enable the sending of access-reject messages.
- *OFF to disable the sending of access-reject messages.
For message queue (MSGQ) - Qualified name of the message queue where
access-rejection messages should be sent.
Notes
- You may repeat command NFYACSRJT to send messages to another message queue.
There is no limit to the number of message queues intended to receive messages.
- Messages sent to message queue QSYS/QSYSOPR will also show up in the history log.
- Ending messages to a message queue (nfyacsrjt ... set(*off) ...) can be performed
only by the user profile that started that function (nfyacsrjt ... set(*on) ...).
|
