|
|
 |
 |
by Giovanni B. Perotti (Italy) |
This documentation applies to SECTCP release dated February 1, 2019.
Always refer to this online document for the latest features.
The PDF version of this document may be obsolete. |
|
|
 |
Introduction
SECTCP (secure TCP) is an IBM i public-source utility
that may be used to control and restrain access to the following TCP servers:
- FTP
- TELNET
SECTCP adds an extra protection layer between a firewall (if you have one) and the OS/400 security.
This extra layer is much more flexible than any firewall and can be easily controlled and changed as needed.
Changes to SECTCP settings do not require restarting the FTP or the TELNET server.
|
|
| About WSECTCP |
|
If you are currently running SECTCP and you are willing to host a CGI application on an HTTP instance,
then you may install a WEB interface for SECTCP. |
| Its name is WSECTCP. |
This WEB interface makes SECTCP so easy that you would never go back to a 5250 session.
Go to this download page and install WSECTCP today.
Sample screens |
|
|
| About ESECTCP |
|
If you already installed SECTCP and WSECTCP, you may then install also ESECTCP. |
| ESECTCP provides you with the names (country, region, city) and google maps of all the locations where undesired client IP addresses tried with no success to login to your FTP or TELNET server. |
Read about ESECTCP.
Go to this download page to install ESECTCP.
Sample screens |
|
| |
| About SECTCPTEST |
SECTCPTEST is a small utility - authored by Helge Bichel, Denmark - that helps you in finding out
if an IP address would be able to login via SECTCP to your IBMi TELNET and/or FTP servers.
| |
|
|
Prerequisites
- Operating system release V5R2 or subsequent
- ILE-RPG compiler
|
|
Installation procedure
- Signon to the IBM i with a class *SECOFR user profile
- CRTSAVF FILE(QGPL/SECTCP) AUT(*ALL)
- From the Easy400 download page
download file sectcp.zip to your PC and unzip it
- Use FTP to copy PC file sectcp.sav to save file QGPL/SECTCP
- RSTLIB SAVLIB(SECTCP) DEV(*SAVF) SAVF(QGPL/SECTCP)
- STRREXPRC SRCMBR(INSTALL) SRCFILE(SECTCP/QREXSRC)
It will perform the following:
- creates a compile program in library SECTCP
- runs command SECTCP/COMPILE that creates the necessary modules and programs
- runs command SECTCP/INSTALL to complete the installation by
- restoring directory /sectcp
- creating and populating library SECTCPDATA with local files
During the installation process will stop two times:
- The first time, to ask the name of the user profile (SECTCP owner) authorized to change the SECTCP settings
- The second time, to display the HTTP directives that you may install later on in an
Apache HTTP instance of your choice.
These directives allow to display the SECTCP documentation
(the one you are currently reading. They are in the IFS stream file
/sectcp/apache/httpdirectives.txt.
If you like, you may press this
to display them.
Note - To re-install SECTCP on a box without the ILE-RPG compiler:
- Save library SECTCP
- Restore library SECTCP on the other box
- On this other box:
- signon with a class *SECOFRE user profile
- run command SECTCP/INSTALL
|
|
Setting up SECTCP
To define the SECTCP settings, you must
- signon with the user profile authorized for this operation during the installation process
- enter command SECTCP/SECTCP .
You will then receive the following screen:
 |
| Figure 1 - No protections yet |
(Please note that help text is available from any SECTCP screen)
|
|
|
|