-----Original Message-----
From: midrange-l-bounces+kenshields=ppg.com@xxxxxxxxxxxx
[mailto:midrange-l-bounces+kenshields=ppg.com@xxxxxxxxxxxx]On Behalf Of
midrange-l-request@xxxxxxxxxxxx
Sent: Wednesday, May 18, 2005 8:47 AM
To: midrange-l@xxxxxxxxxxxx
Subject: MIDRANGE-L Digest, Vol 4, Issue 968


Send MIDRANGE-L mailing list submissions to
        midrange-l@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.midrange.com/mailman/listinfo/midrange-l
or, via email, send a message with subject or body 'help' to
        midrange-l-request@xxxxxxxxxxxx

You can reach the person managing the list at
        midrange-l-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of MIDRANGE-L digest..."


Today's Topics:

   1. RE: Socks server port (Marc Rauzier)
   2. Re: Who ended the subsystem? (Dennis Nel)
   3. RE: iSeries FTP security (Evan Harris)
   4. RE: Who ended the subsystem? (ganeshkumar.murugesan@xxxxxxxxx)
   5. Re: Websphere Express 5.1 Issue (Wayne McAlpine)
   6. 7855-10 Modem (ldwopt@xxxxxxx)
   7. RE: Socks server port (Elvis Budimlic)


----------------------------------------------------------------------

message: 1
date: Wed, 18 May 2005 08:37:34 +0200
from: Marc Rauzier <mrauzier@xxxxxxx>
subject: RE: Socks server port

Le mar. 17 mai 2005 18:05:01, Wilt, Charles ecrivait:

> WRKSRVTBLE ??
> 

Thank you Charles.

Well, I was sure not to write down this question in a fine english :-)

In my case, the AS400 is not the server, it is the client. It runs an 
FTP session to a FTP server thru a socks server (the socks server can 
only be configured with iSeries Navigator by right-clicking Properties 
on the TCP/IP configuration in the Network panel and filling the right 
informations in the SOCKS tab). The WRKSRVTBLE would help me if the 
AS400 have been FTP server which is not the case.


> Charles Wilt
> iSeries Systems Administrator / Developer
> Mitsubishi Electric Automotive America
> ph: 513-573-4343
> fax: 513-398-1121
>  
> 
>> -----Original Message-----
>> From: midrange-l-bounces@xxxxxxxxxxxx
>> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Marc Rauzier
>> Sent: Tuesday, May 17, 2005 11:31 AM
>> To: midrange-l@xxxxxxxxxxxx
>> Subject: Socks server port
>> 
>> 
>> Hello everybody
>> 
>> When configuring the socks client on an AS400 for a socks 
>> server (I want to 
>> run FTP thru a socks server from the AS400), I do not see a 
>> way to change 
>> the port on which the socks server listens.
>> 
>> Does someone know if it is possible (changing from 1080 which 
>> is, I guess, 
>> the default and used value to, let's say 8090) and, if yes, how ?
>> 
>> Note : OS400 V4R5
>> 


-- 
Cordialement/Best regards
Marc Rauzier

Opinions I stated here are my own.



------------------------------

message: 2
date: Wed, 18 May 2005 08:44:25 +0200
from: Dennis Nel <dvnel.za@xxxxxxxxx>
subject: Re: Who ended the subsystem?

In the DSPLOG command you search for the message with an id of CPF0995.

Once you have these messages, you can just press F1 (Help) on the
message and in the second level text of this message you will be able
to identify the job that the ENDSBS command was issued from.

On 5/18/05, ganeshkumar.murugesan@xxxxxxxxx
<ganeshkumar.murugesan@xxxxxxxxx> wrote:
> 
> A subsystem has been brought down by some user. We need to find the user
> profile which was used to bring down the subsystem.
> 
> In DSPLOG we found that the command ENDSBS has been issued but it
> doesn't mention about the user profile.
> 
> Is there any way to find the user profile which ended the subsystem?
> 
> Thanks,
> Ganesh
> 
> Confidentiality Notice
> 
> The information contained in this electronic message and any attachments to 
> this message are intended
> for the exclusive use of the addressee(s) and may contain confidential or 
> privileged information. If
> you are not the intended recipient, please notify the sender at Wipro or 
> Mailadmin@xxxxxxxxx immediately
> and destroy all copies of this message and any attachments.
> 
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
> 
>



------------------------------

message: 3
date: Wed, 18 May 2005 19:55:40 +1200
from: Evan Harris <spanner@xxxxxxxxxx>
subject: RE: iSeries FTP security

Hi Joe

Thanks for your comments - a few responses inline.

>Here's an interesting take on it: you might want to understand how FTP
>works before you open up your mission critical machines to it.
>Seriously, the ".." exploit is known to just about every script kiddie
>who ever set up an FTP server only to see somebody go rifling through
>their files.  The problem is not that the iSeries is allowing access,
>but that people are allowing FTP access to their iSeries without really
>knowing how FTP works.

I am fairly sure I understand how FTP works, although I will confess to not 
being particularly aware of the ".." exploit.
Of course, the issue is not about FTP specifically it is more about 
understanding what the path returned via
the FTP exit API represents and coding to avoid the ".." exploit. Going by 
some of the other posts I am in good company.

>Every time somebody posts something about how they "must" allow FTP
>access, or "must" allow ODBC access to their data, I cringe because I'm
>almost certain that they haven't gone out and investigated how these
>utilities work.  There are similar exploits with ODBC too numerous to
>mention, especially for people with authorized access to your machine.

If access via these methodologies is requested/demanded by the user 
community then it would be foolish
to deny them out of hand just because I didn't know how they work. 
Especially when some NT guy is more than
happy to claim he can provide the required service(s). The way I see it I 
can read the books available get some
assistance where necessary, subscribe to forums like this and learn how to 
manage these utilities.
Then I can run them on a machine I know I can secure.

The alternative would be to never learn anything and never do anything and 
watch the iSeries replaced at an even
more rapid rate by Windows boxes that are not really up to the task of 
running an enterprise.

>The right answer is to create separate, low-access user profiles with
>access only to sandbox areas, and then to put data in those areas only
>on demand.  Unfortunately, some of those same people who are opening
>their machines to ODBC and FTP access will be the first to say this is
>too much work.

I agree in principle but experience tells me:

1. People with an existing profile will balk at having a second user profile
2. People will balk at waiting for a copy to be made of data they know is 
already there and waiting

The real solution to this problem is to go back and fix the access to data 
properly, particularly on those systems where it
has been bastardized by a vendor package with badly though out access 
methodologies and end user rights, especially
packages or home grown apps that confer *ALLOBJ on all end users to make it 
easy to manage. If I had *PUBLIC *READ
or *PUBLIC *EXCLUDE on all my data libraries this wouldn't be the problem 
it is, but the number of packages and homegrown
applications that have started out requiring *ALLOBJ or something equally 
ill conceived means I simply have to try and secure
around it.

Another answer is to get a security tool to help get around this or even to 
write an exit program if the funds to purchase
are not forthcoming. But now we might be right back where we started.

>Anyway, my .02 on this is that you need to know how the tools work,
>warts and all, BEFORE you implement them.  The ".." technique is a good
>one to guard against, and I guess if you have to learn it from the guy
>in question, then that's better than nothing.  But you might want to
>talk to a local twelve-year-old before you open your production data to
>FTP access.

I am not particularly bothered who I learned it from, the point for me is 
that now I do know. I do know that I am never going to have
the luxury of knowing every detail of every utility I am asked to 
implement, but I do know I will make every effort to find out what I
need to know and keep on questioning what I do know in case things have 
changed or I have missed something. I'm old enough
now to know that the only certainty is there is always something to learn. 
I'm not too proud to learn it wherever I can.


>Joe
>
>P.S. Among the many ways around this particular issue is to a create
>special IFS folder with limited access and disable access to that
>folder's parent folder, then create symbolic links to the data in
>question.

How would this help with access to my inventory table, or would you propose 
that I keep a copy in CSV format, or even better that
I make people wait while I generate only the data they want and then wait 
again while they extract the data from the safe area ?

Perhaps I should just go tell the NT guy to fire up his SQL Server and make 
copies of the iSeries data so it will be "accessible" to the
end users instead of having to deal with the legacy iSeies.

Regards
Evan Harris



------------------------------

message: 4
date: Wed, 18 May 2005 13:22:07 +0530
from: <ganeshkumar.murugesan@xxxxxxxxx>
subject: RE: Who ended the subsystem?


The message in the QHST shows

"Subsystem QMSP ending in progress"

When I take F1 on that message, it just shows me no details about the
user profile.
I was able to identify the job, but the user of the job is QSYS, which
is not what I expected. Some user has ended it. Who is that is my
question?


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Dennis Nel
Sent: Wednesday, May 18, 2005 12:14 PM
To: Midrange Systems Technical Discussion
Subject: Re: Who ended the subsystem?

In the DSPLOG command you search for the message with an id of CPF0995.

Once you have these messages, you can just press F1 (Help) on the
message and in the second level text of this message you will be able
to identify the job that the ENDSBS command was issued from.

On 5/18/05, ganeshkumar.murugesan@xxxxxxxxx
<ganeshkumar.murugesan@xxxxxxxxx> wrote:
>
> A subsystem has been brought down by some user. We need to find the
user
> profile which was used to bring down the subsystem.
>
> In DSPLOG we found that the command ENDSBS has been issued but it
> doesn't mention about the user profile.
>
> Is there any way to find the user profile which ended the subsystem?
>
> Thanks,
> Ganesh
>
> Confidentiality Notice
>
> The information contained in this electronic message and any
attachments to this message are intended
> for the exclusive use of the addressee(s) and may contain confidential
or privileged information. If
> you are not the intended recipient, please notify the sender at Wipro
or Mailadmin@xxxxxxxxx immediately
> and destroy all copies of this message and any attachments.
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



Confidentiality Notice

The information contained in this electronic message and any attachments to 
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or 
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or 
Mailadmin@xxxxxxxxx immediately
and destroy all copies of this message and any attachments.



------------------------------

message: 5
date: Wed, 18 May 2005 07:33:09 -0500
from: Wayne McAlpine <wayne.mcalpine@xxxxxxxxxxxxxxxxx>
subject: Re: Websphere Express 5.1 Issue

Jim, here's a copy of my SSl config.  It's set up as a virtual host and 
you have to specify to listen on both 8080 and 443.  Hope this helps.

Listen 8080
Listen 443
<VirtualHost 10.254.0.1:443>
    SSLEngine On
    SSLAppName QIBM_HTTP_SERVER_SOSAPACHE
    SSLClientAuth None
    SetEnv HTTPS_PORT 443
</VirtualHost>

Norbut, Jim wrote:
>  
>  
>  
>  
>  
>  
>  
>  
> 1 
> Latest PFT group for Websphere for 5.1 Express V5R2 
> Here is my config file.......I can't seem to make it have the HTTPS
> listen on port 443.
> when I do a netstat (option 3) it goes to port 8080 for HTTPS ?
>  
> I wan't 8080 for Http Traffic and 443 for HTTPS......any ideas where I
> am going wrong ?
>  
> =======================================================
>  
>  
>    LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
>   2      WebSpherePluginConfig
> /QIBM/UserData/WebASE51/ASE/LAW8WES/config/cells/plugin-cfg.xml        
> 
>   3      LoadModule ibm_app_server_http_module
> /QSYS.LIB/QASE51.LIB/QSVTIHSAH.SRVPGM  
> 
>   4      # HTTP server (powered by Apache) configuration       
> 
>   5      DocumentRoot /LAW8/IOS        
> 
>   6      ServerRoot /www/LAW8  
> 
>   7      Options -ExecCGI -SymLinksIfOwnerMatch -Includes
> -IncludesNoExec -Indexes -MultiViews   
> 
>   8      Listen *:8080         
> 
>   9      AccessFileName .htaccess      
> 
>   10     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" combined   
> 
>   11     LogFormat "%{Cookie}n \"%r\" %t" cookie       
> 
>   12     LogFormat "%{User-agent}i" agent      
> 
>   13     LogFormat "%{Referer}i -> %U" referer         
> 
>   14     LogFormat "%h %l %u %t \"%r\" %>s %b" common  
> 
>   15     CustomLog logs/access_log combined    
> 
>   16     SetEnvIf "User-Agent" "Mozilla/2" nokeepalive         
> 
>   17     SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0   
> 
>   18     SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0  
> 
>   19     SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
> 
> 
>   20     SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive      
> 
>   21     SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
> 
> 
>   22     SetEnv CGIDIR /LAW8/ios/cgi-lawson   
> 
>   23     SetEnv HTTPS_PORT 443         
> 
>   24     SetEnv LAWENVNAME LAW8       
> 
>   25     CGIConvMode %%MIXED/MIXED%%  
> 
>   26     DirectoryIndex index.html index.htm default.html default.htm
> 
> 
>   27     ServerUserID LAWWEB  
> 
>   28     SSLEngine On  
> 
>   29     SSLAppName QIBM_HTTP_SERVER_LAW8      
> 
>   30     SSLCacheEnable        
> 
>   31     <Directory /LAW8/ios/cgi-lawson>      
> 
>   32         Order Deny,Allow         
> 
>   33         Require valid-user       
> 
>   34         PasswdFile %%SYSTEM%%    
> 
>   35         UserID %%CLIENT%%        
> 
>   36         AuthType Basic   
> 
>   37         AuthName LAW8    
> 
>   38     </Directory>  
> 
>   39     <Location /servlet/*>         
> 
>   40         Require valid-user       
> 
>   41         Order Deny,Allow         
> 
>   42         PasswdFile %%SYSTEM%%    
> 
>   43         UserID %%CLIENT%%        
> 
>   44         AuthType Basic   
> 
>   45         AuthName LAW8    
> 
>   46     </Location>   
> 
>   47     ScriptAliasMatch ^/cgi-lawson(.*)*.exe
> /LAW8/ios/cgi-lawson$1.pgm    
> 
>   48     ScriptAliasMatch ^/cgi-lawson(.*)*.pgm
> /LAW8/ios/cgi-lawson$1.pgm    
>  



------------------------------

message: 6
date: Wed, 18 May 2005 8:44:18 -0400
from: <ldwopt@xxxxxxx>
subject: 7855-10 Modem

Would someone please direct me to the user guide for the IBM 7855 modem setup 
guide. I have to erplace a modem but don't habe the user guide available to 
setup the new modem

TIA

Dave Willenborg



------------------------------

message: 7
date: Wed, 18 May 2005 07:44:02 -0500
from: "Elvis Budimlic" <ebudimlic@xxxxxxxxxxxxxxxxxxxxxxxxx>
subject: RE: Socks server port

NESTAT *CNN
F14

will give you the port numbers.  

However, I am a bit confused about your setup.  Your socks server is running
on the iSeries?  Then its port number should show in the WRKSRVTBLE and
could be changed. No?

Elvis

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Marc Rauzier
Sent: Wednesday, May 18, 2005 1:38 AM
To: Midrange Systems Technical Discussion
Subject: RE: Socks server port

Le mar. 17 mai 2005 18:05:01, Wilt, Charles ecrivait:

> WRKSRVTBLE ??
> 

Thank you Charles.

Well, I was sure not to write down this question in a fine english :-)

In my case, the AS400 is not the server, it is the client. It runs an 
FTP session to a FTP server thru a socks server (the socks server can 
only be configured with iSeries Navigator by right-clicking Properties 
on the TCP/IP configuration in the Network panel and filling the right 
informations in the SOCKS tab). The WRKSRVTBLE would help me if the 
AS400 have been FTP server which is not the case.


> Charles Wilt
> iSeries Systems Administrator / Developer
> Mitsubishi Electric Automotive America
> ph: 513-573-4343
> fax: 513-398-1121
>  
> 
>> -----Original Message-----
>> From: midrange-l-bounces@xxxxxxxxxxxx
>> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Marc Rauzier
>> Sent: Tuesday, May 17, 2005 11:31 AM
>> To: midrange-l@xxxxxxxxxxxx
>> Subject: Socks server port
>> 
>> 
>> Hello everybody
>> 
>> When configuring the socks client on an AS400 for a socks 
>> server (I want to 
>> run FTP thru a socks server from the AS400), I do not see a 
>> way to change 
>> the port on which the socks server listens.
>> 
>> Does someone know if it is possible (changing from 1080 which 
>> is, I guess, 
>> the default and used value to, let's say 8090) and, if yes, how ?
>> 
>> Note : OS400 V4R5
>> 


-- 
Cordialement/Best regards
Marc Rauzier

Opinions I stated here are my own.

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.







------------------------------

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) digest list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



End of MIDRANGE-L Digest, Vol 4, Issue 968
******************************************


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.