|
-----Original Message----- From: midrange-l-bounces+kenshields=ppg.com@xxxxxxxxxxxx [mailto:midrange-l-bounces+kenshields=ppg.com@xxxxxxxxxxxx]On Behalf Of midrange-l-request@xxxxxxxxxxxx Sent: Wednesday, May 18, 2005 8:47 AM To: midrange-l@xxxxxxxxxxxx Subject: MIDRANGE-L Digest, Vol 4, Issue 968 Send MIDRANGE-L mailing list submissions to midrange-l@xxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://lists.midrange.com/mailman/listinfo/midrange-l or, via email, send a message with subject or body 'help' to midrange-l-request@xxxxxxxxxxxx You can reach the person managing the list at midrange-l-owner@xxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of MIDRANGE-L digest..." Today's Topics: 1. RE: Socks server port (Marc Rauzier) 2. Re: Who ended the subsystem? (Dennis Nel) 3. RE: iSeries FTP security (Evan Harris) 4. RE: Who ended the subsystem? (ganeshkumar.murugesan@xxxxxxxxx) 5. Re: Websphere Express 5.1 Issue (Wayne McAlpine) 6. 7855-10 Modem (ldwopt@xxxxxxx) 7. RE: Socks server port (Elvis Budimlic) ---------------------------------------------------------------------- message: 1 date: Wed, 18 May 2005 08:37:34 +0200 from: Marc Rauzier <mrauzier@xxxxxxx> subject: RE: Socks server port Le mar. 17 mai 2005 18:05:01, Wilt, Charles ecrivait: > WRKSRVTBLE ?? > Thank you Charles. Well, I was sure not to write down this question in a fine english :-) In my case, the AS400 is not the server, it is the client. It runs an FTP session to a FTP server thru a socks server (the socks server can only be configured with iSeries Navigator by right-clicking Properties on the TCP/IP configuration in the Network panel and filling the right informations in the SOCKS tab). The WRKSRVTBLE would help me if the AS400 have been FTP server which is not the case. > Charles Wilt > iSeries Systems Administrator / Developer > Mitsubishi Electric Automotive America > ph: 513-573-4343 > fax: 513-398-1121 > > >> -----Original Message----- >> From: midrange-l-bounces@xxxxxxxxxxxx >> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Marc Rauzier >> Sent: Tuesday, May 17, 2005 11:31 AM >> To: midrange-l@xxxxxxxxxxxx >> Subject: Socks server port >> >> >> Hello everybody >> >> When configuring the socks client on an AS400 for a socks >> server (I want to >> run FTP thru a socks server from the AS400), I do not see a >> way to change >> the port on which the socks server listens. >> >> Does someone know if it is possible (changing from 1080 which >> is, I guess, >> the default and used value to, let's say 8090) and, if yes, how ? >> >> Note : OS400 V4R5 >> -- Cordialement/Best regards Marc Rauzier Opinions I stated here are my own. ------------------------------ message: 2 date: Wed, 18 May 2005 08:44:25 +0200 from: Dennis Nel <dvnel.za@xxxxxxxxx> subject: Re: Who ended the subsystem? In the DSPLOG command you search for the message with an id of CPF0995. Once you have these messages, you can just press F1 (Help) on the message and in the second level text of this message you will be able to identify the job that the ENDSBS command was issued from. On 5/18/05, ganeshkumar.murugesan@xxxxxxxxx <ganeshkumar.murugesan@xxxxxxxxx> wrote: > > A subsystem has been brought down by some user. We need to find the user > profile which was used to bring down the subsystem. > > In DSPLOG we found that the command ENDSBS has been issued but it > doesn't mention about the user profile. > > Is there any way to find the user profile which ended the subsystem? > > Thanks, > Ganesh > > Confidentiality Notice > > The information contained in this electronic message and any attachments to > this message are intended > for the exclusive use of the addressee(s) and may contain confidential or > privileged information. If > you are not the intended recipient, please notify the sender at Wipro or > Mailadmin@xxxxxxxxx immediately > and destroy all copies of this message and any attachments. > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > ------------------------------ message: 3 date: Wed, 18 May 2005 19:55:40 +1200 from: Evan Harris <spanner@xxxxxxxxxx> subject: RE: iSeries FTP security Hi Joe Thanks for your comments - a few responses inline. >Here's an interesting take on it: you might want to understand how FTP >works before you open up your mission critical machines to it. >Seriously, the ".." exploit is known to just about every script kiddie >who ever set up an FTP server only to see somebody go rifling through >their files. The problem is not that the iSeries is allowing access, >but that people are allowing FTP access to their iSeries without really >knowing how FTP works. I am fairly sure I understand how FTP works, although I will confess to not being particularly aware of the ".." exploit. Of course, the issue is not about FTP specifically it is more about understanding what the path returned via the FTP exit API represents and coding to avoid the ".." exploit. Going by some of the other posts I am in good company. >Every time somebody posts something about how they "must" allow FTP >access, or "must" allow ODBC access to their data, I cringe because I'm >almost certain that they haven't gone out and investigated how these >utilities work. There are similar exploits with ODBC too numerous to >mention, especially for people with authorized access to your machine. If access via these methodologies is requested/demanded by the user community then it would be foolish to deny them out of hand just because I didn't know how they work. Especially when some NT guy is more than happy to claim he can provide the required service(s). The way I see it I can read the books available get some assistance where necessary, subscribe to forums like this and learn how to manage these utilities. Then I can run them on a machine I know I can secure. The alternative would be to never learn anything and never do anything and watch the iSeries replaced at an even more rapid rate by Windows boxes that are not really up to the task of running an enterprise. >The right answer is to create separate, low-access user profiles with >access only to sandbox areas, and then to put data in those areas only >on demand. Unfortunately, some of those same people who are opening >their machines to ODBC and FTP access will be the first to say this is >too much work. I agree in principle but experience tells me: 1. People with an existing profile will balk at having a second user profile 2. People will balk at waiting for a copy to be made of data they know is already there and waiting The real solution to this problem is to go back and fix the access to data properly, particularly on those systems where it has been bastardized by a vendor package with badly though out access methodologies and end user rights, especially packages or home grown apps that confer *ALLOBJ on all end users to make it easy to manage. If I had *PUBLIC *READ or *PUBLIC *EXCLUDE on all my data libraries this wouldn't be the problem it is, but the number of packages and homegrown applications that have started out requiring *ALLOBJ or something equally ill conceived means I simply have to try and secure around it. Another answer is to get a security tool to help get around this or even to write an exit program if the funds to purchase are not forthcoming. But now we might be right back where we started. >Anyway, my .02 on this is that you need to know how the tools work, >warts and all, BEFORE you implement them. The ".." technique is a good >one to guard against, and I guess if you have to learn it from the guy >in question, then that's better than nothing. But you might want to >talk to a local twelve-year-old before you open your production data to >FTP access. I am not particularly bothered who I learned it from, the point for me is that now I do know. I do know that I am never going to have the luxury of knowing every detail of every utility I am asked to implement, but I do know I will make every effort to find out what I need to know and keep on questioning what I do know in case things have changed or I have missed something. I'm old enough now to know that the only certainty is there is always something to learn. I'm not too proud to learn it wherever I can. >Joe > >P.S. Among the many ways around this particular issue is to a create >special IFS folder with limited access and disable access to that >folder's parent folder, then create symbolic links to the data in >question. How would this help with access to my inventory table, or would you propose that I keep a copy in CSV format, or even better that I make people wait while I generate only the data they want and then wait again while they extract the data from the safe area ? Perhaps I should just go tell the NT guy to fire up his SQL Server and make copies of the iSeries data so it will be "accessible" to the end users instead of having to deal with the legacy iSeies. Regards Evan Harris ------------------------------ message: 4 date: Wed, 18 May 2005 13:22:07 +0530 from: <ganeshkumar.murugesan@xxxxxxxxx> subject: RE: Who ended the subsystem? The message in the QHST shows "Subsystem QMSP ending in progress" When I take F1 on that message, it just shows me no details about the user profile. I was able to identify the job, but the user of the job is QSYS, which is not what I expected. Some user has ended it. Who is that is my question? -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Dennis Nel Sent: Wednesday, May 18, 2005 12:14 PM To: Midrange Systems Technical Discussion Subject: Re: Who ended the subsystem? In the DSPLOG command you search for the message with an id of CPF0995. Once you have these messages, you can just press F1 (Help) on the message and in the second level text of this message you will be able to identify the job that the ENDSBS command was issued from. On 5/18/05, ganeshkumar.murugesan@xxxxxxxxx <ganeshkumar.murugesan@xxxxxxxxx> wrote: > > A subsystem has been brought down by some user. We need to find the user > profile which was used to bring down the subsystem. > > In DSPLOG we found that the command ENDSBS has been issued but it > doesn't mention about the user profile. > > Is there any way to find the user profile which ended the subsystem? > > Thanks, > Ganesh > > Confidentiality Notice > > The information contained in this electronic message and any attachments to this message are intended > for the exclusive use of the addressee(s) and may contain confidential or privileged information. If > you are not the intended recipient, please notify the sender at Wipro or Mailadmin@xxxxxxxxx immediately > and destroy all copies of this message and any attachments. > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or Mailadmin@xxxxxxxxx immediately and destroy all copies of this message and any attachments. ------------------------------ message: 5 date: Wed, 18 May 2005 07:33:09 -0500 from: Wayne McAlpine <wayne.mcalpine@xxxxxxxxxxxxxxxxx> subject: Re: Websphere Express 5.1 Issue Jim, here's a copy of my SSl config. It's set up as a virtual host and you have to specify to listen on both 8080 and 443. Hope this helps. Listen 8080 Listen 443 <VirtualHost 10.254.0.1:443> SSLEngine On SSLAppName QIBM_HTTP_SERVER_SOSAPACHE SSLClientAuth None SetEnv HTTPS_PORT 443 </VirtualHost> Norbut, Jim wrote: > > > > > > > > > 1 > Latest PFT group for Websphere for 5.1 Express V5R2 > Here is my config file.......I can't seem to make it have the HTTPS > listen on port 443. > when I do a netstat (option 3) it goes to port 8080 for HTTPS ? > > I wan't 8080 for Http Traffic and 443 for HTTPS......any ideas where I > am going wrong ? > > ======================================================= > > > LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM > 2 WebSpherePluginConfig > /QIBM/UserData/WebASE51/ASE/LAW8WES/config/cells/plugin-cfg.xml > > 3 LoadModule ibm_app_server_http_module > /QSYS.LIB/QASE51.LIB/QSVTIHSAH.SRVPGM > > 4 # HTTP server (powered by Apache) configuration > > 5 DocumentRoot /LAW8/IOS > > 6 ServerRoot /www/LAW8 > > 7 Options -ExecCGI -SymLinksIfOwnerMatch -Includes > -IncludesNoExec -Indexes -MultiViews > > 8 Listen *:8080 > > 9 AccessFileName .htaccess > > 10 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" > \"%{User-Agent}i\"" combined > > 11 LogFormat "%{Cookie}n \"%r\" %t" cookie > > 12 LogFormat "%{User-agent}i" agent > > 13 LogFormat "%{Referer}i -> %U" referer > > 14 LogFormat "%h %l %u %t \"%r\" %>s %b" common > > 15 CustomLog logs/access_log combined > > 16 SetEnvIf "User-Agent" "Mozilla/2" nokeepalive > > 17 SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 > > 18 SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 > > 19 SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0 > > > 20 SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive > > 21 SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 > > > 22 SetEnv CGIDIR /LAW8/ios/cgi-lawson > > 23 SetEnv HTTPS_PORT 443 > > 24 SetEnv LAWENVNAME LAW8 > > 25 CGIConvMode %%MIXED/MIXED%% > > 26 DirectoryIndex index.html index.htm default.html default.htm > > > 27 ServerUserID LAWWEB > > 28 SSLEngine On > > 29 SSLAppName QIBM_HTTP_SERVER_LAW8 > > 30 SSLCacheEnable > > 31 <Directory /LAW8/ios/cgi-lawson> > > 32 Order Deny,Allow > > 33 Require valid-user > > 34 PasswdFile %%SYSTEM%% > > 35 UserID %%CLIENT%% > > 36 AuthType Basic > > 37 AuthName LAW8 > > 38 </Directory> > > 39 <Location /servlet/*> > > 40 Require valid-user > > 41 Order Deny,Allow > > 42 PasswdFile %%SYSTEM%% > > 43 UserID %%CLIENT%% > > 44 AuthType Basic > > 45 AuthName LAW8 > > 46 </Location> > > 47 ScriptAliasMatch ^/cgi-lawson(.*)*.exe > /LAW8/ios/cgi-lawson$1.pgm > > 48 ScriptAliasMatch ^/cgi-lawson(.*)*.pgm > /LAW8/ios/cgi-lawson$1.pgm > ------------------------------ message: 6 date: Wed, 18 May 2005 8:44:18 -0400 from: <ldwopt@xxxxxxx> subject: 7855-10 Modem Would someone please direct me to the user guide for the IBM 7855 modem setup guide. I have to erplace a modem but don't habe the user guide available to setup the new modem TIA Dave Willenborg ------------------------------ message: 7 date: Wed, 18 May 2005 07:44:02 -0500 from: "Elvis Budimlic" <ebudimlic@xxxxxxxxxxxxxxxxxxxxxxxxx> subject: RE: Socks server port NESTAT *CNN F14 will give you the port numbers. However, I am a bit confused about your setup. Your socks server is running on the iSeries? Then its port number should show in the WRKSRVTBLE and could be changed. No? Elvis -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Marc Rauzier Sent: Wednesday, May 18, 2005 1:38 AM To: Midrange Systems Technical Discussion Subject: RE: Socks server port Le mar. 17 mai 2005 18:05:01, Wilt, Charles ecrivait: > WRKSRVTBLE ?? > Thank you Charles. Well, I was sure not to write down this question in a fine english :-) In my case, the AS400 is not the server, it is the client. It runs an FTP session to a FTP server thru a socks server (the socks server can only be configured with iSeries Navigator by right-clicking Properties on the TCP/IP configuration in the Network panel and filling the right informations in the SOCKS tab). The WRKSRVTBLE would help me if the AS400 have been FTP server which is not the case. > Charles Wilt > iSeries Systems Administrator / Developer > Mitsubishi Electric Automotive America > ph: 513-573-4343 > fax: 513-398-1121 > > >> -----Original Message----- >> From: midrange-l-bounces@xxxxxxxxxxxx >> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Marc Rauzier >> Sent: Tuesday, May 17, 2005 11:31 AM >> To: midrange-l@xxxxxxxxxxxx >> Subject: Socks server port >> >> >> Hello everybody >> >> When configuring the socks client on an AS400 for a socks >> server (I want to >> run FTP thru a socks server from the AS400), I do not see a >> way to change >> the port on which the socks server listens. >> >> Does someone know if it is possible (changing from 1080 which >> is, I guess, >> the default and used value to, let's say 8090) and, if yes, how ? >> >> Note : OS400 V4R5 >> -- Cordialement/Best regards Marc Rauzier Opinions I stated here are my own. -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. ------------------------------ -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) digest list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. End of MIDRANGE-L Digest, Vol 4, Issue 968 ******************************************
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
