On 08-Nov-2013 12:06 -0800, ALopez@xxxxxxxxxx wrote:
I've just used the Navigator wizard to configure this on a new
system. It seems that at V7R1 I do not need to have the QOS TCP/IP
server running (and I have IPQOSENB set to *NO in CHGTCPA). What I
can't figure out is how you tell INS that you want it to start
Presumably that meant to suggest Intrusion Detection System (IDS),
All of the TCP/IP servers have this option under their properties in
the Navigator, but Intrusion Detection has options just for
Notifications and ICMP. All of the descriptions of starting/stopping
it that I can find online refer to manually doing so in Navigator.
That doesn't help much unless it automatically restarts after an IPL,
as I also can't find a command line interface for starting it.
The documentation suggests that the function of the IDS feature does
not run in\as a separate TCP/IP server, but as part of the TCP/IP stack
itself [the TCP/IP code itself], activated by policies. Thus there is
not a configurable AUTOSTART setting as there would be with a TCP
server. Seems the feature starts functioning as part of the stack,
automatically after IPL, per those same docs:
_i IBM i Security Intrusion detection 7.1 i_
When you create an intrusion detection policy, the IDS GUI builds the
IDS policy file and activates IDS using the Control Intrusion Detection
and Prevention (QTOQIDSC, QtoqIDSControl) API.
Note: After you create a new policy, IDS is automatically stopped and
restarted for the policy to take effect. In V5R4, the QoS server is
automatically stopped and restarted.
The /production stack/ consists of the TCP/IP modules involved in most
of the network operations on the System i® platform.
The /service stack/ consists of the TCP/IP modules involved in service
and support of the System i platform.
The service stack comes up first and remains until the next IPL. The
production stack comes up after the service stack and remains until
TCP/IP is ended. After an IPL, the service stack checks to see if IDS
was active before the IPL. If so, IDS is reactivated. ...
The above docs are in the IBM i 7.1 InfoCenter as well, under the
same parent topic:
IBM i 7.1 Information Center -> Security -> Intrusion detection ->
Intrusion detection concepts
_Intrusion detection system initialization_
_Intrusion detection system operation_