Manuals / IBM / Computer Equipment / Network Card

IBM Safenet/400 manual Usage Notes/Limitations, Recommended Setting Level 4, Log All, 12.33

Models: Safenet/400

1 172

Download 172 pages 49.63 Kb

Page 153

FTP Client Request Validation

Description: FTP Client Request Validation

This function is used whenever the System i5 is a client, issuing FTP commands to a remote system.

Where used:	System i5 command lines, interactive and batch jobs can initiate an FTP
	client request
Server Identifier:	*FTPClient
Format Name:	VLRQ0100
Levels Supported:	Basic	(Level 1,2)
	Intermediate	(Level 3)
	Advanced	(Level 4)

Usage Notes/Limitations:

At Level 3 or Level 4 you can implement IP address controls. This will allow you to limit what target addresses/systems an FTP client can connect to. See commands:

CHGFTPSET IPCTLC(*YES) and WRKTCPIPA *FTPCLIENT

You can also review ‘Setting up TCP/IP Address Controls’ in Chapter 3 of this guide.

Recommended
Setting:	Level 4, Log All

Important Note:

When the FTP Client point is set to Level 4, only the GET and PUT FTP sub-commands are required. The other commands, when using the FTP Client, are for the TARGET SYSTEM ONLY (sent to/run on the target system).

When authorizing users to the GET/PUT sub-commands, the assumed object authority is reversed from authorities required for the FTP Server point and the same objects.

See the following examples.

	SafeNet/400 Reference Guide
	♥ Copyright 2008 MP Associates of Westchester, Inc.	12.33
	V8.50 - May 2008	12.33
	V8.50 - May 2008

Image 153

IBM Safenet/400 manual Usage Notes/Limitations, Recommended Setting Level 4, Log All, 12.33

Contents

MP Associates of Westchester, Inc SAFENET/400How to contact us Table of Contents 10.3 10.110.7 10.9Group Profiles Navigating through the screensLogging Level a Setting the User Logging LevelsLogging Level R Logging Level NSafeNet Administrator Super Trusted User Control Maintain User to Server Security screen appears Entering User Security LevelsALL Active Servers Add New Object Authorization screen appears Entering User Authorities to ObjectsWork User to Object Security screen is displayed Not Allowed for library Not Allowed for objectReminder Exclusions Copyright 2008 MP Associates of Westchester, Inc V8.50 May Work User to SQL Statements screen is displayed Entering User Authorities to SQL StatementsType the user profile, the Group or *PUBLIC, then Enter Maintain Authorized SQL Statements screen appearsCopyright 2008 MP Associates of Westchester, Inc V8.50 May Entering User Authorities to FTP Statements Type the user profile or *PUBLIC then EnterWork with Authorized FTP Statements screen appears Path EncryptedUsing FTP Server Using FTP ClientName Format List FormatWork User to CL Commands, Enter User ID screen is displayed Maintain Authorized CL Commands screen appearsType each CL command that this user is permitted to use Copyright 2008 MP Associates of Westchester, Inc Maintain Path Names screen appears Entering Long Path NamesCopyright 2008 MP Associates of Westchester, Inc Copy SafeNet User/Authorities screen is displayed Removing a User from SafeNet/400Remove Users from SafeNet screen appears Maintain all Security for a User Authorized to At this time? Setting up Time of Day ControlsType the user profile, Enter and then press F10 User Time-of-Day Maintenance screen appearsCopyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Setting UP Servers Level SafeNet/400 Server Function Security LevelsLevel Setting the Server Function Logging Levels Basic Server Security Supported by all Servers Intermediate Server Security Supported by all ServersAdvanced Server Security Supported by Specific Servers Level 1, Log None Recommended Server SettingsLevel 1, Log None Level 3, Log All Limit user Distributed Data ManagementLevel 1, Log All Log all requests PwrdwnsysMaintain Server Security screen is displayed Entering Server Function Security LevelsCopyright 2008 MP Associates of Westchester, Inc Customer Exit Programs Copyright 2008 MP Associates of Westchester, Inc Setting up Telnet Restricting Access to Specific Device Names Controlling Telnet Access by IP AddressSetting the Required Password Type Allow Auto Signon Enter the password type 0 or 1 is requiredLogging of Telnet Sessions Setting up TCP/IP Address Controls Turning on TCP/IP Address CheckingType Wrksrv Example Setting up TCP/IP Address Control TableCopyright 2008 MP Associates of Westchester, Inc Anonymous FTP Logon Use Wrktcpipa *FTPSERVER Parameter Screen Selections Value DescriptionUse Wrktcpipa *FTPCLIENT LibnameRecommended that you leave this as ProfilenamePword Password of *NONE and *USER forSetting up for Anonymous FTP ExampleLocate the FTP Logon Server point Page Select Option 6 Work with User to CL Command Security Setting up for Normal User IDs and FTP ServersPage Dynamic Host Configuration Protocol Dhcp Control and Reports Menu appears Working with DhcpCurrent Dhcp Activity Copyright 2008 MP Associates of Westchester, Inc Maintaining MAC Addresses Fixed IP Addresses Purging Expired Dhcp Lease Information Ping Checker Reports Setup Reports Usage Reports Copyright 2008 MP Associates of Westchester, Inc Security Report by User in test mode Menu SN4, Option Testing Your Security SettingsCopyright 2008 MP Associates of Westchester, Inc Security Levels to Check field Copyright 2008 MP Associates of Westchester, Inc Copyright 2008 MP Associates of Westchester, Inc V8.50 May On the Print Security Report screen fill in the following Batch Transaction Test Review/Report Security Report by UserCopyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Recommended approach to testing Pcreview Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Log file Purge Strprg DAYS060 To perform a standard purgeStrprgarc DAYS060 ARC*YES PRT*YES PRTR*NO RMVDEL*NO To purge the log and archive the recordsAutomating the One Step Security Report Automating the log file purgeStrprgarc DAYS005 Strprgarc DAYS001 Daily Backup Procedure Enter command Chgspcset LOGALL*NOChgspcset LOGALL*YES to begin logging Copyright 2008 MP Associates of Westchester, Inc Before de-activating De-activating SafeNet/400To activate or de-activate SafeNet/400 Removing SafeNet/400 from your system Copyright 2008 MP Associates of Westchester, Inc 10.1 Error Message Received on the System10.2 Error Message Received on the Client Check the request log for a ‘REJECTED’ response10.3 10.4 10.5 If you still cannot resolve the problem Also try Endtcpsvr *ALL, Endhostsvr *ALL then Strtcp10.6 10.7 Examples of Client Error Messages10.8 10.9 Error Codes which Appear in the Log10.10 10.11 Additional Troubleshooting Tips10.12 11.1 Resetting Level 5 within SafeNet/40011.2 Select Option 6 Activate/De-Activate SafeNet/40011.3 Pre-Power Down Program Point11.4 Using Automatic Alert NotificationActivating SafeNet/400 Alert Notification Creating a Distribution List11.5 OPT Profile SwappingSafeNet/400 RQD 11.6Setting up a Swap Profile Maintain Authorized Swap Profiles screen appears11.7 11.8 Journaling SafeNet/400 Security FilesFiles Contained in SafeNet/400 Errord FileTraparcw File 11.911.10 Trapod FileSafeNet/400 Commands Commands Description11.11 11.12 11.13 Wrkusrsec11.14 12.1 Server Function Descriptions12.2 Original ServersServer Identifier Where usedFormat Name Levels Supported12.4 12.5 Limitations12.6 12.7 Usrlibl ALL12.8 12.9 Original Message Server Description Original Message Server12.10 12.11 12.12 12.13 Optimized Servers12.14 12.15 12.16 12.17 12.18 12.19 Access to System i5 database through Odbc interfaceDatabase Server Entry Description Database Server Entry 12.21 Usage12.22 12.23 12.24 12.25 12.26 Data Queue Server Description Data Queue Server12.27 12.28 File Server Description File Server Access to entire file systemWindows Explorer and other applications 12.2912.30 Allflr ALL12.31 Personnel ALL12.32 PAYROLL.LI SALARY.FILRecommended Setting Level 4, Log All Usage Notes/Limitations12.33 12.34 12.35 FTP Logon Server Description FTP Logon Server 112.36 FTP Logon Server Description FTP Logon Server 212.37 FTP Logon Server Description FTP Logon Server 312.38 12.39 12.40 12.41 Pre-Power Down Description Pre-Power Down Server12.42 Rexec Logon Server Description Rexec Logon Server 1 Usage Notes12.43 12.44 Rexec Logon Server Description Rexec Logon Server 212.45 12.46 Important Notes on setting up a user for ShowCase** Strategy12.47 TCP Signon Server Description TCP Signon Server12.48 12.49 12.50 Server Identifier FormatIndex Public