||by Giovanni B. Perotti (Italy)|
This documentation applies to SECTCP release dated March 14, 2018.|
Always refer to this online document for the latest features.
The PDF version of this document may be obsolete.
SECTCP (secure TCP) is an IBM i public-source utility
that may be used to control and restrain access to the following TCP servers:
SECTCP adds an extra protection layer between a firewall (if you have one) and the OS/400 security.
This extra layer is much more flexible than any firewall and can be easily controlled and changed as needed.
Changes to SECTCP settings do not require restarting the FTP or the TELNET server.
If you are currently running SECTCP and you are willing to host a CGI application on an HTTP instance,
then you may install a WEB interface for SECTCP.
|Its name is WSECTCP.|
|This WEB interface makes SECTCP so easy that you would never go back to a 5250 session.|
Go to this download page and install WSECTCP today.
If you already installed SECTCP and WSECTCP, you may then install also ESECTCP.
|ESECTCP provides you with the names (country, region, city) and google maps of all the locations where undesired client IP addresses tried with no success to login to your FTP or TELNET server.|
|Read about ESECTCP.|
Go to this download page to install ESECTCP.
SECTCPTEST is a small utility - authored by Helge Bichel, Denmark - that helps you in finding out
if an IP address would be able to login via SECTCP to your IBMi TELNET and/or FTP servers.
- Operating system release V5R2 or subsequent
- ILE-RPG compiler
Note - To re-install SECTCP on a box without the ILE-RPG compiler:
- Signon to the IBM i with a class *SECOFR user profile
- CRTSAVF FILE(QGPL/SECTCP) AUT(*ALL)
- From the Easy400 download page
download file sectcp.zip to your PC and unzip it
- Use FTP to copy PC file sectcp.sav to save file QGPL/SECTCP
- RSTLIB SAVLIB(SECTCP) DEV(*SAVF) SAVF(QGPL/SECTCP)
- STRREXPRC SRCMBR(INSTALL) SRCFILE(SECTCP/QREXSRC)
It will perform the following:
- creates a compile program in library SECTCP
- runs command SECTCP/COMPILE that creates the necessary modules and programs
- runs command SECTCP/INSTALL to complete the installation by
During the installation process will stop two times:
- restoring directory /sectcp
- creating and populating library SECTCPDATA with local files
- The first time, to ask the name of the user profile (SECTCP owner) authorized to change the SECTCP settings
- The second time, to display the HTTP directives that you may install later on in an
Apache HTTP instance of your choice.
These directives allow to display the SECTCP documentation
(the one you are currently reading. They are in the IFS stream file
If you like, you may press this
to display them.
- Save library SECTCP
- Restore library SECTCP on the other box
- On this other box:
- signon with a class *SECOFRE user profile
- run command SECTCP/INSTALL
|Setting up SECTCP|
To define the SECTCP settings, you must
You will then receive the following screen:
- signon with the user profile authorized for this operation during the installation process
- enter command SECTCP/SECTCP .
(Please note that help text is available from any SECTCP screen)
|Figure 1 - No protections yet|