Intrusion Detection on System i

I found an interesting article on the IBM i security IBMSystems Magazine and I copy below some important points:

IBM Intrusion Detection System notifies you of attend to hack into, disrupt of deny service to your system

August 2007 | by Jim Coon, Yessong Johng,

TCP Control Flags

Hackers, crackers, intruders, oh my! And each with their pride at stake, But rest assured with a System i, You'll have a host that they can't break.

Though the term hacker is used with pride by relative old-timers who remember the glory days of self-modifying code, patched binary code and jury-rigged wire connectors, it's since taken on more negative connotations, referring to someone who breaks into computers to disrupt service or "own the machine." Traditional hackers call these scurrilous creatures "crackers." We prefer the term hackers to describe both the malicious cracker and the ethical interloper. The malicious hacker is out to steal information, drive your business to its knees or take over your machine. The ethical hacker exposes the vulnerabilities in your system defenses so you can plug the holes.

The Intrusion Detection System (IDS) in IBM* i5/OS* notifies you of attempts to hack into, disrupt or deny service to the system. Prior to IDS, i5/OS took some protective measures against these types of intrusions. However, with the new IDS support, the i5/OS system can now tell you about the intrusions.

The types of intrusions on an i5/OS system that are caught, audited and, in many cases, discarded before they become a threat are multiple kinds of attacks, scans and traffic-regulation anomalies for TCP and User Datagram Protocol (UDP). In this article, we'll explain these different intrusions and provide an example of IDS in action.

You can read the article at: IBMSystems Magazine

Automatically Deleting Spooled Files through Expiration Dates

I found another interesting news on the IT Jungle website and I have copied it below for your information.

Automatically Deleting Spooled Files through Expiration Dates

Published: March 23, 2011

Hey, Joe:

Last year, I stumbled on a cool method for automatically deleting spooled files. When you create a spooled file, you can set the number of days that you want to keep that file on your system. Then once a night, you can submit a job that runs the Delete Expired Spooled Files (DLTEXPSPLF) command that will automatically delete expired spooled files. You should try it.

--Peter

After working with the Power i and its antecedents for almost 30 years, I always find it interesting when somebody shows me something valuable that I haven't used before. DLTEXPSPLF is a simple command that automatically removes all expired spooled files from all the system Auxiliary Storage Pools (ASPs) or the system ASP on your iSeries, System i, and Power i partitions.

DLTEXPSPLF takes a little planning because spooled files don't just expire on their own accord. Rather, you have to configure each spooled file with its own expiration date for later removal. This can be done before or after the spooled file is created.

To really understand DLTEXPSPLF, it's best to look at an example. Let's say that we want to set up all our INVOICE spooled files to automatically be deleted from the system after 30 days. We can easily do this by making the following changes.

1.Change the printer file that is used to create your target spooled file, so that it includes a target expiration period for newly created invoices--Let's assume you're using a third-party accounting package that uses a printer file called INVOICE to create all your invoice spooled files. If we want to designate that all INVOICE spooled files will expire after 30 days, we can change the EXPIRATION DATE FOR FILE (EXPDATE) parameter to *DAYS and the DAYS UNTIL FILE EXPIRES (DAYS) parameter to 30 days inside the INVOICE printer file. For this modification, we can simply run the following CHANGE PRINTER FILE (CHGPRTF) command.

CHGPRTF FILE(INVOICE) EXPDATE(*DAYS) DAYS(30)

This command changes the printer file immediately so all new invoices will automatically be tagged with an expiration date of 30 days past their creation dates. Note that this will work for any spooled files that are created through an associated printer file. Altering source printer file parameters can serve as an easy way to set different expiration dates for different types of spooled files.

2. Set up a daily job to delete all spooled files that have expired during the previous day--This can be done either through IBM's job scheduler or through a third-party i/OS job scheduler such as Help/Systems' Robot/SCHEDULE. Run DLTEXPSPLF this way in your scheduled job if you want to delete expired spooled files in all of your ASPs.

DLTEXPSPLF ASPGRP(*ALL)

Run DLTEXPSPLF this way if you only want to delete expired spooled files in your system ASP (ASP 1).

DLTEXPSPLF ASPGRP(*SYSBAS)

Spooled files always expire at 23:59:59 military time on their expiration date. So if you run DLTEXPSPLF once a day, it will delete all the spooled files that expired the day before.

To add an entry to the IBM job scheduler for running DLTEXPSPLF on a daily schedule, you can run the following ADD JOB SCHEDULER ENTRY (ADDJOBSCDE) command that IBM lists in its i5/OS V5R4 Information Center entry on DLTEXPSPLF.

ADDJOBSCDE   JOB(DLTEXPSPLF)  CMD(DLTEXPSPLF  ASPGRP(*ALL))          
FRQ(*WEEKLY)  SCDDATE(*NONE)  SCDDAY(*ALL)SCDTIME(010000)
JOBQ(QSYS/QSYSNOMAX) TEXT('DELETE EXPIRED SPOOLED FILES SCHEDULE ENTRY')

And that's all there is to automatically deleting your job logs. If you want to add any other types of spooled files to your automatic deletion schedule, change their print file attributes, provided you can find the print file they are created from.

You can also change spooled file expiration dates on the fly by running the CHANGE SPOOLED FILE ATTRIBUTES (CHGSPLFA) command to modify the expiration dates of files as they are created or as they sit in an output queue. To change the expiration date on a recently created spooled file to 30 days, all you have to do is gather the relevant spooled file information and run the following CHGSPLFA command.

CHGSPLFA   FILE(spooled file name) JOB(job number/user name/job name)
SPLNBR(spooled file number) EXPDATE(*DAYS) DAYS(30)

If you don't want to mess around with changing expiration dates on the fly, you can create your own program to change the expiration dates for all spooled files in an output queue. A few years, I wrote a program called MOVSPLF that was used to move spooled files from one output queue to another. This program creates a work file of all the spooled files in a particular output queue and uses CHGSPLFA to move each spooled file to another output queue. With a little modification, you can easily change MOVSPLF to set expiration dates for all the spooled files in an output queue. Click here to check out the architecture and code for the MOVSPLF program.

--Joe

DDS Conversion Tool

I found an interesting news on the IT jungle website and I have copied it below for your convenience.

DDS Conversion Tool Joins Profound's Web Development Tools

Published: March 15, 2011

by Dan Burger

Profound Logic Software has released an integral piece of its native graphical user interface platform built around IBM's Rational Open Access. The Profound DDS Conversion Module converts existing DDS source members to native IBM i objects that support a graphical user interface. It does this without relying on the green-screen protocol, a distinguishing factor compared to other application modernization methods. Profound is one of several IBM i ISVs making use of RPG Open Access.

The DDS Conversion Module is an important piece of the Dayton, Ohio, software company's Profound UI suite of application development tools designed for Web formats. Profound UI was announced in April 2010. Its approach is to use the native object-based architecture found in the IBM i, which allows the business logic to remain in RPG while obtaining the native GUI interface that many RPG programmers have asked IBM to deliver for so long.

RPG programmers with traditional display files (DDS) skills will likely appreciate how the Profound approach stays true to the DDS organizational method of separate record formats that represent different screens and subfile grids. However, unlike traditional display file objects, Profound UI creates what it calls rich display files that also store GUI metadata using JavaScript Object Notation (JSON), a lightweight data-interchange format used to build dynamic HTML for browser applications.

Profound's RPGsp product, by comparison, is a combination of HTML working with RPG. "There was a learning curve for the typical RPG developer," says Alex Roytman, CEO at Profound Logic. "They are used to seeing things in record formats rather than HTML."

The DDS Conversion Module comes into play when modernizing green screens--whether adding features or functionality or not.

"The biggest benefit provided by the DDS Conversion Module," Roytman says, "is in moving forward with future development and in maintaining the applications. If you have a green screen with a GUI on top of it, you have to mess with the character-based interface and see how that propagates to the GUI, so you are maintaining it in two places. When adding new functionality with a refaced app then you have to create a green screen before doing anything else.

"Without DDS conversion, you have 5250 refacing for Web enablement. There is still a dependence on the 5250 for maintenance. It requires going back to the green screen to make changes and the logic gets put on top of the green screen."

The biggest advantage of using the DDS Conversion Module, compared to using a refacing solution, is it doesn't require any change to RPG logic. It also provides client-side scrolling in load-all subfiles, sortable columns, expandable subfile rows, and access to records and data within the running RPG program, Profound says. In addition, the converted screens can be maintained using the Profound's Visual Designer tool, which allows developers to add features to their applications without in-depth skills in technologies such as JavaScript, JSON, AJAX, and DHTML.

Naturally, new application development projects have to work with the databases on the iSeries and most will reuse the logic in existing applications. And although RPG gets overlooked or wrongly labeled as only a language for back end systems, it is certainly Web capable.

"There are a lot of RPG developers able to build Web apps from scratch without knowing HTML, AJAX, and JavaScript," Roytman says. In many cases, they have never crossed over into the world of Web technologies because they never needed to. RPG programmers are capable of building modern apps, but connecting the GUI front end with the back end logic has been an issue."

Roytman believes the success of Profound UI will be based on the fact that it simplifies the Web development process by using familiar concepts in combination with a variety of widgets used in customizing screens with graphical elements connected to RPG record formats and fields. He compares the look and feel of his company's Visual Designer tool to the Microsoft .NET design tool, Visual Studio.

"I always have thought Visual Studio is one of the easiest design tools from a layout standpoint. It's easy to get around," he says. "The concepts of our tool are RPG-like, but it looks like Visual Studio in the way the tool box contains controls that can be dragged onto a canvass, properties for each widget, and a listing of record formats. All of our drag and drop elements have the Visual Studio look and feel and the designer screen is very similar to how the app will look."

Profound Logic has worked with approximately 25 beta sites to fine tune the conversion process. Roytman says much of this time was devoted to increasing the support for DDS keywords.

"We don't support 100 percent of the DDS keywords," he says. "But there are keywords that are seldom used or not used at all. If you took your typical display file or the 10 typical display files a given company uses, the chances are pretty good that we'd be supporting all the keywords."

The entire list of supported keywords is available on the Profound Logic website.

Profound sells its UI modules individually or in packages. Pricing is based on system processor group. A company buying the basic handler and design tool should figure approximately $7,500 for each, or a total of $15,000 if they run on the P05 processor level. The DDS Conversion Module would be priced at $8,000.

For additional information, see the Profound Logic website.

MC Press Online Launches New Online Bookstore for IT Professionals

Redesigned from the ground up, the new MC Press Bookstore sports a clean new interface, more product information, and new training materials and e-book sections.

Ketchum, ID, March 10, 2011 --(PR.com)-- MC Press Online, LLC has announced the launch of its new feature-rich online MC Press Bookstore (http://www.mc-store.com) enhanced with new training materials and targeted at information technology professionals who need to keep their skills up to date.

The pace at which technology is moving today has never been faster, and many programmers, system administrators, and IT managers are under intense pressure to keep up with the new advances. In fact, according to leading IT staffing agencies, their jobs depend on it.

As the leading book publisher serving the IBM midrange channel, MC Press Online offers many titles on emerging and open-source technologies in addition to those developed and supported by IBM. A growing list of college textbooks and IT management books rounds out the product line. MC Press also publishes five high-tech newsletters and a news portal, MC Press Online (http://www.mcpressonline.com).

While MC Press has been offering books online since 2002, its original online store had several limitations and, eventually, a dated interface, all of which have been redesigned and completely redeveloped from the ground up, according to David M. Uptmor, MC Press Online publisher.

"The new store has more robust product listings and is far more informative than the old store was," says Uptmor. "We also have completely reorganized all store products to make everything much easier to find. There are now many different ways to view the products. It's a completely new experience from the user's viewpoint, one we believe will make customers want to return again and again."

A major enhancement to the store's content is the addition of a full line of training materials from Manta Technologies, Inc. (http://www.mantatech.com), the leading provider of training to the IBM i community. MC Press customers will receive an exclusive 5 percent discount off Manta's best price when they purchase Manta training through the MC Press Bookstore, according to Jeff Phillips, MC Press Online director of marketing.

"We now actually offer a price for training from Manta that is lower than Manta's own price," says Phillips. "However, you must click through from the MC Press Bookstore in order to get the extra 5 percent discount."

In line with current publishing industry trends, the MC Press Bookstore has opened a new e-books section where visitors will find a number of their favorite titles available in Kindle Edition via Amazon.com.

While the content, user interface, and functionality of the store have all been redesigned, so too has the pricing structure, says Phillips. Not only is the MC Press Bookstore now offering free ground shipping on orders of $100 or more for customers in the continental U.S., but prices on the current inventory of books have been adjusted in every case to ensure readers get the absolute best value possible, he says

For the budget-minded buyer interested more in the content than the wrapper, the Bookstore now offers a new "Scratch and Dent" section.

Because readers are generally interested in what people who have read a book think of it, the Bookstore has a review section where visitors can post their thoughts online. The Bookstore also has a new blog hosted by Katie Tipton, MC Press Online book editor, who will be writing about various authors and upcoming new titles.

Tipton noted that book code downloads are now available directly from the book's Web page, along with a link to the reader discussion forum. A popular feature of the MC Press Bookstore is the ability for readers to see a book's table of contents, index, and a sample excerpt—all in realistic PDF format—for every book.

As polished and attractive as the new Bookstore is, MC Press isn't finished with all the enhancements planned for the new site, according to the publisher. Among the major upcoming features will be a display of competitive pricing alongside the MC Press price, and inclusion of an affiliate program where other businesses can place an ad with a special link and receive a percentage of any resulting sales.

About MC Press Online, LLC

MC Press Online, LLC is the leading complete information resource for the IBM Power Systems (IBM i, AS/400, iSeries, System i, AIX, and Linux) community. Through its books, Web site, e-newsletters, and other products, MC Press Online delivers hands-on, up-to-the-minute information about Power Systems so users—from programmers to CIOs—can be more productive and better informed. MC Press Online provides information in a variety of formats to suit different needs. It publishes books, electronic publications, multimedia offerings, computer-based training, and Web-based education. Its Web site contains hundreds of technical articles, lots of code, and useful forums hosting discussions on topics related to the IBM midrange field. For more information, visit http://www.MCPressOnline.com.

Contacts for new book ideas and affiliate marketing opportunities:

Jeff Phillips
Marketing Director
208.629.7275 Ext. 503
jphillips@mcpressonline.com

Katie Tipton
Book Editor
208.629.7275 Ext. 505
ktipton@mcpressonline.com

This article was originally published at: Press Releases

Get White Papers on IBM i App Modernization: Web Enablement and PHP

I received an interesting news from BCD Software and I have copied below for your convenience

Read the white papers to learn how you can deliver modern web applications with these two BCD solutions: Presto gives all your IBM i green screens a Web GUI in one minute with no code changes. The white paper discusses why you should modernize your 5250 applications and how Presto can accomplish this. WebSmart PHP helps you rapidly develop IBM i and multi-platform PHP apps in minutes using templates and wizards. The white paper discusses why you should consider writing web apps in PHP and how WebSmart helps you do that. Bonus Draw: Every IT person at any organization that purchases a BCD software product by January 31, 2011 that is registered in this draw will be entered in a second drawing to win a free iPad. Request a White Paper or 30-day Trial to enter iPad draw Discuss your needs Call today: 630-986-0800 Email: info@bcdsoftware.com Website: www.bcdsoftware.com