Use the MODIFY command
to control the Defense Manager (DM) functions from the operator console.
Format
|--+-MODIFY-+--procname,DISPLAY---------------------------------|
'-F------'
|--+-MODIFY-+--procname,REFRESH--+--------------------+---------|
'-F------' +-,FILE='filename'---+
'-,FILE=//'filename'-'
|--+-MODIFY-+--procname,FORCE_INACTIVE,stackname----------------|
'-F------'
Parameters
- procname
- The member name of the cataloged procedure that is used to start
the Defense Manager daemon (DMD).
- DISPLAY
- Displays configuration values that are currently being used by
the DMD.
- REFRESH
- Indicates that the DMD configuration file should be reread. The
file is treated as a complete replacement, so it must contain all
necessary DMD configuration information. You cannot update all DMD
parameters using this command. See the description for the parameters
in the configuration file to find out which ones can be dynamically
changed. You must include parameters that cannot be dynamically changed
in the REFRESH configuration file if the daemon was started with a
value for the parameter that was not the default value. See the Defense Manager daemon information in the z/OS Communications Server: IP Configuration
Reference.
- FILE
- Indicates the name and location of the DMD configuration file
that is to be read. The file is treated as a complete replacement
so it must contain all necessary DMD configuration information. The
file name must be a fully qualified z/OS® UNIX file name or MVS™ data set name. A z/OS UNIX file
name must be enclosed by single quotation marks ('). MVS data set names must begin with two forward
slashes (//) and the data set name must be enclosed by single quotation
marks ('). This option is valid only when specified with REFRESH.
- FORCE_INACTIVE ,stackname
- Forces the TCP/IP stack named stackname to
become inactive with respect to defensive filters. All defensive
filters for the stack are removed from DMD persistent memory and also
from the stack itself. No additional defensive filters are added
to the stack while it is in inactive mode. The stack does not have
to be configured in the DMD configuration file in order for the FORCE_INACTIVE
option to operate. If the stack is active and IP security is enabled,
then any defensive filters in the stack are removed regardless of
the DMD configuration status of the stack. Changes to the mode of
the stack persist until the next time the MODIFY procname,REFRESH
command is successfully issued. See the Defense
Manager daemon information in the z/OS Communications Server: IP Configuration
Reference.
Examples
The following example displays
the command and current configuration values.
f dmd,display
EZD1733I DISPLAY DMD CONFIGURATION
Defense Manager Configuration Settings
SyslogLevel = 7
DefensiveFilterDirectory = /var/dm/filters
DM Config for TCP/IP stack TCPCS
Mode = Simulate
MaxLifetime = 1440
DefaultLogLimit = 100
Exclude 192.168.1.3
Exclude 192.168.1.10
The following example
is the command and output used to forcibly deactivate a stack with
respect to the Defense Manager daemon (DMD).
F DMD,FORCE_INACTIVE,TCPCS
EZD1643I THE DEFENSIVE FILTER MODE FOR STACK TCPCS WAS SUCCESSFULLY
FORCED TO INACTIVE