IBM Support

How to disable REXEC server from automatically starting

Question & Answer


Question

How to disable REXEC server from automatically starting.

Cause

Customer may run periodic vulnerability checks for security on our IBM i
machines.  Customer may sometimes find that the REXEC server is running, even
though the parameters on the server are set to not start.

Answer

REXEC server

Listens on TCP port 512
Job name: QTRXCxxxxx , where x.. Is a random 5 digit number

CHGRXCA, is the command to change REXEC Attributes.

Exit points needed for REXEC are:
WRKREGINF QIBM_QTMX*

REXEC can to started 2 ways, via:
STRTCPSVR *REXEC
Or
STRTCPSVR *ALL
The options with *ALL, will start all TCP server regardless if they have been configured for, AUTOSTART=*NO.



To add the exit points use the command:
CALL QTCP/QTMXEXIT PARM('*INSTALL  ')

To remove the exit points use the command:
CALL QTCP/QTMXEXIT PARM('*REMOVE   ')

Either, you can insure that nobody (manually or via a CL program) uses STRTCPSVR *ALL
or you can remove the exit programs for REXEC.

WRKREGINF QIBM_QTMX* will show the REXEC exit points or not show them if you remove them.
Then the REXEC server can not start.

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Communications-TCP","Platform":[{"code":"","label":"iSeries"},{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

More support for:
IBM i

Software version:
Version Independent

Operating system(s):
iSeries, IBM i

Document number:
687899

Modified date:
26 April 2022

UID

nas8N1022452

Manage My Notification Subscriptions