Question & Answer
Question
How to disable REXEC server from automatically starting.
Cause
Customer may run periodic vulnerability checks for security on our IBM i
machines. Customer may sometimes find that the REXEC server is running, even
though the parameters on the server are set to not start.
Answer
REXEC server
Listens on TCP port 512
Job name: QTRXCxxxxx , where x.. Is a random 5 digit number
CHGRXCA, is the command to change REXEC Attributes.
Exit points needed for REXEC are:
WRKREGINF QIBM_QTMX*
REXEC can to started 2 ways, via:
STRTCPSVR *REXEC
Or
STRTCPSVR *ALL
The options with *ALL, will start all TCP server regardless if they have been configured for, AUTOSTART=*NO.
To add the exit points use the command:
CALL QTCP/QTMXEXIT PARM('*INSTALL ')
To remove the exit points use the command:
CALL QTCP/QTMXEXIT PARM('*REMOVE ')
Either, you can insure that nobody (manually or via a CL program) uses STRTCPSVR *ALL
or you can remove the exit programs for REXEC.
WRKREGINF QIBM_QTMX* will show the REXEC exit points or not show them if you remove them.
Then the REXEC server can not start.
Was this topic helpful?
Document Information
More support for:
IBM i
Software version:
Version Independent
Operating system(s):
iSeries, IBM i
Document number:
687899
Modified date:
26 April 2022
UID
nas8N1022452