IBM Support

MF60140 - LIC-SOCKETS AUDIT RECORD SK SUBTYPE A TELNET

PTF Cover Letter


PTF ( Program Temporary Fixes ) Cover letter


Order this fix

Abstract

LIC-SOCKETS AUDIT RECORD SK SUBTYPE A TELNET


Pre/Co-Requisite PTF / Fix List

REQ  LICENSED      PTF/FIX  LEVEL

TYPE PROGRAM  REL  NUMBER   MIN/MAX  OPTION
---- -------- ---  -------  -------  ------
PRE  5761999  610  MF60136   00/00    0000
PRE  5761999  610  MF52870   00/00    0000
PRE  5761999  610  MF45906   00/00    0000
PRE  5761999  610  MF43750   00/00    0000
PRE  5761999  610  MF44058   00/00    0000
CO   5761999  610  MF52871   00/00    0000
CO   5761999  610  MF52483   00/00    0000
CO   5761999  610  MF44635   00/00    0000
CO   5761999  610  MF44148   00/00    0000



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the 'IBM License Agreement for Machine
Code', the terms of which were provided in a printed document that was
delivered with the machine.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.





APAR Error Description / Circumvention

-----------------------------------------------
When QAUDLVL/QAUDLVL2 is set to include *NETSCK, the SK audit
records for sub type A do not appear for Telnet connections.

CORRECTION FOR APAR MA44472 :
-----------------------------
The socket processing for the Telnet server happens outside the
scope of a job/process which precluded generating the SK audit
record.  The SK audit record job/process restriction is now
removed.  Other internal restrictions may still apply but after
applying this APAR there will be additional SK A and C audit
records created that specify a LIC task name instead of a
process name.

The Telnet server specific SK audit records will not be audited
by default when *NETSCK is configured.

Telnet client configuration and the number of clients connecting
to the Telnet server contribute to the rate of audit record
generation. Connections to the Telnet server could be quite high
and result in corresponding high rates of journal receivers
filling up.  System configuration and resources should be
considered before enabling SK auditing for the Telnet server.

Telnet clients configured to retry immediately without any delay
after error will generate audit records as fast as the Telnet
server can accept the incoming connections.
Some common cases where connections end in error after being
accepted include:
-The Telnet server is active but the QINTER subsystem is not
-QAUTOVRT rejects connections because there are no available
devices and it is not able to create new ones
-The certificate assigned to the Telnet server has expired, or
has been renewed and clients are still using the old certificate

This APAR provides the ability to enable and disable SK audit
records for sub type A for incoming Telnet connections.

To change the SK audit settings for Telnet with the Start
System Service
Tools (STRSST) command, follow these steps:
1. Open a character-based interface.
2. On the command line, type STRSST.
3. Type your service tools user name and password.
4. Select option 1 (Start a service tool).
5. Select option 4 (Display/Alter/Dump).
6. Select option 1 (Display/Alter storage).
7. Select option 2 (Licensed Internal Code (LIC) data).
8. Select option 14 (Advanced analysis).
9. Select option 1 (IPCONFIG).
10. Enter -h

This will show the help screen that describes the input
strings to change the SK auditing for Telnet setting
-skTelnetAudit.

CIRCUMVENTION FOR APAR MA44472 :
--------------------------------
None.


Activation Instructions


None.




Special Instructions


None.


Default Instructions

THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
   MF59346      LIC-COMM-TCPIP-WAIT ALL SESSIONS ARE HUNG UP
   MF57182      LIC-COMM-TCPIP Loop and exception in ToIpProxyList
   MF56741      LIC-COMM-TCPIP-F/QYPSUTIL-T/QYPSUTIL-RC0040-MSGCPD0A17 MSGCP
   MF55392      OSP-INCORROUT AN IP INTERFACE IS STARTED INVALID DATA IN A F
   MF54848      Integrity Problem
   MF54198      LIC-COMM-TCPIP IPv6 packets corrupted when forwarded
   MF52869      LIC-COMM-TCPIP-CFG new ipconfig macro options
   MF52716      LIC-COMM IDS throttling of Production Stack
   MF52269      LIC-COMM-TCPIP-MSGTCP1B21 TCP/IP VIPA INTERFACE DOES NOT STA
   MF51936      LIC-COMM-TCPIP Memory leak on Token Ring lines
   MF51734      LIC-COMM-TCPIP-WAIT DEADLOCK
   MF50511      LIC-COMM-TCPIP Sent packets missing from GbE comm trace
   MF50343      TCPIP-OTHER-UNPRED RUN NETSTAT TAKE OPTION THREE AND THE SES
   MF49569      LIC-COMM-TCPIP Support RFC 5746
   MF49523      LIC-COMM-TCPIP-INCORROUT  Selective trace for loopback is in
   MF48951      TCPIP-ACT-UNPRED VIPA CONFIGURED PREFERRED INTERFACES ARE AC
   MF48324      Integrity Problem
   MF47511      TCPIP-CFG-LOOP DUPLICATE ROUTE TOKEN NOT MOVED.
   MF46780      OSP-PAR-940XCOMLAN ARP REQUEST HAS A SOURCE IP ADDRESS OF 0.
   MF46635      OSP-PAR-940XCOM MULTICAST PACKETS ARE DISCARDED DUE TO THE C
   MF46605      LIC-COMM-TCPIP IPv4-mapped multicast join fails
   MF46477      TCPIP-CFG-INCORROUT DELETING LINE FOR PPP PROFILE AND RECREA
   MF46311      OSP-PAR-940XCOMETN GRATUITOUS ARPS ARE NOT REACHING THE NETW
   MF46306      TCPIP-API-UNPRED IPV6 MULTICAST SOCKET APPLICATION TIMEOUT
   MF45974      LIC-COMM Service stack fails to acquire DHCP address for LAN
   MF45275      LIC-INCORROUT SocketException in Java.net.SocketInputStream
   MF44634      LIC-COMM-TCPIP ARP support
   MF44632      LIC TCPIP: SkTimer VLOGs (ending an interface)
   MF44147      LIC-COMM-TCPIP DHCP client support
   MF43583      LIC-COMM-TCPIP No Router Solicit sent at startup
   MF43176      RCHAS27A - system unresponsive from the network.
   MF43102      LIC-COMM-TCPIP 0.0.0.0 source address after PPP DOD redial
   MF43090      LIC-COMM-TCPIP IPv6 interface packet rules flag incorrect
   MF42814      LIC-COMM-TCPIP : IPv6 Multicast Address Enablement VLOGs
   MF42965      LIC-COMM-TCPIP IPv6 duplicate address detection fails
   MF42984      LIC-COMM-TCPIP ToNamArpCache exception with IDS active
   MF42782      LIC-COMM-TCPIP-LOOP Start of X.25 interface may loop
   MF46756      LIC-COMM-TCPIP-INCORROUT Wrong source IPv6 address selected
   MF45315      LIC-COMM-TCPIP LSO not supported on 5706 with IPv6
   MF44674      LIC-COMM-TCPIP IPv6 VPN tunnel packets dropped
   MF43491      LIC-COMM-TCPIP IPv6 RFC compliance fixes
   MF42722      LIC-COMM-TCPIP Join multicast group hangs

Summary Information

System..............................i
Models..............................
Release.............................V6R1M0
Licensed Program...............5761999
APAR Fixed..........................View details for APAR MA44472
Superseded by:......................
Recompile...........................N
Library.............................QSYS
MRI Feature ........................NONE
Cum Level...........................NONE


System i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG15V","label":"PTF Cover Letters - OS\/400 General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V6R1M0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG16A","label":"PTF Cover Letters - i5\/OS V6R1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V6R1M0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
21 May 2015