CL Command to Manage the IBM i Intrusion Detection System

As I was doing additional research on the IDS (Intrusion Detection System) topic, I came across the “Control Intrusion Detection and Prevention API”. This API (Application Programming Interface) is provided by IBM to allow you to perform some vital IDS management routines.

I’ve wrapped the API up in a new CL command CTLIDS (Control Intrusion Detection System), giving me direct, green-screen access to the IDS functions supported by the API.

Here is the command prompt display.

                                 Control IDS (CTLIDS)

 Type choices, press Enter.

 Option . . . . . . . . . . . . .   *STATUS         *ACTIVATE, *DEACTIVATE...

By pressing F1=Help during the prompt display, the Help Text explains the use of the command, the restrictions and additional information on the IDS. Listed here are selected snippets of the online Help Text.

The Control Intrusion Detection and Prevention (CTLIDS) command is used to control the Intrusion Detection System (IDS).

It can be used to activate, deactivate, recycle (deactivate and reactivate) the IDS or retrieve the status (active or inactive) of the IDS, and it is provided as an interface to the code that processes the IDS policy file.

Note: TCP/IP Connectivity Utilities for i5/OS must be installed in order to use this command.

Restrictions:

You must have *IOSYSCFG special authority to run the command.

The Option (OPTION) Parameter specifies the requested function.

*ACTIVATE
             Activate the Intrusion Detection System (IDS).
*DEACTIVATE
             Deactivate the Intrusion Detection System (IDS).
*RECYCLE
             Recycle the Intrusion Detection System (IDS).
*STATUS
             Retrieve the status of the Intrusion Detection System (IDS).
             The current status is returned in an informational message sent
             to the job running the CTLIDS command.

In addition to controlling IDS, the CTLIDS command also verifies that TCP/IP is active and operational.

The Source code that comprises the CTLIDS command is listed here.

SEC101      RPGLE       Control Intrusion Detection Services - CPP      
SEC101H     PNLGRP      Control Intrusion Detection Services - Help     
SEC101M     CLP         Control Intrusion Detection Services - Build cmd
SEC101X     CMD         Control Intrusion Detection Services

Read the entire article

Download the zip file containing the source code.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s