Control which TCP/IP servers start automatically

Commands for starting TCP/IP

Two commands are available for starting TCP/IP. For each command, the system uses a different method to determine which applications or servers to start.

STRTCP Start TCP/IP

The system starts every server that specifies AUTOSTART(*YES). Security recommendations:

• Assign *IOSYSCFG special authority carefully to control who can change the autostart settings.
• Carefully control who has authority to use the STRTCP command. The default public authority for the command is *EXCLUDE.
• Set up object auditing for the Change server-name Attributes commands (such as CHGTELNA) to monitor users who attempt to change the AUTOSTART value for a server.

STRTCPSVR Start TCP/IP Server

You use a parameter to specify which servers to start. The default when this command ships is to start all servers.

Security recommendations:

• Use the Change Command Default (CHGCMDDFT) command to set up the STRTCPSVR command to start only a specific server. This does not prevent users from starting other servers. However, by changing the command default, you make it less likely that users will start all servers by accident. For example, use the following command to set the default to start only the TELNET server:CHGCMDDFT CMD(STRTCPSVR) NEWDFT(’SERVER(*TELNET)’)
  Note: When you change the default value, you can specify only a single server. Choose either a server that you use regularly or a server that is least likely to cause security exposures (such as TFTP).
• Carefully control who has authority to use the STRTCPSVR command. The default public authority for the command is *EXCLUDE.