Unless you have changed your network server startup defaults, a lot of network servers are starting on your system that you have no earthly need to run. Running servers that are not needed opens up additional network pathways to your system that could result in increased vulnerability.

For example, Why turn your System i into a mail server by starting POP3 and/or SMTP when your system will never process email? Well, unless you have changed the IBM defaults, your system is running servers to process email.

The IBM-shipped defaults will automatically start a bunch of servers when you start the Host servers and TCP/IP servers. Here is a list of the servers that are set to automatically start in V5R4.

Central Server, Database Server, Database SSL Server, Data Queue Server, DRDA-DDM Server TCP/IP, File Server, File Server SSL, FTP Server, IBM Help Server, Directory Server(ldap), iSeries NetServer, Management Central Server, Network Print Server, Remote Command Server, Server Port Mapper, Signon Server, SMTP(Simple Mail Transfer Protocol) Server, TELNET server, Transfer Function Server TCP/IP, and the Virtual Print Server.

Information on each V5R4 server, including server names, associated jobs and auto-start values can be found here [2].

The startup information for the servers is stored in an IBM-supplied database file. The server startup file is QUSRSYS/QATOCSTART. You can use DFU or some other database editor tool to view and maintain your server auto-start defaults. You can also manipulate the contents of this file with an RPG, COBOL, or other program.

Here is an example using DFU (UPDDTA) to edit/view file QUSRSYS/QATOCSTART record for the FTP server.

 
 WORK WITH DATA IN A FILE                       Mode . . . . :   CHANGE         
 Format . . . . :   QTOCSTRT                    File . . . . :   QATOCSTART     
                                                                                
 Server:             *FTP                                                       
 SVR TYP:            T                                                          
 Auto Start:         *YES                                                       
 Library of Program: QTCP                                                       
 Program to Call:    QTMFJOBS                                                   
 External Start CMD: QSYS/STRTCPSVR SERVER(*FTP)                                
                                                                                
 External End CMD:   QSYS/ENDTCPSVR SERVER(*FTP)                                
                                                                                
 Reserved:           ____________________________                                                           

What about New Servers?

When you install a new i/OS release, there will normally be some new servers. Some of these new servers will automatically start. In V5R4, IBM added the IBM Help Server. This new server ships with a default of AUTOSTART(*YES). So, after an upgrade to V5R4, you'll see some new server jobs and QIBMHELP(The help server start program), which launches a web service and starts Eclipse with the command STRECLIPSE.

In order to keep this server from starting automatically, change the associated *IBMHELP server record in the QUSRSYS/QATOCSTART file to Auto-Start *NO.

A few notes about the IBM Help Server:

At V5R4, you can end the server with the command ENDTCPSVR(*IBMHELP), but IBM recommends that you shut it down from qshell using the commands

qsh
/QIBM/ProdData/OS400/Eclipse/EclipseStop

For more information on starting and stopping this new server, see the IBM Help Server Support document 410286503 [3].