NETSTAT is great to see ports, but it is a snapshot. To view port usage over a period of time, perhaps you could define a SERVAUTH EZB.PORTACCESS.** profile with ID(*) READ and AUDIT(ALL). Specify a value for resname on the SAF keyword of the PORT statement in TCPPROF and obey it into TCP (or on the next TCP recycle) and the port will show up in the ACC_LOGSTR field on the SMF Type 80 ACCESS record. Armed with this information you could begin to secure the ports so that, for example, only the known FTP server STC USERID could bind to port 23.
HTH Robyn ---- Robyn E Gilchrist Senior RACF and ACF2 Consultant RSH Consulting, Inc. *** Celebrating our 30th Anniversary *** 617-977-9090 www.linkedin.com/in/robyn-e-gilchrist www.rshconsulting.com --------------------------------------------------------------------------- Upcoming RSH RACF Training - WebEx - RACF Level I Administration - APRIL 17-21, 2023 - RACF Level II Administration - FEB 27 - MAR 3, 2023 - RACF Level III Admin, Audit, & Compliance - MAY 1-5, 2023 - RACF - Securing z/OS UNIX - MAR 27-31, 2023 --------------------------------------------------------------------------- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
