Newsletter

This newsletter includes:

• • BRMS – Omitting Constantly Locked Files
  • What is Zero Trust?
  • Shut Down Those /QIBM Shares
  • Understanding Storage Options for IBM i
  • IBM i Security Resource Page
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • iPOWER Hour Episode 36: Log4j2 Vulnerability: Are You Affected?
  • Upcoming Events
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (January 2022)

Well, I thought by 2022, we would be back to normal life, but unfortunately, it doesn’t seem that the start of 2022 is any different than the start of 2021. By now it is clear that both 2020 & 2021 were unprecedented years, and 2022 has already been eventful. Let’s hope that with people getting vaccines and boosters, plus with everyone catching Omicron, getting back to normal is right around the corner.  I said this last year, “It is hard to say what will happen a month from now, much less a whole year!” boy was that ever true.…

Updated as of January 10, 2022 for the affected Products and Versions

On December 2021, CVE-2021-44228 was announced as a critical zero-day vulnerability and detailed the capability of remote code execution on systems using Log4j versions 2.0 through 2.15. This was one of the largest patch updates efforts in history.

IBM is regularly releasing new information on Log4j vulnerabilities and related mitigation recommendations. Other vulnerabilities have been since released, such as CVE-2021-45105, CVE-2021-4104 and CVE-2021-45046, which will also be continued to be investigated with remediation recommendations.

IBM has been publishing subsequent remediation recommendations in their PSIRT blog and security alerts.

Given that Log4j architecture has been continuously investigated over the last month there’s a lot of noise on the subject. People may think that they’re “one and done.” That is not necessarily the case. iTech Solutions will provide more clear insight on risk and remediation as new information becomes available. This blog entry will be a living document, outlining each Log4j CVE and remediation requirements as per IBM for their products.

For customers using versions of Log4j in custom applications, we would encourage you to either upgrade to the latest version of Log4j if possible or investigate different options for logging solutions for those custom applications.

There are a few different ways to determine what versions of Log4J are installed on your system:

1. Scott Forstie has posted a handy script using IBM i Services located here. Please note that this works for IBM i 7.3 and higher. https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c
2. For 7.2 or lower, you can use the following shell script. The script posted the other day did not account for case sensitivity whereas this does:

qsh
cd /
find . -type d \( -path ./QDLS -o -path ./QFileSvr.400 -o -path ./QIMGCLG -o
-path ./QNTC -o -path ./QOPT -o -path ./QSYS.LIB -o -path ./QSYS.LIB \) -prune -o -name ‘*[lL][oO][gG]4[jJ]*’ -print

Vulnerability: CVE-2021-45105
Type: DoS
Description: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Severity Score: 4.3
Published: 2021-12-18
Affects IBM i: Yes
Affected Products: DB2 Web Query versions 2.2.1 and 2.3.0. IBM WebSphere Application Server versions 8.5 and 9.0.
Remediation:  https://www.ibm.com/support/pages/node/6537454, https://www.ibm.com/support/pages/node/6538148

Vulnerability: CVE-2021-45046…

These last two years have been years like no other, yet we hope this finds you and your family safe from the virus that has uprooted our daily lives.  Who really knows what the New Year has in store for us all, but just know you will be able to count on us yet again. As 2021 comes to a close, we wish to thank you for allowing iTech Solutions to be part of your team. We hope that our IBM i newsletters, Blogs, Webinars, Sips & Tricks, iTip Videos, Two-Day iAdmin Conferences, iBasics seminars, Slack Channel, and Podcasts have been educational and informative for you and that you have learned from them. We encourage your feedback on what other things we can add to make them more helpful to our customers, and others who read them. Look for even more to come this year in 2022.

We have continued our growth this year adding additional employees to improve our services as well as the breadth of our IBM i offerings. We hope that you have a happy holiday season, with good health, happiness, and prosperity in the New Year.  All of us at iTech thank you for your business, and for the confidence you have placed with us over the years.  We look forward to working together in the coming year, and we will continue to strive to exceed your expectations. Whenever we don’t, please reach out directly to me.…

By now, we hope you have heard about the Log4j2 vulnerability called Log4Shell, and that it can potentially affect your IBM i if you are using certain versions of Log4j2 in any of your applications.

Log4Shell Vulnerability – Need to check if Log4j2 is being used

As with any security vulnerability, one of the best things to do is keep up to date with PTFs. You should be regularly applying IBM PTFs to your system so that known security fixes are installed. If you don’t have the experience to put PTFs on, or you just don’t wish to do it for any reason, we can put PTFs on to your system, either one time, or better on a regular cadence. Contact Ron Dolan at rdolan@itechsol.com for more information.

Over the past week, IBM has been steadily publishing information on what products are and are not affected. The products that have been announced with mitigation recommendations. The products that have been announced as not affected are located here: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products

Please note the following products in the not affected list as of 7:30 AM on December 16^th, 2021 include:

• IBM i Access Family
• IBM PowerHA System Mirror for i
• IBM i Portfolio of products under the Group SWMA
• OmniFind Text Search Server for DB2 for i
• Rational Developer for i
• IBM Application Runtime Expert for i
• IBM Backup, Recovery, and Media Services for i
• IBM Db2 Mirror for i

Areas of concern remain any IBM products that may run on or affiliated with IBM i such as WebSphere Application Server versions 8.5 and 9.0, Hardware Management Console, independent software vendor products or custom software.

To clear up a misconception, the issue is with Log4J 2.0 through 2.15 and not version 1. Versions of Log4J between versions 2.0 and 2.15 only are to be deemed a concern.

There are a few different ways to determine what versions of Log4J are installed on your system:

1. Scott Forstie has posted a handy script using IBM i Services located here. Please note that this works for IBM i 7.3 and higher. https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c
2. For 7.2 or lower, you can use the following shell script. The script posted the other day did not account for case sensitivity whereas this does:

qsh
cd /
find . -type d \( -path ./QDLS -o -path ./QFileSvr.400 -o -path ./QIMGCLG -o
-path ./QNTC -o -path ./QOPT -o -path ./QSYS.LIB -o …

This newsletter includes:

• Is Your System Using Outdated and Insecure SSL/TLS Security Protocol Versions?
• Why Project Management Matters
• Three Steps to Protect Your IFS
• IBM i Security Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• iPOWER Hour Podcast Episode 34: Why External Storage Makes Sense for Your IBM i
• Upcoming Events
• iTech Spotlight
• IBM i, FSP, and HMC release levels and PTFs (November 2021)

When you live in the northeast United States, each season has its own charm and is totally unique. Although, nothing beats a New England fall. The leaves turn from green to golden yellow, sunburnt orange, and raspberry reds appear all over the gentle hills and the cool crisp air reminds you that snow isn’t too far away. Fall’s transformation reminds us of the constant change in our lives and the ability we have to create change for others, as well as improve our customer’s IBM i environments. It’s empowering and yet humbling.…

This newsletter includes:

• Advanced Security Testing: Processes Part 1
• Groundhog Day for Malware
• iAdmin Fall 2021
• IBM i Security Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• iPOWER Hour Podcast Episode 33: Assessing Your IBM i Cybersecurity Risks
• Upcoming Events
• iTech Spotlight
• IBM i, FSP, and HMC release levels and PTFs (October 2021)

October for me is always the start of the second conference season of the year, with a multitude of conferences happening in October.  Unfortunately, two of my favorite the COMMON Fall Conference and IBM Technical University both are virtual events due to COVID. I am so sick of the pandemic, I want to see all my IBM i friends who I see at conferences.  Sometimes, it’s not necessarily the sessions you learn the most at, it is at the informal discussions and networking where you learn the most.…

This newsletter includes:

• How to Make Your E-mail Server Like You!
• Need Another Tape Drive? Go Virtual!
• Types of Mimix Switches and Best Practices
• iAdmin Fall 2021
• Disaster Recovery Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• iPOWER Hour Podcast Episode 32: Will the “Great Resignation” Leave Your Business Exposed?
• Upcoming Events
• iTech Spotlight
• IBM i, FSP, and HMC release levels and PTFs (September 2021)

With Summer almost in our rear-view mirror, signs of fall are fast approaching. Everyone was expecting a new Technology Refresh for IBM i due later this Fall, but IBM released it earlier with the announcement of the POWER10 Enterprise server. The scale-out servers are coming “sometime” next year is what was announced. This means the POWER9 machines for most of the community are still the bell-weather state of the art, server to migrate to.…

This newsletter includes:

• A Simple IBM i Penetration Test Lesson
• Why External Storage Makes Dollars and Sense for IBM i
• Need a New HMC? Why a “Virtual” HMC May Be a Very Good Choice
• Please Take This Survey for COMMON
• iTech 2021 Baseball Games
• iAdmin Fall 2021
• Disaster Recovery Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• iPOWER Hour Podcast Episode 31: The Benefits of Full System FlashCopy
• Upcoming Events
• iTech Spotlight
• IBM i, FSP, and HMC release levels and PTFs (August 2021)

Last weekend was a weekend of preparation and planning as Hurricane Henri made a direct path towards Danbury, CT.  The storm shifted directions quite a few times, and in the end, we were very lucky as it moved east and all we got here was a lot of rain.  I mean a lot of rain, but that was ok. I would rather be prepared, and the hurricane misses us than unprepared and it hits us.  Would you be ready if you had a natural disaster strike your company?…

As many of you know, I have long been a big supporter of COMMON, the IBM Power Systems Users Group, having served on its board for a few terms, as well as having the honor to be President of COMMON for 3 terms. I believe that the COMMON organization has the best in-person education in the world. No matter if you are going to COMMON North America, or COMMON Europe, they both help educate the IBM I community.

As with every organization, they have been affected by the COVID-19 pandemic. The organization is trying to gather information to know how to best serve the IBM i community, and if you could answer a few questions, that would be extremely helpful. It would be helpful to COMMON, but could also help you in that COMMON can create education that would satisfy your needs.  If you have heard me speak, you will have known that I believe that our own education is something we all have to manage ourselves and be responsible for. That means knowing where you can get the education to advance your career and skillsets, what to consume, and how does this makes you more valuable to your current company, and any future employer.

Please spend 5 minutes on this survey.  Thanks for your time.

[Take Survey Here]

More from this month:

• A Simple IBM i Penetration Test Lesson
• Why External Storage Makes Dollars and Sense for IBM i
• Need a New HMC? Why a “Virtual” HMC May Be a Very Good Choice
• Please Take This Survey for COMMON
• iTech 2021 Baseball Games
• iAdmin Fall 2021
• Disaster Recovery Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• iPOWER Hour Podcast Episode 31: The Benefits of Full System FlashCopy
• Upcoming Events
• iTech Spotlight
• IBM i, FSP, and HMC release levels and PTFs (August 2021)

This newsletter includes:

• Anonymizing the IBM i FTP Banner
• Advanced Security Testing: Planning Strategically and Determining End Goals
• iTech 2021 Baseball Games
• Disaster Recovery Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• Upcoming Events
• iTech Spotlight
• IBM i, FSP, and HMC release levels and PTFs (June 2021)

The summer is supposed to be a slow time, but we are going at a breakneck pace installing new machines, doing migrations, and OS upgrades. It seemed everyone was ready to move forward in June, and now we are extremely busy.…

This newsletter includes:

• POWER9 Install LAN Console Bug
• PWRDWNSYS Taking Forever After a Full System Save?
• Evaluating the State of Your IBM i Security
• Moving to Standardized Security Testing Series: Advanced Security Testing
• Disaster Recovery Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• iPOWER Hour Episode 30: A Recap of COMMON NAViGATE 2021
• Upcoming Events
• IBM i, FSP, and HMC release levels and PTFs (June 2021)

Happy Birthday IBM i (AS/400, and iSeries).  This Monday was 33 years strong, and still going.  The customers who made the decision to get on board this train have been very lucky through the years, and from future roadmaps, I think there is still a very, very good future in what lies ahead. From spending time in Rochester (prior to the pandemic), and having virtual meetings lately, I can tell you that Steve Will and his team have been hard at work bringing new features and functions to the next release of the operating system. While the next release is “officially” referred to as iNext, numerous IBM Executives have referred to it as IBM i 7.5.…

This newsletter includes:

• OpenJDK Disables Legacy TLS Versions
• Why Sharing the /QDLS Directory in NetServer Should Be Avoided
• What Do I Need To Do Full System FlashCopy Backups?
• 4 Disaster Recovery Services That Can Improve your IBM i Recoverability
• iPOWER Hour Episode 29: What’s Going On With All The Ransomware Attacks?
• IBM i Security Resource Page
• iTech iTip Videos
• Sips & Tricks: Coffee with iTech
• iBasics: IBM i Education for the Beginner System Administrator
• Upcoming Events
• IBM i, FSP, and HMC release levels and PTFs (May 2021)

As you read this newsletter, we will have done our first in-person conference in over 18 months: COMMON’s NAViGATE in Columbus, Ohio.  I am sure looking forward to getting back to the new normal, and meeting customers, prospects, individuals, and — well, just everyone. I’ve been cooped up way too long, and now that I am fully vaccinated, I am ready to get back to life.  It will be interesting, and Laurie and I plan to do a podcast and video clips on the conference to show you what the conference is like. While I understand the in-person is on the lighter side (as we would have expected), the virtual conference has quite a few attendees.…