If you’re running web applications, database servers, FTP, SSH, or other network programs, the IBM i NETSTAT command can tell you what is connecting to your system, which ports are in use, which programs are listening for network connections, and more.
“Do we upgrade to a paid Zend Server license,
or do we migrate to RPM-based PHP?”
At a recent MAGiC User Group webinar, Alan Seiden and Richard Schoen teamed up to present a tutorial and demo on how to get started with Community “RPM” PHP, sharing several tips picked up during client migrations.
When your site gets busy, your web server may need a configuration change to handle the load. We often start with the Apache web server’s ThreadsPerChild directive.
ThreadsPerChild controls how many connections can exist at once. Defaulting to 40, its value can be set in your Apache instance configuration file (for example, /www/zendphp7/httpd.conf):
Developers coming from a non-IBM i background know how to run the apachectl command to start, restart, and end an Apache web server instance. Instead of apachectl, however, IBM i provides a web-based graphical interface and the commands STRTCPSVR and ENDTCPSVR (be sure to prompt those for parameters using F4).
To supply the “missing” apachectl command for IBM i, I have written a BASH shell script that simulates apachectl on IBM i.
Clients have asked me whether their IBM i servers may be vulnerable to hackers due to the widely publicized OpenSSL Heartbleed bug.
The answer is no. IBM i is safe from this bug, which is present only in specific OpenSSL versions: 1.0.1 through 1.0.1f (inclusive). IBM i’s latest version of OpenSSL, shipped with the “Portable Utilities for i” licensed program product 5733SC1, is 0.9.8, which does not contain the bug.
To make doubly certain, check what version of OpenSSL is installed on your IBM i. Run these two commands, which, respectively, start a PASE interactive terminal session and check the openssl version:
For me, the above commands returned “OpenSSL 0.9.8m 25 Feb 2010,” confirming that I’m not affected.
Press F3 afterward to leave the PASE environment.
Thanks to Jim Oberholtzer of Agile Technology Architects for his contribution to this answer.
UPDATE from IBM: System SSL and IBMJSSE2 are also safe from the vulnerability on IBM i.