| Author |
Message |
 Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
 Forum: IBM MQ Security Posted: Wed Jul 24, 2013 11:17 am Subject: Can't block channel status using OAM |
| Problem solved! It was not possible to block display channel status, but with BlockIP2 channel exit I've blocked mqm, MUSR_MQADMIN and blank userids. |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 6:59 am Subject: Can't block channel status using OAM |
You will need to prevent display channel(*), too, and not just channel status.
Yes, but dis channel(*) is ok, blocked. |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 6:41 am Subject: Can't block channel status using OAM |
Again, why? What secret information are you attempting to protect by blocking channel status? From whom?
One of the svrconn channels displayed with channel status is an administration svrconn cha ... |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 6:16 am Subject: Can't block channel status using OAM |
I want to know WHY you want to grant permission to display channel status? Porque? Not how are you trying to do so?
I want to REVOKE permission to display channel status.
My first post:
Ever ... |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 5:43 am Subject: Can't block channel status using OAM |
Why exactly do you want to block channel status? What risk do you perceive?
Bruce, I don't have SYSTEM.ADMIN.SVRCONN, but I have one svrconn channel with blank mcauser (we mq admins use this chann ... |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 5:22 am Subject: Can't block channel status using OAM |
Exerc, it will not work here (don't ask me why, it will be hard to explain how things work here  )
Bruce, CHAD is disabled. I think it's not possible to block display chstatus. I've tried every ... |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 4:41 am Subject: Re: Can't block channel status using OAM |
...there's a SVRCONN with blank MCAUSER. All MQ admins use this channel to remote admin of qmgrs (mq admins belong to mqm group)...
This is really, really, not a good idea. Better to use an MCAUSER ... |
| Topic: Can't block channel status using OAM |
fernando28
Replies: 14
Views: 7417
|
Forum: IBM MQ Security Posted: Mon Jul 22, 2013 3:39 am Subject: Can't block channel status using OAM |
Hi everybody!!
Environment is MQ V 6.0.2.9, Linux x86-64.
Some users here uses MQ Explorer, mqjexplorer and MQMon. They are not MQ administrators, so I want to grant authority just to display queu ... |
| Topic: Help with security issue mqjexplorer 2035 |
fernando28
Replies: 14
Views: 10134
|
Forum: IBM MQ Security Posted: Fri Jul 19, 2013 11:57 am Subject: Help with security issue mqjexplorer 2035 |
Turn on Authority Events at the Queue Manager level, recreate the error and then look at the Event Message. It should tell you specifically what is throwing the 2035 error.
Thanks Peter. Problem so ... |
| Topic: Help with security issue mqjexplorer 2035 |
fernando28
Replies: 14
Views: 10134
|
Forum: IBM MQ Security Posted: Fri Jul 19, 2013 11:33 am Subject: Help with security issue mqjexplorer 2035 |
Turn on Authority Events at the Queue Manager level, recreate the error and then look at the Event Message. It should tell you specifically what is throwing the 2035 error.
Thanks Peter!!! I'll try ... |
| Topic: Help with security issue mqjexplorer 2035 |
fernando28
Replies: 14
Views: 10134
|
Forum: IBM MQ Security Posted: Fri Jul 19, 2013 10:23 am Subject: Help with security issue mqjexplorer 2035 |
AMQERR01.LOG have no entries for security issues
Which errors directory did you look in? The client? The server? Both?
Hi Bruce. Both: client (windows) and server ( /var/mqm/errors and /var/ ... |
| Topic: Help with security issue mqjexplorer 2035 |
fernando28
Replies: 14
Views: 10134
|
Forum: IBM MQ Security Posted: Fri Jul 19, 2013 9:37 am Subject: Help with security issue mqjexplorer 2035 |
Thanks for the answers, guys!!! I'm sorry to open this topic in wrong forum section....
I forgot to mention: MQ 6.0.2.9 (back level ), Linux x86.
Mcauser has authority +allmqi to SYSTEM.AD ... |
| Topic: Help with security issue mqjexplorer 2035 |
fernando28
Replies: 14
Views: 10134
|
Forum: IBM MQ Security Posted: Fri Jul 19, 2013 6:44 am Subject: Help with security issue mqjexplorer 2035 |
Hi MQ gurus!!!
I am trying to give read-only access to qmgr objects using mqjexplorer (not MQExplorer). I assume that mqjexplorer uses pcf messages to command server, am I right?
I have a server ... |
| Topic: Cluster sender channel goes to stopped state |
fernando28
Replies: 22
Views: 11885
|
Forum: General IBM MQ Support Posted: Thu Jun 27, 2013 11:21 am Subject: Cluster sender channel goes to stopped state |
Vitor, you're right. But unfortunatelly we have to do some things to keep our jobs....
This explains where I've been going wrong all these years.... 
But yes, the customer is always rig ... |
| Topic: Cluster sender channel goes to stopped state |
fernando28
Replies: 22
Views: 11885
|
Forum: General IBM MQ Support Posted: Thu Jun 27, 2013 10:42 am Subject: Cluster sender channel goes to stopped state |
Vitor, you're right. But unfortunatelly we have to do some things to keep our jobs....
Joseph, I will increase error log size.
Thanks guys!!! Best regards from Brazil!!! |
