| Author |
Message
|
| jeevan |
 Posted: Thu Oct 01, 2009 3:59 pm Post subject: Mr. google could not find description for amqoamd |
 |
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
My manager asked me some kind of descrption/doc for amqoamd command, which I have mentioned we use for dumping current security. Someone asked him I think. When I googled and checked into infocenter/red books, I could not find anything about this. Any clue?
Last edited by jeevan on Thu Oct 01, 2009 9:38 pm; edited 3 times in total |
|
| Back to top |
|
 |
| shashivarungupta |
| Posted: Thu Oct 01, 2009 4:05 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
|
| Back to top |
|
|
| jeevan |
| Posted: Thu Oct 01, 2009 4:09 pm Post subject: |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 01, 2009 4:20 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
For your help:
c:\> amqoamd -h
Usage: amqoamd [-m QmgrName ] [-t ObjType] [-n ObjName] [-f|s]
-f old authorization file format
-s output setmqaut commands
{I don't either find that descriptive in publib.boulder.ibm.com, though its some what self explanatory }
_________________
*Life will beat you down, you need to decide to fight back or leave it.
Last edited by shashivarungupta on Thu Oct 01, 2009 4:29 pm; edited 1 time in total |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Oct 01, 2009 4:27 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Is amqoamd a described and supported command? Or just something that's for IBM internal use that pretty much everyone knows about?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 01, 2009 4:43 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
 Since MQ 5.2 CSD (Fixpacks and Refreshpacks nowadays) 4 the amqoamd command has the –s switch to output the OAM information in setmqaut format. With this option you can either use the actual output of the amqoamd command or use the original scripts you used to set the authorities.
(...Got this but not from the IBM Manuals., Mr. Google gave me this.) 
 IF you get something on this.,from IBM Manuals.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Thu Oct 01, 2009 4:51 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
BTW.. the subject line of the post is strong to shake up the search engines and database of Google to find out Why 'Google' is not able to find a Search String on the Web though the Spiders are crawling all over it.... "Mr. google could not find description for amqoamd".
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Oct 01, 2009 6:04 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| Is amqoamd a described and supported command? Or just something that's for IBM internal use that pretty much everyone knows about? |
It's closer to the later than the former.
I believe there's been some changes to either dspmqaut or dmpmqaut to provide an officially supported version of amqoamd -s, but that could be a false memory. |
|
| Back to top |
|
|
| jeevan |
| Posted: Thu Oct 01, 2009 7:57 pm Post subject: |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
| Vitor wrote: |
| Is amqoamd a described and supported command? Or just something that's for IBM internal use that pretty much everyone knows about? |
Vitor,
That is not my point of discussion. Recently, I have prepared a document for management how mq is managed. I have mentioned that we use amqoamd for checking current authority. The external auditor wanted to look at some kind of document of this command.
Last edited by jeevan on Thu Oct 01, 2009 8:10 pm; edited 1 time in total |
|
| Back to top |
|
|
| jeevan |
| Posted: Thu Oct 01, 2009 8:06 pm Post subject: |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
| mqjeff wrote: |
| Vitor wrote: |
| Is amqoamd a described and supported command? Or just something that's for IBM internal use that pretty much everyone knows about? |
It's closer to the later than the former.
I believe there's been some changes to either dspmqaut or dmpmqaut to provide an officially supported version of amqoamd -s, but that could be a false memory. |
''
mqjeff,
I bring this into discussion not because I do not know how and when to use amqoamd. When I searched for some kind of formal documentation about the command in infocenter/IBM redbooks including security and system admin guide, I did not find anything. I have never thought that a commonly used command does not even have a mention in formal document. That is the point I just wanted to bring into discussion. |
|
| Back to top |
|
|
| harish_td |
| Posted: Fri Oct 02, 2009 4:31 am Post subject: |
|
|
Master
Joined: 13 Feb 2006
Posts: 236
|
This is an eye-opener, although we use the command amqoamd on a daily basis, the MQ infocenter actually returned zero results.
Like Jeff stated, dspmqaut and dmpmqaut are not elegant enough as amqoamd for backup and troubleshooting. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Oct 02, 2009 4:40 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
There's more than one reason Wayne added -z/-Z to saveqmgr.
And saveqmgr is definitely more supported than amqoamd. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Oct 02, 2009 7:30 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| jeevan wrote: |
| That is not my point of discussion. Recently, I have prepared a document for management how mq is managed. I have mentioned that we use amqoamd for checking current authority. The external auditor wanted to look at some kind of document of this command. |
But this is exactly my point. What you're trying to prove to the external auditor is that your management processes are robust/correct/auditable/etc because that's what auditors want to know. As part of this, you're correctly trying to reference the documentation that supports your processes and the choices you made when creating them.
What I'm saying is that as you've discovered this command is internal & undocumented. So you can't prove to the satisfaction of an external auditor that your procedure is correct. Because you're using an undocumented command, not a supported and documented one.
So - in summary - I'm not discussing if you should or should not be using this command because as you say that's not the point of this threat. I'm pointing out that because it's an undocumented, command. So in this instance it's a problem it won't pass audit.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| jeevan |
| Posted: Fri Oct 02, 2009 7:50 am Post subject: |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
| Vitor wrote: |
| jeevan wrote: |
| That is not my point of discussion. Recently, I have prepared a document for management how mq is managed. I have mentioned that we use amqoamd for checking current authority. The external auditor wanted to look at some kind of document of this command. |
But this is exactly my point. What you're trying to prove to the external auditor is that your management processes are robust/correct/auditable/etc because that's what auditors want to know. As part of this, you're correctly trying to reference the documentation that supports your processes and the choices you made when creating them.
What I'm saying is that as you've discovered this command is internal & undocumented. So you can't prove to the satisfaction of an external auditor that your procedure is correct. Because you're using an undocumented command, not a supported and documented one.
So - in summary - I'm not discussing if you should or should not be using this command because as you say that's not the point of this threat. I'm pointing out that because it's an undocumented, command. So in this instance it's a problem it won't pass audit. |
I agree. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Oct 02, 2009 7:54 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| I'm pointing out that because it's an undocumented, command... it won't pass audit. |
I disagree - for several reasons.
First and foremost: The lack of a documentation page in the WMQ System Admin manual is auditor nit-picking. Yes, it would be better if it was documented, but ...
The amqoamd program is provided by IBM as part of product installation. Like amqsput or crtmqm, it is self-documenting. It provides a consistent view of security settings that are a requirement of an audit.
In order to pass audit, you need only demonstrate that you have a procedure, that the procedure produces the desired and consistent results, and that the procedure is followed consistently.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
