| Author |
Message
|
| souciance |
 Posted: Sun Apr 29, 2018 6:31 am Post subject: Calling runmqsc from a powershell script |
 |
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
Hello,
Powershell newbie here, I am trying to call runmqsc within a powershell script.
Something like:
If I do it in the console it displays the standard output correctly. If I run it within my script I can something is executed but the standard out is hidden. Do you know what could be the issue? |
|
| Back to top |
|
 |
| exerk |
| Posted: Sun Apr 29, 2018 7:31 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Depending on your MQ version, what's wrong with MO74: WebSphere MQ - Windows PowerShell Library?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| souciance |
| Posted: Sun Apr 29, 2018 3:18 pm Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| exerk wrote: |
| Depending on your MQ version, what's wrong with MO74: WebSphere MQ - Windows PowerShell Library? |
The script is to be used as part of a automatic deployed process. I'd rather not install a support back although I will install it to my local computer.
What I did notice that, the console output is not shown when running the command inside a powershell function, but if it is run outside the function then the console output is shown. Strange.. |
|
| Back to top |
|
|
| souciance |
| Posted: Sun Apr 29, 2018 3:53 pm Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
Finally fixed it..
| Code: |
$env:MQSERVER = $connection
Write-Output "$env:MQSERVER"
GET-Content $file | cmd /C runmqsc -v -c |
|
|
| Back to top |
|
|
| exerk |
| Posted: Mon Apr 30, 2018 5:15 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
My question still stands.
What are you going to do about connecting to queue managers which are TLS secured?
And if you want to just verify your input file you don't need to connect to a queue manager to do it; also, bear in mind that it only syntax checks.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| souciance |
| Posted: Mon Apr 30, 2018 10:42 am Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| exerk wrote: |
My question still stands.
What are you going to do about connecting to queue managers which are TLS secured?
And if you want to just verify your input file you don't need to connect to a queue manager to do it; also, bear in mind that it only syntax checks. |
Customer doesn't have any queue managers that are TLS secured. They will not be securing them using TLS in the foreseeing future.
No we don't need, the command was written to test validation and connection to the remote queue manager. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Apr 30, 2018 10:50 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| souciance wrote: |
| Customer doesn't have any queue managers that are TLS secured. They will not be securing them using TLS in the foreseeing future. |
It's good to hear a company is trying to make things easier for their users. Even the ones that are trying to hack them.
And before you say "nothing sensitive goes across this", read this.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| souciance |
| Posted: Tue May 01, 2018 6:34 am Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| Vitor wrote: |
| souciance wrote: |
| Customer doesn't have any queue managers that are TLS secured. They will not be securing them using TLS in the foreseeing future. |
It's good to hear a company is trying to make things easier for their users. Even the ones that are trying to hack them.
And before you say "nothing sensitive goes across this", read this. |
I am not sure what the link or "making it easier for hackers" has anything to do with this particular topic. The customers I have been at use TLS secured queue managers when the queue manager was residing in the DMZ or somewhere public not when it resides inside the internal network. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue May 01, 2018 7:01 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| souciance wrote: |
| I am not sure what the link or "making it easier for hackers" has anything to do with this particular topic... |
I may possibly agree with you, except...
| souciance wrote: |
| ...The customers I have been at use TLS secured queue managers when the queue manager was residing in the DMZ or somewhere public not when it resides inside the internal network. |
You trumped it with the above. For one, having queue managers in a DMZ is (to me) a no-no - that's what MQ IPT is for; for two, not having TLS on internal connections is (again, to me) tantamount to gross stupidity/negligence (delete as applicable to your sense of outrage) - man-in-the-middle attacks are far more likely than a 'burglary'.
I suspect that if T-Rob sees your post he'll have an attack of the vapours, followed by the sound of grinding teeth, and lastly a heavy sigh and an under-the-breath comment of "will they never learn?".
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| souciance |
| Posted: Tue May 01, 2018 10:22 am Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| exerk wrote: |
| souciance wrote: |
| I am not sure what the link or "making it easier for hackers" has anything to do with this particular topic... |
I may possibly agree with you, except...
| souciance wrote: |
| ...The customers I have been at use TLS secured queue managers when the queue manager was residing in the DMZ or somewhere public not when it resides inside the internal network. |
You trumped it with the above. For one, having queue managers in a DMZ is (to me) a no-no - that's what MQ IPT is for; for two, not having TLS on internal connections is (again, to me) tantamount to gross stupidity/negligence (delete as applicable to your sense of outrage) - man-in-the-middle attacks are far more likely than a 'burglary'.
I suspect that if T-Rob sees your post he'll have an attack of the vapours, followed by the sound of grinding teeth, and lastly a heavy sigh and an under-the-breath comment of "will they never learn?". |
Well you may opt for MQ IPT. That's your design.
I am not gonna delete anything since I don't feel a sense of outrage over this matter. T-Rob or whoever else may have a seizure for all I care. By the way, what statistics do you have that shows that MTIM attacks are more likely or statistically occur more frequently than other attacks? |
|
| Back to top |
|
|
| souciance |
| Posted: Tue May 01, 2018 10:30 am Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| Interesting to note how certain "jedi council" members get so uptight about certain questions and answer in a forum like this, whereas in stackoverflow someone like Jon Skeet with his gazillions points still answers in a humble and down to earth manner. Some people here could use a dose of that. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue May 01, 2018 2:23 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| souciance wrote: |
| The customers I have been at use TLS secured queue managers when the queue manager was residing in the DMZ or somewhere public not when it resides inside the internal network. |
Because none of the various bad actors in the world have yet figured out a way to get inside the network. Lord help us if they ever invent:
- phishing attacks
- spear phishing attacks
- a way to identify a disgruntled employee
- a way to blackmail a perfectly happy employee
- a way to attack a 3rd party vendor like an air conditioning maintenance service with direct access to your network (you can ask Target how likely that one is)
- a way to blag their way into a data center dressed as a utility worker
- etc.
- etc.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue May 01, 2018 2:41 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| souciance wrote: |
| Interesting to note how certain "jedi council" members get so uptight about certain questions and answer in a forum like this, whereas in stackoverflow someone like Jon Skeet with his gazillions points still answers in a humble and down to earth manner. Some people here could use a dose of that. |
- this isn't stackoverflow
- if you want to boycott us and only ask questions in stackoverflow, I certainly won't be offended and I doubt many of the other regulars would be either
- I'm certainly happy (if you want to continue to use this forum) to never help or respond to you again; please indicate your preference
- if pointing out you've got a problem with your environment you seem to have overlooked is a pompous and ivory tower manner, then pardon me for trying to help and good luck to you.
- the titles on this forum are allocated by the forum software; we have no control over what we're allocate (save that the community voted to change them from the default to what they are now almost a decade ago)
- Your site is your site; in the last analysis you do what you feel is best based on your judgment and knowledge of the risk appetite within your management.
For the record and in some defense of my associate, his rather florid description of T-Rob's reaction is essentially factual. He makes a living consulting for security matters, and often astounds his employers with the ease with which he extracts data from their systems.
Continuing with the transparency, the examples I quoted are not from my lofty position as a non-humble person. Each one is a real life example from my site, including the Target-esque situation where we had to notify a 3rd party malicious traffic was coming down their link and bouncing off our counter-measures. Their reaction was, and I do quote:
| Quote: |
| that's impossible. the link's inside our network and is inaccessible from the outside. It's just our internal servers |
They were also a little miffed we had set up counter-measures on a "trusted" link. I could go into details on how the malware go onto their system, but you wouldn't believe it (it's not on the list above) and it verges on slander.
To sum up:
- use your best judgment
- good luck
- let me know if you want me to ignore you in future
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| souciance |
| Posted: Tue May 01, 2018 9:48 pm Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| Vitor wrote: |
| souciance wrote: |
| The customers I have been at use TLS secured queue managers when the queue manager was residing in the DMZ or somewhere public not when it resides inside the internal network. |
Because none of the various bad actors in the world have yet figured out a way to get inside the network. Lord help us if they ever invent:
- phishing attacks
- spear phishing attacks
- a way to identify a disgruntled employee
- a way to blackmail a perfectly happy employee
- a way to attack a 3rd party vendor like an air conditioning maintenance service with direct access to your network (you can ask Target how likely that one is)
- a way to blag their way into a data center dressed as a utility worker
- etc.
- etc. |
You still don't get it do you. The OP was about running a specific command in Powershell. Not once did I ask for your or anyone else about security questions. So if you want to build your system like Fort Knox go ahead, but unless asked, keep your design opinions to yourself and stick to the OP. |
|
| Back to top |
|
|
| souciance |
| Posted: Tue May 01, 2018 9:57 pm Post subject: |
|
|
Disciple
Joined: 29 Jun 2010
Posts: 169
|
| Vitor wrote: |
| souciance wrote: |
| Interesting to note how certain "jedi council" members get so uptight about certain questions and answer in a forum like this, whereas in stackoverflow someone like Jon Skeet with his gazillions points still answers in a humble and down to earth manner. Some people here could use a dose of that. |
- this isn't stackoverflow
- if you want to boycott us and only ask questions in stackoverflow, I certainly won't be offended and I doubt many of the other regulars would be either
- I'm certainly happy (if you want to continue to use this forum) to never help or respond to you again; please indicate your preference
- if pointing out you've got a problem with your environment you seem to have overlooked is a pompous and ivory tower manner, then pardon me for trying to help and good luck to you.
- the titles on this forum are allocated by the forum software; we have no control over what we're allocate (save that the community voted to change them from the default to what they are now almost a decade ago)
- Your site is your site; in the last analysis you do what you feel is best based on your judgment and knowledge of the risk appetite within your management.
For the record and in some defense of my associate, his rather florid description of T-Rob's reaction is essentially factual. He makes a living consulting for security matters, and often astounds his employers with the ease with which he extracts data from their systems.
Continuing with the transparency, the examples I quoted are not from my lofty position as a non-humble person. Each one is a real life example from my site, including the Target-esque situation where we had to notify a 3rd party malicious traffic was coming down their link and bouncing off our counter-measures. Their reaction was, and I do quote:
| Quote: |
| that's impossible. the link's inside our network and is inaccessible from the outside. It's just our internal servers |
They were also a little miffed we had set up counter-measures on a "trusted" link. I could go into details on how the malware go onto their system, but you wouldn't believe it (it's not on the list above) and it verges on slander.
To sum up:
- use your best judgment
- good luck
- let me know if you want me to ignore you in future |
So what are you saying is that this forum is a place for regulars to hang out and "spread their wisdom" to others if even no asked for it?
Again, the OP had nothing to do with security or hacker attacks. It was a simple Powershell question and you had run away and give of "best practise" advice regarding another topic and give examples.
Yeah, this isn't stackoverflow, because there you can downvote answers that have nothing to do with the OP. |
|
| Back to top |
|
|
|
|
