ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » User Exits » BlockIP2: default path issue

Post new topic  Reply to topic
 BlockIP2: default path issue « View previous topic :: View next topic » 
Author Message
DeadLetter
PostPosted: Thu Sep 07, 2017 1:24 am    Post subject: BlockIP2: default path issue Reply with quote

Novice

Joined: 15 Nov 2016
Posts: 11

Hi all,
In this thread, assume all MQ version are above 7.1
BlockIP2 binary is version 3 (most current)
The os versions are REHL 7 and in this special case an AIX.

While trying to standardize our BlockIP2 settings, we have found an Issue in some of our qm.ini.
It has never worked, to let scydata empty, to have a default BlockIP2.ini in place. We always had to use 'FN=/var/mqm/exits/BlockIP2.ini;' to get it work.
On the last investigation, I found on a clean install, that it definitely does work with an empty scydata, and so we started to configure all running queue managers, until we found a MQ 7.5, where it did not work.
After searching a while, we found, that in the qm.ini the defaultpathexits[64] was ending with a "/" (/var/mqm/exits/). Removing the slash and restarting the queue manager brought up, the default configuration with an empty scydata to work.
So we continued working on the list of all QMs undtil I got to an AIX with a MQ version 8 running, where I found the same behavior, that an empty scydata does not work.
When editing the qm.ini of the queue manager, I found no "/" on the end of the path, so it must be something else.

Does anyone know about such behavior and ever has found a solution?

br
Carsten
Back to top
View user's profile Send private message
mqjeff
PostPosted: Thu Sep 07, 2017 3:44 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

can you set the qm.ini default exit path to a non-default path?

I.e. something like "/usr/local/lib/mqexits"?
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Fri Sep 08, 2017 3:14 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

Sounds like a bug in the BlockIP2 code. A trailing '/' (or '\' for Windows) or not, should be handled by the BlockIP2 code.

If you are interested in a commercial security exit then have a look at MQSSX or MQAUSX.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
DeadLetter
PostPosted: Mon Sep 11, 2017 12:40 am    Post subject: SOLVED (was: BlockIP2: default path issue) Reply with quote

Novice

Joined: 15 Nov 2016
Posts: 11

Hi all,
thx for the suggestions, but I think we have found the root cause.
We have not checked for the version compatibility of BlockIP2 regarding AIX.
The version 3 is not tested or compiled for it and it was just the Linux version copied to the system.
A roll back to version 2.93 for AIX has solved it.
We now can leave the scydata empty and use a generic mcauser w/o any issues, as expected.

thanks anyway for attention.

br
Carsten
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » User Exits » BlockIP2: default path issue
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.