IBM Support

IJ02287: LICENSE FILES LEFT EXPOSED AFTER RUNNING SECUREMAIN SCRIPT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • The Log File Agent puts its license files in the
$Candlehome/license/LOGFILEAGENT/ directory  and therefore they
are not secured by secureMain.

The  location (.../license/..) is different than the /licenses
(with an 's') directory that other monitoring agents use for
license files and as a result, the files and directory are left
with 777 permissions.

# /<Candlehome>/bin/secureMain -h /opt/IBM/ITMversion/63LO -g
db2iadm1 lock
Enter the root password if prompted
Executing baseSecureLock
Executing SecureSkip ax
Executing xxSecureLock gs
Executing SecureSkip jr
Executing xxSecureLock lo  <==
Executing SecureSkip ui
Executing SetPerm -a
[root@NC106182]:\ #

[root@NC106182]:\ # ls -la
/opt/IBM/ITMversion/63LO/license/LOGFILEAGENT
total 3856
drwxrwxrwx   2 root   system      4096 Oct 12 18:11 .
drwxrwxr-x   3 root   db2iadm1     256 Oct 12 18:11 ..
-rwxrwxrwx   1 root   system     28611 Oct 12 18:11 LA_cs.txt
-rwxrwxrwx   1 root   system     36822 Oct 12 18:11 LA_de.txt
-rwxrwxrwx   1 root   system     37966 Oct 12 18:11 LA_el.txt
-rwxrwxrwx   1 root   system     56793 Oct 12 18:11 LA_en.txt
- . . .
- . . .
- . . .
-rwxrwxrwx   1 root   system      1157 Oct 12 18:11
non_ibm_license.txt
-rwxrwxrwx    1 root  system    220417 Oct 12 18:11 notices.txt


RECREATE INSTRUCTIONS:
1. Install the Log File Agent
2. Run secureMain either during the installation process when
asked to secure the installation, or later per the instructions
in  Appendix G. Securing your IBM Tivoli Monitoring installation
on Linux or UNIX in the IBM Tivoli Monitoring Installation and
Setup Guide.

Local fix

  • This can be resolved by including details of locations for any
directories / files that secureMain would have to process in a
"loSecure.shl" file placed in $CANDLEHOME/bin directory.

Problem summary

  • On UNIX platforms, the Log File Agent puts its license files in
the $Candlehome/license/LOGFILEAGENT/ directory and therefore
they are not secured by secureMain.

Problem conclusion

  • The license files are now put in $Candlehome/llicenses/LOGFIL
and can be secured by secureMain.

The fix for this APAR is included in the following maintenance
vehicle:

| interim fix | 6.3.0-TIV-ITM_LFA-FP0004

available at
http://www.ibm.com/support/docview.wss?uid=ibm10884458 .

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ02287
    • 

  • Reported component name
    ITM LOG FILE AG
    • 

  • Reported component ID
    5724C04LF
    • 

  • Reported release
    630
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-11-30
    • 

  • Closed date
    2018-09-26
    • 

  • Last modified date
    2020-06-18
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 March 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback