APAR status
Closed as fixed if next.
Error description
The Log File Agent puts its license files in the $Candlehome/license/LOGFILEAGENT/ directory and therefore they are not secured by secureMain. The location (.../license/..) is different than the /licenses (with an 's') directory that other monitoring agents use for license files and as a result, the files and directory are left with 777 permissions. # /<Candlehome>/bin/secureMain -h /opt/IBM/ITMversion/63LO -g db2iadm1 lock Enter the root password if prompted Executing baseSecureLock Executing SecureSkip ax Executing xxSecureLock gs Executing SecureSkip jr Executing xxSecureLock lo <== Executing SecureSkip ui Executing SetPerm -a [root@NC106182]:\ # [root@NC106182]:\ # ls -la /opt/IBM/ITMversion/63LO/license/LOGFILEAGENT total 3856 drwxrwxrwx 2 root system 4096 Oct 12 18:11 . drwxrwxr-x 3 root db2iadm1 256 Oct 12 18:11 .. -rwxrwxrwx 1 root system 28611 Oct 12 18:11 LA_cs.txt -rwxrwxrwx 1 root system 36822 Oct 12 18:11 LA_de.txt -rwxrwxrwx 1 root system 37966 Oct 12 18:11 LA_el.txt -rwxrwxrwx 1 root system 56793 Oct 12 18:11 LA_en.txt - . . . - . . . - . . . -rwxrwxrwx 1 root system 1157 Oct 12 18:11 non_ibm_license.txt -rwxrwxrwx 1 root system 220417 Oct 12 18:11 notices.txt RECREATE INSTRUCTIONS: 1. Install the Log File Agent 2. Run secureMain either during the installation process when asked to secure the installation, or later per the instructions in Appendix G. Securing your IBM Tivoli Monitoring installation on Linux or UNIX in the IBM Tivoli Monitoring Installation and Setup Guide.
Local fix
This can be resolved by including details of locations for any directories / files that secureMain would have to process in a "loSecure.shl" file placed in $CANDLEHOME/bin directory.
Problem summary
On UNIX platforms, the Log File Agent puts its license files in the $Candlehome/license/LOGFILEAGENT/ directory and therefore they are not secured by secureMain.
Problem conclusion
The license files are now put in $Candlehome/llicenses/LOGFIL and can be secured by secureMain. The fix for this APAR is included in the following maintenance vehicle: | interim fix | 6.3.0-TIV-ITM_LFA-FP0004 available at http://www.ibm.com/support/docview.wss?uid=ibm10884458 .
Temporary fix
Comments
APAR Information
APAR number
IJ02287
Reported component name
ITM LOG FILE AG
Reported component ID
5724C04LF
Reported release
630
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-11-30
Closed date
2018-09-26
Last modified date
2020-06-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
08 March 2023