IBM Support

IV17324: ENABLE SECURITY FOR CT_EMAIL AND CT_EXPORT REQUESTS.

Fixes are available

IBM Tivoli Monitoring 6.2.2 Fix Pack 8 (6.2.2-TIV-ITM-FP0008)
IBM Tivoli Monitoring 6.2.2 Fix Pack 9 (6.2.2-TIV-ITM-FP0009)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A new environment variable, SOAP_IS_SECURE, is requested to be
added for the monitoring server which is used to send a secure
CT_EMail or CT_Export request.

Local fix

  • 



Problem summary


    

  • CT_Email and CT_Export SOAP services do not require
authentication like CT_Get, which can have impacts on security.

In order for this APAR to be properly implemented in your
environment, a new environment variable has been added.  See the
"Install Actions" section of the APAR conclusion for more
details.

    



Problem conclusion


    

  • Code has been updated to support a new environment variable,
SOAP_IS_SECURE.


Install Actions

In order for this APAR to be properly implemented in your
environment, a new environment variable, SOAP_IS_SECURE, has
been added for the monitoring server which is used to send a
secure CT_EMail or CT_Export requests.

By default the new environment variable, SOAP_IS_SECURE, is
disabled. Enabling this variable requires all users who submit
CT_EMail or CT_Export requests to know the monitoring server
credentials.

Enabling security for CT_EMail and CT_Export requests
-----------------------------------------------------
1. On the computer where the hub monitoring server is installed,
open the KBBENV or ms.ini file:

On Windows: Use Manage Tivoli Monitoring Services (Start ->
Programs -> IBM Tivoli Monitoring -> Manage Tivoli Monitoring
Services) to edit environment files. Right-click the component
you want to modify and click Advanced -> Edit ENV File. You must
recycle the component to implement the changes.

On UNIX or Linux: Edit the environment file directly. Edit
environment variables in the <install_dir>/config/ms.ini file
and then reconfigure and recycle the monitoring server to
implement the changes.

2. Locate (or add) the SOAP_IS_SECURE environment variable and
enter YES. For example: SOAP_IS_SECURE=YES

3. Save and close the monitoring server environment file.

4. For Windows, you must recycle the component to implement the
changes. For Linux or UNIX, you must reconfigure and recycle the
monitoring server to implement the changes.

Using security for CT_EMail and CT_Export requests
--------------------------------------------------
Send the output from another CT SOAP method, such as CT_Get,
using e-mail through an SMTP server to a defined e-mail address
(not available on z/OS).

If additional security is enabled (SOAP_IS_SECURE=YES in the
monitoring server environment variables) the following tags are
also required when issuing CT_EMail and CT_Export requests.

<userid>
The user ID to access the hub monitoring server.
<password>
The password to access the hub monitoring server. Required for
monitoring server logon validation

CT_EMail example with additional security:
<CT_EMail>
<userid>sysadmin</userid>
<password>xxxxxxxx</password>
<server>smtp.server</server>
<sender>myemail@something.com </sender>
<receiver>youremail@whatever.com </receiver>
<subject>Here is your data.</subject>
<message>Table data supplied as attachment below. It is
presented in csv format to be used by MS/Excel.</message>
<attachmenttitle>tabledata.csv</attachmenttitle>
<request id="XMLID">
<CT_Get>
<userid>sysadmin</userid>
<password>xxxxxxxx</password>
<object>NT_Process </object>
<target>TlPrimary:DCSQLSERVER:NT</target>
</CT_Get>
</request>
</CT_EMail>

With the additional security, the user ID and password are
requested by CT_EMail in order to be authorized. If a CT_Get is
specified the same credentials are used to issue the CT_Get.


The fix for this APAR is contained in the following maintenance
packages:

  | fix pack | 6.2.2-TIV-ITM-FP0008

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV17324
    • 

  • Reported component name
    TEMS
    • 

  • Reported component ID
    5724C04MS
    • 

  • Reported release
    622
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-03-15
    • 

  • Closed date
    2012-03-16
    • 

  • Last modified date
    2012-03-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
OA39143
    

    • 



Fix information


    

  • Fixed component name
    TEMS
    • 

  • Fixed component ID
    5724C04MS
    • 



Applicable component levels


    

  • R622  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCTLMP","label":"ITM Tivoli Enterprise Mgmt Server V6"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"622","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            28 March 2012
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback