Hi, I configured the tcp wrapper called tcpd. This wrapper works only with inetd, not with runmqlsr. Install the binary (e. g. to /usr/local/bin). Change
file /etc/inetd.conf: #MQSeriesPort stream tcp nowait mqm /usr/mqm/bin/amqcrsta amqcrsta -m <your qmgr> MQSeriesPort stream tcp nowait mqm /usr/local/bin/tcpd /usr/mqm/bin/amqcrsta -m <your qmgr> create a file /etc/hosts.allow with the following entry: amqcrsta:<first allowed address> <second allowed adress> ... and a file /etc/hosts.deny with the following entry: ALL:ALL Allowed adresses may be IP addresses or host names. This should work. See at http://www.cert.org/other_sources/tool_sources.html how to get the sources. Mention, there are some copies of the source code for the tcpd which contain a Trojan horse. See http://www.cert.org/ for details (search for tcpd). Regards Hubert -----Ursprüngliche Nachricht----- Von: Wyatt, T. Rob [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 12. September 2003 14:27 An: [EMAIL PROTECTED] Betreff: Re: TCP wrappers for MQ Darren, The TCP Wrappers I am familiar with provide a layer similar to a firewall. Ours shut down all ports by default, allow specific ports to be open and limit inbound connections on a port to specific IP addresses or subnets. When we use inetd as a listener, MQ never even knows the port was wrapped. Not sure about how it works with runmqlsr, though. It's not in the MQ manuals because it's not an MQ function. -- T.Rob -----Original Message----- From: Darren Douch [mailto:[EMAIL PROTECTED] Sent: Friday, September 12, 2003 4:46 AM To: [EMAIL PROTECTED] Subject: TCP wrappers for MQ Hi we have some security folks complaining that we about 'unwrapped' services in inetd on our AIX boxes... MQ is one of the entries that they're complaining about. Can anyone tell me if MQ is happy to operate 'wrapped' and if so how I might go about doing it (or tell me which manual this info is in?) Thanks all. Darren. _________________________________________________________________ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
