IBM Support

IV70421: INSTALL/UPGRADE OF 'LZ' AGENT TO ITM630FP4 LEADS TO ESM VIOLATION ON CUSTOM MONITOR DIRECTORY:/OPT/TIVOLI/ITM/LX

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • Installing/upgrading 'lz' agent using install.sh with -k
<group> option, gives an ESM (Enterprise Security Management)
violation.  And running "secureMain -g root lock" after the
agent install does not resolve ESM violation either.
[root@<servername> lx8266]# ls -l
total 12
drwxr-xr-x 6 root root 4096 Feb 25 15:09 gs
drwxr-xr-x 7 root root 4096 Feb 25 15:09 lz
drwxrwxrwx 4 root root 4096 Feb 25 15:09 osfcp
[root@<servername> lx8266]# cd osfcp
[root@<servername> osfcp]# ls -l
total 8
drwxrwxrwx 2 root root 4096 Feb 25 15:09 bin
drwxrwxrwx 2 root root 4096 Feb 25 15:09 lib

The directory <CandleHome>/<Architecture>/osfcp contains some
files related to the Custom Factory Provided feature, not yet
active in release 6.30 FP4, that are not managed by secureMain.

Affected Platforms / Versions: Linux OS Agent 6.30 FP4.
This issue has been fixed in 6.30 FP5.

Local fix

  • Install/upgrade 'lz' agent using install.sh WITHOUT -k <group>
option, the ESM exception will not occur.
[root@<servername> lx8266]# ls -l
total 12
drwxr-xr-x 6 root root 4096 Feb 25 09:57 gs
drwxr-xr-x 7 root root 4096 Feb 25 09:57 lz
drwxrwxr-x 4 root root 4096 Feb 25 09:57 osfcp
[root@<servername> lx8266]# cd osfcp
[root@<servername> osfcp]# ls -l
total 8
drwxrwxr-x 2 root root 4096 Feb 25 09:57 bin
drwxrwxr-x 2 root root 4096 Feb 25 09:57 lib

Problem summary

  • Problem Description: Some files and directories have 777
 permissions in the secured install tree of the Monitoring Agent
 for Linux OS
Problem/Problem Summary: The 6.30 FP4 Monitoring Agent for Linux
 OS directory structure under <CandleHome>/<Architecture>/osfcp
 remains with worldwide writeable permissions after the
 execution of command secureMain -g <group> to lock the install
 tree down.

Problem conclusion

  • 



Temporary fix


    

  • None currently.

6.30 FP5 Monitoring Agent for Linux OS will install osfcp files
into:
<CandleHome>/<Architecture>/lz/bin
and
<CandleHome>/<Architecture>/lz/lib

These subdirectories are properly managed by the secureMain
command.

    



Comments


    

  • 



APAR Information




    

  • APAR number
    IV70421
    • 

  • Reported component name
    ITM AGENT LINUX
    • 

  • Reported component ID
    5724C04LN
    • 

  • Reported release
    630
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-03-02
    • 

  • Closed date
    2015-03-13
    • 

  • Last modified date
    2015-03-13
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    

  • R630  PSY
       UP
    • 

  • R610  PSN
       UP
    • 

  • R620  PSN
       UP
    • 

  • R621  PSN
       UP
    • 

  • R622  PSN
       UP
    • 

  • R623  PSN
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 December 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback