STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:SV-89573r1_rule
V-74899
SRG-APP-000172-AS-000121
MQMH-AS-001010
CAT II
10
Specify LDAP as the authentication method for each queue manager.
To access the MQ Appliance CLI, enter:
mqcli
runmqsc [queue manager name]
DEFINE AUTHINFO('[Object name e.g., USE.LDAP]')
AUTHTYPE(IDPWLDAP)
CONNAME('[ldap1(port),ldap2(port),ldap3(port)]')
SECCOMM(YES) [Ensures encryption is used]
SHORTUSR('[short user name]')
CHCKCLNT(REQUIRED)
BASEDNU('base user DN')
REPLACE
ALTER QMGR CONNAUTH('[AUTHINFO object name]')
REFRESH SECURITY TYPE(CONNAUTH)
Type "end" to exit runmqsc mode.
To access the MQ Appliance CLI, for each queue manager, enter:
mqcli
To identify the queue managers, enter:
dspmq
For each queue manager identified, run the command:
runmqsc [queue name]
To display the active authentication object, enter:
DIS QMGR CONNAUTH
Result: QMNAME([queue mgr name]) CONNAUTH([auth object name])
DIS AUTHINFO(auth object name)
Verify that "AUTHTYPE(IDPWLDAP)", and "SECCOMM(YES)" are displayed, and that all parameters are correctly specified to use the organizationally approved LDAP server(s).
If these parameter values cannot be verified, this is a finding.
V-74899
False
MQMH-AS-001010
To access the MQ Appliance CLI, for each queue manager, enter:
mqcli
To identify the queue managers, enter:
dspmq
For each queue manager identified, run the command:
runmqsc [queue name]
To display the active authentication object, enter:
DIS QMGR CONNAUTH
Result: QMNAME([queue mgr name]) CONNAUTH([auth object name])
DIS AUTHINFO(auth object name)
Verify that "AUTHTYPE(IDPWLDAP)", and "SECCOMM(YES)" are displayed, and that all parameters are correctly specified to use the organizationally approved LDAP server(s).
If these parameter values cannot be verified, this is a finding.
M
3239