MQSeries.net :: View topic

kordi · Posted: Fri Mar 13, 2026 7:40 am Post subject: Auditing MQ estate

Hi guys,

I am working on an Ansible scripts that would audit all our MQ servers and I am wondering what should be included in that task.

What came to my mind so far:
1. Checking if mTLS is enabled - (SSLCAUTH ne REQUIRED)
2. Checking if SSLCIPH is not empty and cipher is compliand with our rules
3. (Disscussable) Checking DEFPSIST in production (it's up to application to set persistance but who knows who work there

)
4. Checking if well known channels are disbaled (non existing SCYEXIT or CHLAUTH) - SYSTEM.AUTO.RECEIVER, SYSTEM.DEF.RECEIVER, SYSTEM.DEF.REQUESTER, SYSTEM.DEF.CLUSRCVR, SYSTEM.DEF.SVRCONN
5. Checking if inbound Message channels are authenticated - for RCVR channels SSLCIPH and SSLPEER should be non-blank. SSLCAUTH should be set to REQUIRED
Alternatively SCYEXIT should be non-blank.
6. Maybe checking if mqm group has any more users then mqm?

Will be happy to hear your thoughts.

Cheers
Kordi