ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

MOI security vulnerability fix for SSH ciphers and TLS security issue with DAAS ports


Article ID: 221417


Updated On:


Mainframe Operational Intelligence


Using the attached security vulnerability script:

1) this patch addresses the SSH vulnerability by updating the Ciphers used for SSH in the MOI appliance file  /etc/ssh/sshd_config file as follows: 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

2)  it also removes the data service (daas) ports  7160 and 7161  by updating the MOI appliance file /opt/moi/dataservice/normal/docker-compose.yml

          to address the TLS vulnerability with these ports.


Note that by turning off ports 7160 and 7161, Vantage Integration(deep linking) with the MOI UI WILL NOT be available.   

Only use this security vulnerability patch, it Vantage deep linking with MOI is not needed. 




Release : 2.0



Steps to run the patch script on each MOI Appliance that is installed:

1) Download/Copy the file to the MOI appliance box.

2) Give execute permission to using the following command

   chmod +x

3) Execute the script using the following command


4) Once the execution is complete, the dataservice_dataservice_1 will be restarted since the daas ports were removed.

5) Execute command      docker ps -a   to monitor the health of the containers.                                                

   (wait 5 mins and check to ensure that all the Docker containers are up and healthy)

Attachments get_app