Reconfiguring Access Control and CxEngine (v9.3.0)

Owned by Johannes Stark (Unlicensed)
Last updated: Apr 08, 2021 by Daniel Golovkin (Deactivated)
3 min read

Environment variables can be reconfigured either by using the Reconfigure command or by entering the Environment Variables section under Windows Properties. Some parameters can be configured either via Silent Reconfigure or via the Environment Variables. In addition, the Environment Variables include parameters that are not related to Reconfigure such as the hostname and the IP address of the relevant host, and database parameters such as TLS

Once you install ActiveMQ, you have to reconfigure Access Control as mentioned here. In addition, you may reconfigure the CxEngine parameters as mentioned here.

Reconfiguring Access Control

Once you complete installing ActiveMQ, you have to return to the CxManager installation and run Reconfigure to update Access Control.

To reconfigure Access Control:

Run the following command: 

CxSetup.exe /install /quiet RECONFIGURE_ACCESS_CONTROL=1

Access Control parameters can be viewed and edited via Environment Variables that are available under Windows Properties.

Configuring CxEngine

After installing the ActiveMQ, you have to run Reconfigure to set the CxEngine parameters as illustrated and explained below. These parameters are available as Environment Variables for editing from the Windows Properties once they are set.

To reconfigure the CxEngine parameters to the default parameters:

CxSetup.exe /install /quiet RECONFIGURE_ENGINE=1

The default settings can be viewed in the Reconfigure Parameter table below.

To reconfigure selected settings to customized parameters and leave the remaining parameters at their default:

Use the syntax to reconfigure the CxEngine parameters to their default and list the ENGINE parameters with a different setting than the default. The example below illustrates setting the Engine settings to default, but with TLS enabled, which is disabled by default.

CxSetup.exe /install /quiet 
RECONFIGURE_ENGINE=1

ENGINE_TLS_ENABLE=true

To reconfigure all settings to customized parameters:

Use the syntax and list all ENGINE settings with their parameter settings as illustrated below. For this option, RECONFIGURE_ENGINE must be set to 0 and all ENGINE parameters must be listed.

CxSetup.exe /install /quiet 
RECONFIGURE_ENGINE=1

ENGINE_SERVICE_END_POINT=http://<fqdn>:8080
ENGINE_HTTP_PORT=8080
ENGINE_TLS_ENABLE=false
ENGINE_SETTINGS_FILE=<path to the JSON file 'engineConfiguration.json'>
ENGINE_FIREWALL_RULE=1
ENGINE_CERTIFICATE_SUBJECT_NAME=CxEngine
ENGINE_MESSAGE_QUEUE_DISABLE=none
ENGINE_MESSAGE_QUEUE_TTL=60
ENGINE_EA_ENABLED_QUEUES=ResultQueue;IncrementalFilesQueue
ENGINE_PUBLISHING_METHOD=MessageQueue


  • Errors in the URL such as an illegal port cause an error indication and you cannot continue the process until the error is corrected.
  • The CxEngine Server uses port 8080 by default. You can also use a different port, although it is not recommended.
  • All the CxEngine Server environment variables can be viewed and edited in the Windows Properties once the engine is configured and running.

Parameter Overview


 Parameters to configure the Engine server listed and explained.

Some of the values can be found as well among the Environment Variables.

Parameter

Settings

Description

ENGINE=
1: Installs CxEngine (default)
0: Remove or does not install CxEngine

Defines whether or not to install CxEngine.

ENGINE_SERVICE_ENDPOINT=http://localhost:8088 (default)URL of the CxEngine host. It contains the following components: http://<engine name>.<location.domain>:<port number> and could be for example something like http://engine1.checkmarx.com:8088
ENGINE_HTTP_PORT=8088 (default)  The port used by CxEngine.
ENGINE_TLS_ENABLE=true
false (default)

Set ENGINE_TLS_ENABLE=true and manually configure TLS once the installation is complete.

ENGINE_SETTINGS_FILE=Location of engineConfiguration.json

This file has to be generated on the CxManager host and copied to the CxEngine host as follows:

  1. On the host with CxManager installed, open the file explorer and navigate to the installation folder, for example C:\Program Files and from there to ..\Checkmarx\Tools\Engine Configuration Exporter
  2. Run EngineConfigExporter.bat. Two new folders are created, Logs and Output. The engine configuration file engineConfiguration.json is generated in the Output folder.
  3. Go to the Output folder and copy engineConfiguration.json to a location of your choice on the CxEngine station.
  4. Use the location of the JSON file for the Engine Settings file parameter, for example "C:\Users\<username>\config files\engineConfiguration.json"
ENGINE_FIREWALL_RULE=1: The installer creates a new firewall inbound rule for the CxEngine port (default).
0: No new rules are created. New needed firewall rules must be created manually. 

Creates a firewall inbound rule for the CxEngine port, depending on the setting.

ENGINE_CERTIFICATE_SUBJECT_NAME=CN=CxEngine (default)The engine certificate subject name.
ENGINE_MESSAGE_QUEUE_DISABLE=none (default)States which queues are disabled for the EngineService.
ENGINE_MESSAGE_QUEUE_TTL=60TTL = Time To Live
The max. lifetime (in seconds) of the message in the message queue.
ENGINE_EA_ENABLED_QUEUES=ResultQueue;IncrementalFilesQueue
ENGINE_PUBLISHING_METHOD=MessageQueueMethod of publishing scan results.

Common Use Cases

There are two commonly used scenarios for distributed installations:

  • Installing ActiveMQ after installing CxManager
  • Changing the host name of ActiveMQ

Installing ActiveMQ after CxManager

Changing the Host Name of ActiveMQ

  • After changing the host name of ActiveMQ, you have to reconfigure both the Access Control and CxEngine as explained above.