Novell Privileged User Manager 2.2.1 Patch Release

March 31, 2010

1.0 Purpose of the Patch

Novell Privileged User Manager 2.2.1-2 (Hot Fix 2) is a bundle of fixes for Novell Privileged User Manager 2.2.1. This patch includes fixes for the following modules:

1.1 Audit Manager (audit) and Administration Manager (admin) 2.2.1-2

The patch for this module includes the following fixes:

  • Bug 580923: Implementation of multiple password filters is required.

    Solution: Ability to use regular expression in password filter that matches multiple strings is added.

1.2 Command Control Agent (rexec) 2.2.1-2

The patch for this module includes the following fixes:

  • Bug 575448: Command from /etc/profile on HP-UX Itanium B.11.23 is not working with crush.

    Solution: Implementation of the new utmp system calls on HP-UX Itanium resolves this problem.

  • Bug 573980: The rush process remains even after killing the ssh or telnet session.

    Solution: Ensuring that the rush process receives the correct HUP signal when running a child process resolves the problem.

1.3 Command Control Manager (cmdctrl) and Command Control Console (cmdctrl) 2.2.1-2

The patch for this module includes the following fixes:

  • Bug 578268: Enhanced file protection and access control is required.

    Solution: Added Enhanced Access Control functionality that allows policies to restrict applications based upon files and directories. A sample script has been added to the PUM Command Control console (Enhanced Access Control Policy) to allow fine grained access control to be applied to a user’s privileged session. Full documentation for the policy is included in the sample script.

  • Bug 582636: The ability to use templates when setting the run user and host is required.

    Solution: Using the ${}$ template, changing the run user and host based on other attributes in the meta data is possible.

1.4 Command Reporting Console (report_command) 2.2.1-2

The patch for this module includes the following fixes:

  • Bug 559846: Performance issues on large audit databases.

    Solution: Made computationally expensive columns optional for the report and improved the query performance for large audit databases

1.5 Compliance Auditor (secaudit) 2.2.1-2

The patch for this module includes the following fixes:

  • Bug 580607: If a user with limited access to "audit roles" selects the "Authorized" option, all the records, including the records permitted to be viewed, are hidden from the view.

    Solution: Compliance Auditor now shows filtered events.

1.6 Distribution Agent (distrib) and Agent Console (servers) 2.2.1-2

  • Bug 584236: Ability to stop people accidentally installing manager modules needs to be provided.

    Solution: Added ability to restrict users to install specific modules. When a user is assigned the distrib.acl role, attempts to install modules will require the user to have the relevant distrib.Module:module role, where module is the package name of the module. For example, to restrict a user to managing only PUM agent packages, they would need the following roles:

    distrib.acl

    distrib.Module:distrib

    distrib.Module:regclnt

    distrib.Module:strfwd

    distrib.Module:rexec

1.7 Syslog Emmitter(syslog) 2.2.1-2

  • Bug 587611: Syslog emmitter starts a session when the authorization fails.

    Solution: No session is started when authorization fails.

2.0 Installing the Patch

Privileged User Manager supports two ways to patch your system:

2.1 Using the Package Manager with NCC

During the process of installing the packages via the Framework, you can create a backup of the existing packages that are being replaced. To create the backup, you need to leave the Create backup option enabled when installing the patch. Then if you want to remove the update, you can use the Rollback Packages option.

  1. Configure the Package Manager for Novell Customer Center (NCC):

    1. Log in to the Framework Manager console.

    2. Click Package Manager.

    3. In the left frame, click Settings

    4. From the drop-down menu, select Novell Update Server.

    5. Configure the following fields:

      User name: Specify the username that allows you to log in to the Novell Customer Center.

      Password: Specify the password that is associated with this account.

    6. Select the Advanced Settings, then specify the NCC Update URL from the e-mail you received.

    7. Click Finish.

  2. (Conditional) If you do not have the Framework patch loaded in your Package Manager:

    1. In the left frame of the Package Manager page, select Add Packages.

    2. Select the Framework Patches, then click Next.

    3. After the patches are loaded, click Finish.

  3. Load the updates:

    1. In the left frame of the Package Manager page, click Check for Updates.

    2. If updates are listed, select the packages, then click Next.

    3. After the patches are loaded, click Finish.

  4. To push the patches to your host machines, continue with Section 2.3, Installing the Patches on Host Machines.

2.2 Using the Package Manager with a Local Server

  1. Download the patch manually:

    1. On http://download.novell.com, select the Basic Search tab.

    2. Under Product or Technology, select Privileged User Manager, then select Search.

    3. On the Patches tab, select to download Privileged User Manager 2.2.1-2 (Hot Fix 2).

  2. Extract and publish packages into the Framework:

    1. Copy the novell-npum-packages-2.2.1-2.tar file to one of your Privileged User Manager machines.

    2. Extract novell-npum-packages-2.2.1-2.tar into a temporary location, such as a /tmp/framework/ directory.

      tar -xvf novell-npum-packages-2.2.1-2.tar 
      
    3. Publish the packages to your Framework, using the following command:

      /opt/novell/npum/sbin/unifi -u admin distrib publish -d /tmp/framework/packages/
      

      If you did not extract the packages to the /tmp/framework directory, replace /tmp/framework with the path to your directory.

    4. When prompted, enter the name and password for the administrator user.

  3. To push the patches to your host machines, continue with Section 2.3, Installing the Patches on Host Machines.

2.3 Installing the Patches on Host Machines

During the process of installing the packages via the Framework, you can create a backup of the existing packages that are being replaced. To create the backup, you need to leave the Create backup option enabled when installing the patch. Then if you want to remove the update, you can use the Rollback Packages option.

You can select to install the patches on all hosts or on selected hosts.

  1. Log in to the Framework Manager console.

  2. To install the patches on all hosts (if you want to install the patches on only selected hosts, skip to Step 3):

    1. On the Home page, click Hosts.

    2. Select the root most domain.

    3. In the left frame, select Update Domain Packages.

    4. Select the desired hosts.

      Use Shift+click or Ctrl+click to select multiple hosts.

    5. Click Next.

      A message should be displayed, stating:

      Command Reporting Console version 2.2.1-2 (Rev:21032,Bld:4699) on sd142: successfully installed 
      
      Command Control Agent version 2.2.1-2 (Rev:21122,Bld:4702) on sd142: successfully installed 
      
      Compliance Auditor version 2.2.1-2 (Rev:21034,Bld:4699) on sd142: successfully installed 
      
      Registry Manager version 2.2.1-2 (Rev:21132,Bld:4702) on sd142: successfully installed 
      
      Framework Patch version 2.2.1-2 (Rev:20854,Bld:4670) on sd142: successfully installed
      
      
      Command Control Agent version 2.2.1-2 (Rev:21122,Bld:4702) on sd143: successfully installed 
      
      Framework Patch version 2.2.1-2 (Rev:20854,Bld:4670) on sd143: successfully installed 
       
      
    6. Click Finish.

  3. To install the patches on selected hosts:

    1. On the Home page, click Hosts.

    2. In the left frame, select Update Packages.

    3. Select the desired Hosts.

      Use Shift+click or Ctrl+click to select multiple hosts.

    4. Click Next.

      A message should be displayed, stating:

      Command Reporting Console version 2.2.1-2 (Rev:21032,Bld:4699) on sd142: successfully installed 
      
      Command Control Agent version 2.2.1-2 (Rev:21122,Bld:4702) on sd142: successfully installed 
      
      Compliance Auditor version 2.2.1-2 (Rev:21034,Bld:4699) on sd142: successfully installed 
      
      Registry Manager version 2.2.1-2 (Rev:21132,Bld:4702) on sd142: successfully installed 
      
      Framework Patch version 2.2.1-2 (Rev:20854,Bld:4670) on sd142: successfully installed 
       
      
    5. Click Finish.

3.0 Documentation

The following sources provide information about Novell Privileged User Manager 2.2.1:

4.0 Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (®, ™, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark