Novell Privileged User Manager 2.2.1-2 (Hot Fix 2) is a bundle of fixes for Novell Privileged User Manager 2.2.1. This patch includes fixes for the following modules:
The patch for this module includes the following fixes:
Bug 580923: Implementation of multiple password filters is required.
Solution: Ability to use regular expression in password filter that matches multiple strings is added.
The patch for this module includes the following fixes:
Bug 575448: Command from /etc/profile on HP-UX Itanium B.11.23 is not working with crush.
Solution: Implementation of the new utmp system calls on HP-UX Itanium resolves this problem.
Bug 573980: The rush process remains even after killing the ssh or telnet session.
Solution: Ensuring that the rush process receives the correct HUP signal when running a child process resolves the problem.
The patch for this module includes the following fixes:
Bug 578268: Enhanced file protection and access control is required.
Solution: Added Enhanced Access Control functionality that allows policies to restrict applications based upon files and directories. A sample script has been added to the PUM Command Control console (Enhanced Access Control Policy) to allow fine grained access control to be applied to a user’s privileged session. Full documentation for the policy is included in the sample script.
Bug 582636: The ability to use templates when setting the run user and host is required.
Solution: Using the ${}$ template, changing the run user and host based on other attributes in the meta data is possible.
The patch for this module includes the following fixes:
Bug 559846: Performance issues on large audit databases.
Solution: Made computationally expensive columns optional for the report and improved the query performance for large audit databases
The patch for this module includes the following fixes:
Bug 580607: If a user with limited access to "audit roles" selects the "Authorized" option, all the records, including the records permitted to be viewed, are hidden from the view.
Solution: Compliance Auditor now shows filtered events.
Bug 584236: Ability to stop people accidentally installing manager modules needs to be provided.
Solution: Added ability to restrict users to install specific modules. When a user is assigned the distrib.acl role, attempts to install modules will require the user to have the relevant distrib.Module:module role, where module is the package name of the module. For example, to restrict a user to managing only PUM agent packages, they would need the following roles:
distrib.acl
distrib.Module:distrib
distrib.Module:regclnt
distrib.Module:strfwd
distrib.Module:rexec
Bug 587611: Syslog emmitter starts a session when the authorization fails.
Solution: No session is started when authorization fails.
Privileged User Manager supports two ways to patch your system:
You can configure your system to use the Novell Customer Center (NCC) and use the Package Manager to distribute the patch. See Section 2.1, Using the Package Manager with NCC
You can download the patch from Novell, install it on a local system, then use the Package Manager to distribute the patch. See Section 2.2, Using the Package Manager with a Local Server
During the process of installing the packages via the Framework, you can create a backup of the existing packages that are being replaced. To create the backup, you need to leave the option enabled when installing the patch. Then if you want to remove the update, you can use the option.
Configure the Package Manager for Novell Customer Center (NCC):
Log in to the Framework Manager console.
Click .
In the left frame, click
From the drop-down menu, select .
Configure the following fields:
User name: Specify the username that allows you to log in to the Novell Customer Center.
Password: Specify the password that is associated with this account.
Select the , then specify the NCC Update URL from the e-mail you received.
Click .
(Conditional) If you do not have the Framework patch loaded in your Package Manager:
In the left frame of the Package Manager page, select .
Select the , then click .
After the patches are loaded, click .
Load the updates:
In the left frame of the Package Manager page, click .
If updates are listed, select the packages, then click .
After the patches are loaded, click .
To push the patches to your host machines, continue with Section 2.3, Installing the Patches on Host Machines.
Download the patch manually:
On http://download.novell.com, select the tab.
Under , select , then select .
On the tab, select to download
Extract and publish packages into the Framework:
Copy the novell-npum-packages-2.2.1-2.tar file to one of your Privileged User Manager machines.
Extract novell-npum-packages-2.2.1-2.tar into a temporary location, such as a /tmp/framework/ directory.
tar -xvf novell-npum-packages-2.2.1-2.tar
Publish the packages to your Framework, using the following command:
/opt/novell/npum/sbin/unifi -u admin distrib publish -d /tmp/framework/packages/
If you did not extract the packages to the /tmp/framework directory, replace /tmp/framework with the path to your directory.
When prompted, enter the name and password for the administrator user.
To push the patches to your host machines, continue with Section 2.3, Installing the Patches on Host Machines.
During the process of installing the packages via the Framework, you can create a backup of the existing packages that are being replaced. To create the backup, you need to leave the option enabled when installing the patch. Then if you want to remove the update, you can use the option.
You can select to install the patches on all hosts or on selected hosts.
Log in to the Framework Manager console.
To install the patches on all hosts (if you want to install the patches on only selected hosts, skip to Step 3):
On the Home page, click .
Select the root most domain.
In the left frame, select .
Select the desired hosts.
Use Shift+click or Ctrl+click to select multiple hosts.
Click .
A message should be displayed, stating:
Command Reporting Console version 2.2.1-2 (Rev:21032,Bld:4699) on sd142: successfully installed Command Control Agent version 2.2.1-2 (Rev:21122,Bld:4702) on sd142: successfully installed Compliance Auditor version 2.2.1-2 (Rev:21034,Bld:4699) on sd142: successfully installed Registry Manager version 2.2.1-2 (Rev:21132,Bld:4702) on sd142: successfully installed Framework Patch version 2.2.1-2 (Rev:20854,Bld:4670) on sd142: successfully installed Command Control Agent version 2.2.1-2 (Rev:21122,Bld:4702) on sd143: successfully installed Framework Patch version 2.2.1-2 (Rev:20854,Bld:4670) on sd143: successfully installed
Click .
To install the patches on selected hosts:
On the Home page, click .
In the left frame, select .
Select the desired Hosts.
Use Shift+click or Ctrl+click to select multiple hosts.
Click .
A message should be displayed, stating:
Command Reporting Console version 2.2.1-2 (Rev:21032,Bld:4699) on sd142: successfully installed Command Control Agent version 2.2.1-2 (Rev:21122,Bld:4702) on sd142: successfully installed Compliance Auditor version 2.2.1-2 (Rev:21034,Bld:4699) on sd142: successfully installed Registry Manager version 2.2.1-2 (Rev:21132,Bld:4702) on sd142: successfully installed Framework Patch version 2.2.1-2 (Rev:20854,Bld:4670) on sd142: successfully installed
Click .
The following sources provide information about Novell Privileged User Manager 2.2.1:
For installation information, see the Novell Privileged User Manager Getting Started Guide.
For configuration information, see the Novell Privileged User Manager Administration Guide.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.