Change Guardian |
Version 4.1 Service Pack 1 |
Release Notes |
Date Published: September 2014 |
|
|
NetIQ Change Guardian 4.1 Service Pack 1 improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Change Guardian forum in the NetIQ Forums, our online community that also includes product information, blogs, and links to helpful resources. The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product, see the NetIQ Downloads Web site. To download patches for this product, see the Patch Finder Web site. What's New?The following outline the key features and functions provided by this version, as well as issues resolved in this release: EnhancementsSyslog ForwardingChange Guardian 4.1 SP1 allows you to use Syslog to forward events with the Common Event Format (CEF) specification. Software FixesChange Guardian 4.1 SP1 includes software fixes that resolve several previous issues. If you use the upgrade installer, the set of new features and fixed defects depend upon the version from which you upgrade. For example, if the system is running Change Guardian 4.0 SP1, defect fixes from Change Guardian 4.1 are also applied as part of this upgrade. Special Characters in Policy Names and Descriptions Cause an Error when Upgrading to Version 4.1
Change Guardian for Active Directory Might Not Send User and Group Events After Rebooting a Monitored Domain ControllerChange Guardian for Active Directory now correctly re-establishes user and group monitoring after rebooting a monitored Domain Controller. (ENG329595) Additional and Delayed Events Arrive when Configuring Windows Firewall
Resource Expansion Cannot Use Credentials from Different DomainsResource expansion is now able to use credentials from different domains. (ENG330278, ENG332023) Email Alert Displays Arabic Characters IncorrectlyEmail alerts in Change Guardian now display Arabic characters correctly. (ENG331437) LDAP Authentication Fails when User Account Names Include a PeriodUsers can now authenticate in the Policy Editor through LDAP with an Active Directory user account that contains a period (.) in the name. (ENG334581) NT Authority\System Account Not Allowed in Local User RestrictionsPolicy Editor now allows you to use the NT Authority\System account in Local User Restrictions. (ENG335177) System RequirementsFor detailed information on hardware requirements and supported operating systems and browsers, see the User Guide for NetIQ Change Guardian. Installing This VersionThis service pack includes a full version of Change Guardian. For detailed information about installing Change Guardian components and modules, see the User Guide for NetIQ Change Guardian. Installing Change GuardianYou can install this version in a clean environment or upgrade an existing installation. Installing the Change Guardian ServerFor information about installing the Change Guardian server, see the User Guide for NetIQ Change Guardian. Installing the Change Guardian Console and Windows Agent(Conditional) To locally install the Change Guardian console or Windows agent, see the instructions in the User Guide for NetIQ Change Guardian. (Conditional) To distribute the Windows agent to multiple computers, complete the steps for creating a silent installer package in Upgrading the Console and Windows Agent. Upgrading Change GuardianYou can also apply this service pack to the following Change Guardian components:
Upgrading the Change Guardian Server ApplianceYou must use the zypper patch to upgrade the Change Guardian server appliance. You cannot use WebYaST to upgrade.
To upgrade the appliance by using the zypper patch:
Upgrading the Change Guardian Server on a Standard ComputerTo upgrade the Change Guardian Server on a standard computer, perform the installation steps in the User Guide for NetIQ Change Guardian.
Upgrading the Console and Windows AgentYou can use the IqcgInstaller.exe program in the installation kit to locally update a console or Windows agent or create a silent installer package for upgrading multiple agents. (Conditional) To locally install the console or Windows agent, run the IqcgInstaller.exe program and follow the steps in the wizard. (Conditional) To silently install or upgrade the Windows agent, you must create a silent installer package. Complete the following steps: To create a silent installer package:
Known IssuesNetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Upgrade Fails if You Renamed the .msi Package for the Original InstallationIf you renamed the .msi file when packaging the program to silently install a previous version of Change Guardian, the upgrade to the current release fails. During an upgrade, Microsoft Windows looks for an original installation with the same identification as the .msi package for the upgrade. For more information about this issue, see the Windows Installer Team Blog. (ENG328889) Upgrading the Windows Agent Out of Order Prevents Agent from Receiving PoliciesYou should upgrade the Change Guardian Server prior to upgrading the Windows agent. If you upgrade the Windows agent before you upgrade the Change Guardian Server, the agent will not receive policy updates after the server upgrade. To enable the agent to receive policy updates again, restart the Change Guardian service on the agent machine. (ENG335193) Upgrading the Appliance from 4.0.x Removes Change Guardian User AccountsUpgrading the Change Guardian appliance from 4.0 to 4.1 SP1 removes any previously created Change Guardian user accounts. The cgadmin account is recreated with its password set to a random value. After the update, you will need to log on to the Change Guardian web console using the "admin" account to reset the password for the "cgadmin" account. You must recreate all other user accounts. Unsupported Event Routing Rules are Visible After Upgrading from 4.0The following Event Routing Rules rules are visible after upgrading from Change Guardian 4.0:
For assistance removing these Event Routing Rules, contact Support. (DOC333152) Default Database Service Port Must Be Used for Change Guardian ServerTo successfully install Change Guardian 4.1 SP1, you cannot modify the default Database Service port. (ENG333165) Event Severity is Always Calculated Automatically for Unix Agent EventsEvent Severity is always calculated automatically for Unix Agent events, including events generated by policies configured with a custom severity.(DOC333969) VMware vSphere 5.5 Web Client Cannot Import OVF Templates
Modifications to System-Only Object Might Not Generate Security EventsChange Guardian for Active Directory requires a security event to generate a Change Guardian event. System-only object attributes in Active Directory cannot be modified manually. They can only be modified internally by Active Directory. Modifications to system-only attributes do not generate security events, so Change Guardian is unaware of these changes and cannot track them or create Change Guardian events. (ENG332134) Missing Sections in 'Process was Terminated' EventsIf you create a process policy in Change Guardian for Windows that monitors an application for Process was Terminated events, and the monitored application is open before you assign the policy to the agent, when the monitored application shuts down, the generated event does not contain the Event Message and Who sections. To ensure the generated event contains all sections, turn off the application you want to monitor before assigning the policy to the agent. After you assign the policy to the agent, start the application again. (ENG332876) Resource Expansion Cannot Expand Group Members from Trusted DomainsIf you configure resource expansion for a group that contains members from a trusted domain other than the domain to which the group belongs, Change Guardian cannot expand the group members. (ENG331982) Resource Expansion Does Not Support ParenthesesResource expansion does not work on Active Directory users or users of groups if the name attribute contains open or close parentheses: ( ) (ENG331896) 'Demoted from DC' Events Not Generated on Windows Server 2003If you configure Change Guardian for Active Directory to monitor for Computer Demoted from DC events, and the demoted computer is running Microsoft Windows Server 2003, a Computer Demoted from DC event is not generated. (ENG332176) Change Guardian for Active Directory Does Not Generate Some Events on Microsoft Windows Server 2012 R2If you run Change Guardian for Active Directory on a computer with the Microsoft Windows Server 2012 R2 operating system, Change Guardian for Active Directory does not generate some events. If you install Windows Update KB2911106, Change Guardian for Active Directory is able to generate all events except Active Directory Object was Renamed events. (ENG332396) Microsoft Windows Server 2012 R2 + KB2887595 Can Cause Instability on Domain ControllerIf your domain controller runs Windows Server 2012 R2, ensure you have installed the most recent Windows updates. If the most recent Windows Update you have installed is KB2887595, the computer can become unstable when the following are true:
(ENG332396) Change Guardian for Windows Does Not Capture Some File Share SettingsChange Guardian for Windows does not capture modifications to the following types of share settings:
(ENG326828) Migrating Locally Saved Policies Not SupportedBefore you upgrade the Policy Editor to the current version, ensure you back up or submit locally saved policies to the Change Guardian Policy Repository. If you upgrade without backing up locally saved policies from version 4.0 or version 4.0.1, the policies will be lost. (DOC331358) Active Directory Schema Events Might Display 'N/A' in Before and After FieldsThe Schema Attribute Modified and Schema Class Modified events from Active Directory do not support Before and After fields, and display N/A. (ENG330960) Reports Might Not Display Surrogate Characters CorrectlyAn issue with DevExpress prevents reports from displaying some surrogate characters correctly. (ENG332580) A Nessus Scan Results in Loss of Communication with Change Guardian ServerAn issue with proxy client connections causes Change Guardian to lose the connection with the Change Guardian server when you run a Nessus scan. To work around this issue, comment out the following section in the server.xml file:
<obj-component id="ProxyService">
<class>esecurity.ccs.comp.clientproxy.ClientProxyService</class>
<property name="clientports">ssl:${clientproxyservice.port.client}</property>
<property name="certclientports">ssl:${clientproxyservice.port.certclient}</property>
<property name="keystore">${esecurity.config.home}/config/.proxyServerKeystore</property>
<property name="certificateAlias">SentinelProxyServer</property>
</obj-component>
(ENG334480, ENG334500) Forwarded Events Might Contain Extra CharactersWhen you use the Syslog Dispatcher to forward events in Change Guardian, event attributes might contain additional backslash (\) characters to escape the following characters: \, =, and |. These extra characters are necessary to allow the event to conform to the Common Event Format (CEF) specification. To remove them, parse the events with a CEF parser. (ENG334907) File Integrity Diff Data Might Be Truncated in Events Forwarded to Syslog SeversIf you configure the Change Guardian Server to forward File Integrity events to a Syslog Server, and then you modify a monitored file, the diff data in the forwarded event might be truncated if the diff data size is greater than 1 KB. The forwarded event provides a URL that allows you to view the full event and the complete file diff data in the Change Guardian web console. (ENG335411) UNIX Agent Might Generate File Integrity Events without Diff DataIf a UNIX agent monitors for File Integrity changes, and a user modifies a monitored file, if the amount of modified data is larger than 1 KB, the generated event does not contain diff data. (ENG335309) Additions to DocumentationSupported Versions of Red Hat Enterprise Linux for ServersThe User Guide for NetIQ Change Guardian incorrectly specifies support for Red Hat Enterprise Linux for Servers 6.x. It should specify Red Hat Enterprise Linux for Servers 6.3 and 6.4. For the most current list of supported products, see the Technical Information for Change Guardian and Change Guardian Modules page. Contact InformationOur goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you. For detailed contact information, see the Support Contact Information Web site. For general corporate and product information, see the NetIQ Corporate Web site. For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels. Legal NoticeTHIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. © 2014 NetIQ Corporation. All Rights Reserved. For information about NetIQ trademarks, see http://www.netiq.com/company/legal/. | ||||||||||||||||||||||