NetIQ Secure Configuration Manager Windows Agent

Version 5.9 Service Pack 1

Hotfix 7013280

Date Published: November 2013

 
 

 

This hotfix updates NetIQ Secure Configuration Manager Windows Agent (Windows agent). This document outlines why you should install this hotfix.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Secure Configuration Manager Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the NetIQ Documentation page. To download this product, see the Secure Configuration Manager Product Upgrade Web site.

Return to Top

Why Install This Hotfix?

This hotfix updates the Windows agent to gather data from Oracle 11g and Oracle 11gR2 endpoints to support the CIS Benchmark for Oracle Database Server 11 - 11g R2 policy template. This policy template includes the following new security checks for Oracle 11g and Oracle 11gR2:

  • Auditing enabled for specified statements
  • Auditing enabled for specified system and object privileges
  • Auditing enabled on SYS.AUD$ table
  • Built-in accounts available for use
  • Built-in accounts with default passwords (Oracle 11)
  • Check tables by name and owner
  • Configuration parameter settings in the initialization parameter files
  • Configuration parameter settings in the initialization parameter files for comma separated values
  • Configuration parameter settings in the listener.ora file
  • Grace time for the DB profile
  • Initialization parameters settings
  • Login attempts threshold in DB profile
  • Maximum number of sessions per DB user
  • Object privileges granted to Oracle roles and users
  • Password history for the DB profile
  • Password life time for DB profile
  • Password lock time for the DB profile
  • Presence of extproc parameter in the listener.ora file
  • Password reuse settings for the DB Profile
  • Proxy user account privileges
  • Password verification function
  • Registration requests through secure transport in listener.ora
  • Roles granted to users and roles
  • Roles with EXECUTE privilege to Oracle packages
  • Standard ports in listener.ora file
  • Table privileges granted to Oracle roles and users
  • Unnecessary privileges assigned to users
  • User access to system privileges

Return to Top

System Requirements

This hotfix requires the following product versions:

  • NetIQ Secure Configuration Manager 5.9.1.
  • NetIQ Secure Configuration Manager Windows Agent 5.9 Service Pack 1.

Return to Top

Installing This Hotfix

To deploy this hotfix to remote computers:

NetIQ recommends that you use the Secure Configuration Manager console, to deploy this hotfix. For more information about deploying the hotfix, see the Help or Section 4.3.2 Updating a Windows Agent in the Installation and Configuration Guide for NetIQ Secure Configuration Manager Windows Agent.

Note

  • This hotfix package includes the NSAW591_Hotfix7013280.nap file that you need for remote deployment.
  • Deploy this hotfix to every Windows agent.

To install this hotfix on local computer:

  1. Log on to the agent computer with an administrator account.
  2. Run the NSAW591_Hotfix7013280.msp file.
  3. Follow the instructions in the wizard until you have finished installing the hotfix.
  4. Run the AutoSync wizard to download and apply the latest security knowledge for updating Windows security checks and policy templates.
  5. Repeat Steps 1 through 4 on each Windows agent computer.

Return to Top

Verifying the Hotfix Installation

To verify that the Windows agent installation was successful, on the computer where you installed the Windows agent, open the Control Panel utility for adding and removing programs and click View installed updates and verify that the list of currently installed programs includes Windows Agent 5.9 SP1 Hotfix 7013280

Return to Top

Modified Files

This hotfix modifies the following files in the Secure Configuration Manager prp folder, by default C:\Program Files (x86)\netiq\NetIQ Security Agent for Windows\:

  • bin/Oracle.dll
  • mof/OracleConf_1_1.mof
  • mof/Oracle_1_1.mof
  • mof/Oracle.xml
  • script/netiq_windows_adv_audit_pol.js
  • script/netiq_windows_security_policy.js

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

Return to Top

Legal Notice

Return to Top