NetIQ Secure Configuration Manager UNIX Agent

Version 7.3

Patch p73p1 Release Notes

Date Published: November 2013

 
 

 

This patch updates NetIQ Secure Configuration Manager UNIX Agent (UNIX agent). This document outlines why you should install this patch.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Secure Configuration Manager Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the NetIQ Documentation page. To download this product, see the Secure Configuration Manager Product Upgrade Web site.

Why Install This Patch?

This patch updates the UNIX agent to gather data from Oracle 11g and Oracle 11gR2 endpoints to support the CIS Benchmark for Oracle Database Server 11 - 11g R2 policy template. This policy template includes the following new security checks for Oracle 11g and Oracle 11gR2:

  • Auditing enabled for specified statements
  • Auditing enabled for specified system and object privileges
  • Auditing enabled on SYS.AUD$ table
  • Built-in accounts available for use
  • Built-in accounts with default passwords (Oracle 11)
  • Check tables by name and owner
  • Configuration parameter settings in the initialization parameter files
  • Configuration parameter settings in the initialization parameter files for comma separated values
  • Configuration parameter settings in the listener.ora file
  • Grace time for the DB profile
  • Initialization parameters settings
  • Login attempts threshold in DB profile
  • Maximum number of sessions per DB user
  • Object privileges granted to Oracle roles and users
  • Password history for the DB profile
  • Password life time for DB profile
  • Password lock time for the DB profile
  • Presence of extproc parameter in the listener.ora file
  • Password reuse settings for the DB Profile
  • Proxy user account privileges
  • Password verification function
  • Registration requests through secure transport in listener.ora
  • Roles granted to users and roles
  • Roles with EXECUTE privilege to Oracle packages
  • Standard ports in listener.ora file
  • Table privileges granted to Oracle roles and users
  • Unnecessary privileges assigned to users
  • User access to system privileges

Return to Top

System Requirements

This patch requires the following product versions:

  • NetIQ Secure Configuration Manager 5.9.1.
  • NetIQ Secure Configuration Manager UNIX Agent 7.3.

Return to Top

Installing This Patch

To update the agent by using UNIX Agent Manager:

  1. Click Patch > Patch Manager.
  2. Click Load Patch to add the p73p1 patch to the list of available patches.
  3. Select the computers in which you want to apply the patch.
  4. Select the patch.
  5. Click Start Install.
  6. Click Back to close the Patch Manager.
  7. Run the AutoSync wizard to download and apply the latest security knowledge for updating UNIX security checks and policy templates.

Return to Top

Verifying the Installation

Complete the following steps to verify that the installation was successful.

  1. Click Patch > Patch Manager.
  2. Select the host in which the patch is applied.
  3. Click Patch History.
  4. Verify that patch(7.3.0.1) is listed in the Applied Patches list.

Return to Top

Uninstalling This Patch

Complete the following steps to uninstall this patch:

  1. Click Patch > Patch Manager.
  2. Select the host in which the patch is applied.
  3. Click Uninstall Patch.
  4. Select patch(7.3.0.1).
  5. Click Start Uninstall.

Return to Top

Modified Files

This patch modifies the following files in the installation folder, by default /usr/netiq/:

  • cmnagent/lib/libOracle.so
  • cmnagent/mof/OracleConf_1_1.mof
  • cmnagent/mof/Oracle_1_1.mof
  • cmnagent/mof/Oracle_1_1.xml
  • cmnagent/script/oracle_users.sql

Return to Top

New Files

This patch adds the following files in the installation folder, by default /usr/netiq/:

  • cmnagent/script/oracle_audit_privs.sql
  • cmnagent/script/oracle_audit_stmt.sql
  • cmnagent/script/oracle_audit_opts.sql
  • cmnagent/script/oracle_users_defpwd.sql

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

Return to Top

Legal Notice

Return to Top

 
-->