NetIQ Secure Configuration Manager UNIX Agent

Version 7.4

Patch p74p2 Release Notes

Date Published: January 2015
 

 

Why Install This Patch?

System Requirements

Installing This Patch

Verifying the Installation

Uninstalling This Patch

Modified Files

New Files

Contact Information

Legal Notice

 

 

This patch updates NetIQ Secure Configuration Manager UNIX Agent (UNIX agent) version 7.4. This document outlines why you should install this patch.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Secure Configuration Manager Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

Why Install This Patch?

This patch updates the UNIX Agent 7.4 to support running the following templates:

  • CIS Level One Benchmark policy template against RHEL5 endpoints
  • CIS Level Two Benchmark policy template against RHEL5 endpoints
  • CIS Level One Benchmark policy template against RHEL6 endpoints
  • CIS Level Two Benchmark policy template against RHEL6 endpoints
  • CIS Level One Benchmark policy template v1.3.0 against RHEL6 endpoints
  • CIS Level Two Benchmark policy template v1.3.0 against RHEL6 endpoints
  • CIS Level One Benchmark policy template against SUSE Linux Enterprise Server 11
  • CIS Level Two Benchmark policy template against SUSE Linux Enterprise Server 11

The CIS RHEL5 Benchmark policy template includes the following new security checks:

  • List world writeable files
  • Log rotate verification
  • Mounted file system without proper option
  • Non system account home directory ownership
  • Non system accounts with nonexistent home directories
  • Non system accounts with reserved UIDs
  • RHEL packages integrity check
  • RHEL system packages installed properly
  • SSL configuration verification
  • System accounts not disabled
  • Validate grep output with expected value
  • Validate SELinux enabled in /etc/grub.conf
  • Validate service configuration (chkconfig)
  • Validate the file configuration parameters
  • Verify auditing enabled for processes that starts prior to auditd
  • Verify CIS audit rules configuration for RHEL5
  • Verify cron job setup
  • Verify for unconfined Daemons
  • Verify for updates using yum
  • Verify grep output with expected value
  • Verify Kernel parameters with expected value
  • Verify regular expression matches file content
  • Verify root login restriction
  • Verify software installed
  • Verify software not installed
  • Verify syslog files existence and permissions
  • Verify syslog remote logging configuration
  • Verify tracking of mount and unmount system call in audit log
  • /etc/hosts.allow file exists
  • Check invalid groups in /etc/passwd
  • Check password hashing algorithm set to SHA-512 for Linux
  • Check SSH banner
  • Check the display of OS information from Login Warning Banner
  • Content verification of hosts.deny file
  • File system partitions verification
  • List unauthorized SUID/SGID system executable files
  • List mounted file system without proper option
  • List failed login attempts allowed
  • List active interfaces
  • Kernel parameters check
  • Kernel parameter value
  • Inactive user account lock duration for Linux

The CIS RHEL6 Benchmark policy template includes the following new security checks:

  • Non system users with nonexistent home directories

The CIS SUSE Linux Enterprise Server 11 Benchmark policy template includes the following new security checks:

  • Enable XD or NX support on Linux
  • Check Apparmor status for SUSE
  • Verify for updates using zypper
  • PAM configuration check
  • Group is empty

Return to Top

System Requirements

This patch requires the following product versions:

  • NetIQ Secure Configuration Manager 6.0.
  • NetIQ Secure Configuration Manager UNIX Agent 7.4 or Secure Configuration Manager UNIX Agent 7.4 with patch p74p1

Return to Top

Installing This Patch

To update the agent using the UNIX Agent Manager:

  1. Click Patch > Patch Manager.
  2. Click Load Patch to add the p74p2 patch to the list of available patches.
  3. Select the computers on which you want to apply the patch.
  4. Select the patch.
  5. Click Start Install.
  6. Click Back to close the Patch Manager.
  7. In the Secure Configuration Manager console, download the CIS Benchmark policy template from the AutoSync Server.

Return to Top

Verifying the Installation

To verify that the installation was successful:

  1. Click Patch > Patch Manager.
  2. Select the host in which the patch is applied.
  3. Click Patch History.
  4. Verify that patch(7.4.0.2) is listed in the Applied Patches list.

Return to Top

Uninstalling This Patch

To uninstall this patch:

  1. Click Patch > Patch Manager.
  2. Select the host in which the patch is applied.
  3. Click Uninstall Patch.
  4. Select patch(7.4.0.2).
  5. Click Start Uninstall.

Return to Top

Modified Files

This patch does not modify any files in the installation folder, which is /usr/netiq/ by default.

Return to Top

New Files

This patch adds the following files to the installation folder, which is /usr/netiq/ by default:

  • cmnagent/script/apparmor_status.sh
  • cmnagent/script/dmesg.sh
  • cmnagent/script/inactive_acct.sh
  • cmnagent/script/package_integrity_check.sh
  • cmnagent/script/password_hash_algo.sh
  • cmnagent/script/system_file_permission_validate.sh
  • cmnagent/script/unix_get_root_path.sh
  • cmnagent/script/unconfined_deamon.sh
  • cmnagent/script/yum.sh
  • cmnagent/script/zypper.sh

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

Return to Top

Legal Notice

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

© 2015 NetIQ Corporation. All Rights Reserved.

For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.

Return to Top