Security Agent for UNIX includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Security Agent for UNIX NetIQ Documentation page. To download this product, see the Security Agent for UNIX Product Upgrade website.
The following outline the key features and functions provided by this version, as well as issues resolved in this release:
Security Agent for UNIX includes support for the following platforms:
- Red Hat Enterprise Linux 7.2
- Red Hat Enterprise Linux 7.1
- Red Hat Enterprise Linux 7.0
- Red Hat Enterprise Linux 6.7
- SUSE Linux Enterprise Server 12 SP1
- SUSE Linux Enterprise Server 12
For more information see, Technical Information page.
Security Agent for UNIX includes enhancements and software fixes that resolve several previous issues.
The new Agent Manager Connector addresses communication issues between the Security Agent for UNIX and the Sentinel server due to a mismatch of the hostname in the certificate.
When you assign the policies to the agent, the audit rules are dynamically created based on the required criteria. When you unassign the policies, the audit rules are dynamically destroyed.
You can install Security Agent for UNIX 7.5 in FIPS mode. For more information see, Understanding FIPS Implementation in Security Agent for UNIX Installation and Configuration Guide.
You can install Security Agent for UNIX 7.5 on all 64-bit platforms without any 32-bit library dependencies.
Open Enterprise Server (OES) rule group monitors Linux Auditing events generated by Network Security Services (NSS) auditing engine on Open Enterprise Server computers using the Agent. The Agent reads the Open Enterprise Server events and forwards the events to Sentinel.
Issue: When the event load on Security Agent for UNIX exceeds approximately 250 EPS, it accumulates a large number of spool files. As a result, the disk fills up and the event flow stops to Sentinel.(Bug 1027965)
Fix: Security Agent for UNIX performance is improved and certified to handle approximately 3000 EPS on testing hardware.
For detailed information on hardware requirements and supported operating systems and browsers, see Technical Information page.
The following steps provide an overview of how to install the Security Agent for UNIX:
Install the UNIX Agent Manager Server.
On the computers where you want to monitor agents, install the UNIX Agent Manager Console.
On the UNIX and Linux computers you want to manage, install Security Agent for UNIX.
For more information about installing these components, or if you are upgrading from a previous release, see the Security Agent for UNIX Installation and Configuration Guide, on the Change Guardian Documentation Web site.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
The HP-UX 11iv3 auditing subsystem does not provide information for the utimes, utime, dup, or dup2 system calls. This limitation means that Change Guardian is not able to report events for the utimes access type in the CGU FileMod object and cannot report events when the contents of a file changes.
When you monitor changes to the attributes of a file on a HP-UX computer, Change Guardian does not generate events when the time attribute changes. (Bug 969023)
The Security Agent for UNIX on RHEL 7.2 does not generate file handling events while using the Vi command, because the auditing system cannot generate utime events. (Bug 968824)
Issue: When you forward File Integrity Changed events from the agent for Change Guardian to the Standalone Sentinel server, file integrity attachments might display the following exception: Error parsing JSON: ReferenceError: changed is not defined.(Bug 971624)
Note: This issue is not found in Sentinel 7.4 or later versions.
Workaround: Ignore the exception. There is no impact to the performance because of this exception.
Issue: When you enable the Including Subdirectories or Excluding Subdirectories filter for monitoring file deletion, the events generated for file deletion do not display correct path information for the deleted files. The events are generated as file deletion events when you delete directories and sub-directories, even though the policy applied is for monitoring file deletion only.
When you enable Excluding Subdirectories filter, events are generated when you delete files under subdirectories also.(Bug 975953)
When you delete or rename directories on Linux platforms, the audit logs show null value for the directory name. Change Guardian might not capture the correct directory name in the audit logs. (Bug 974273)
Issue: When the UNIX Agent Manager is running in FIPS mode, it does not support the remote deployment of the agents. (Bug 989710)
Workaround: You should manually install the agents, and then add them to UAM using Add Host.
To enable the UNIX file system browser in Change Guardian, you must set the repositoryEnabled flag (under HKLM\Software\NetIQ\ChangeGuardianAgent\repositoryEnabled) to 1, and then restart the agent.
If you do not manually set the flag to 1, when you use the Registry Browser, you will receive a Could not connect to UNIX Data Source error. (Bug 981826)
NOTE:To enable browsing for UNIX data sources while creating a policy, the computer where you install the Policy Editor must have a Windows agent. If you do not install an agent on the Policy Editor computer, you must manually enter the data source paths while creating a policy.
Issue: Due to important security updates to OpenSSL, the normal upgrade process for agents prior to UNIX Agent Manager 7.5 fails with the following error: ERROR: An error was encountered while performing the upgrade.....(Bug 995912)
Workaround: To upgrade the agent, perform the steps in Upgrading Agent to 7.5 Using UNIX Agent Manager.
Issue: When you install and register Security Agent for Unix 7.5 to Secure Configuration Manager 6.0 in FIPS mode, the agent will display an error.(Bug 996866)
Workaround: Upgrade Secure Configuration Manager to 6.1 or higher versions. For more information, see Upgrading Secure Configuration Manager.
When the operating system is running in FIPS mode, UNIX Agent Manager 7.5 (Linux and Windows) cannot deploy the Security Agent for UNIX. It displays the following error:
SSH Install Failed - Session.connect: java.io.IOException: End of IO Stream ReadInstallation Failed - Session.connect: java.io.IOException: End of IO Stream Read.(Bug 999496)
Issue: The communication between UNIX Agent Manager 7.5 and Security Agent for UNIX 7.4 fails due to protocol mismatch.
Workaround: Upgrade Security Agent for UNIX 7.4 to 7.5. For more information about upgrading to Security Agent for UNIX 7.5, see Upgrading Agent Using UNIX Agent Manager (Bug 989481).
The Assets Monitoring Failures report contains Windows assets only. It does not contain data related to the UNIX assets (Bug 906282).
Issue: File was deleted events are not generated when soft link for file is deleted (Bug 975575).
Issue: Sentinel Agent Manager Connector does not work in FIPS mode.
Workaround: For the Sentinel Agent Manager Connector to work in FIPS mode, perform the steps mentioned in NetIQ Knowledge Base Article 7018187. (Bug 997589)
Issue: UAM 7.4 is packaged and is compatible with AppManager Agent for UNIX 8.1. When the Security Agent for UNIX 7.5 is installed on the same host as the AppManager Agent for UNIX, it becomes incompatible with UAM 7.4 due to secure communication incompatibilities. Therefore, UAM 7.5 must be used to manage the Security Agent for UNIX 7.5 on the host.
NOTE:UAM 7.5 is not compatible with AppManager Agent for UNIX.
Workaround: For instructions on managing the AppManager Agent for UNIX installations on the hosts where Security Agent for UNIX 7.5 is also installed, use the procedure, Installing Locally on a UNIX or Linux Computer in NetIQ AppManager for UNIX and Linux Servers Management Guide. (Bug 1001277)
The following are known issues with version 7.4 of the UNIX agent:
If the Change Guardian Server is running in FIPS mode, version 7.4 of the UNIX agent cannot register with the Change Guardian Policy Repository. (Bug 948202)
When you are creating a policy, if you browse to a UNIX agent that is version 7.4 or older, you will receive a Could not connect to UNIX Data Source error. You can avoid this error by manually entering the file paths in the policy. To find the file paths, log on to the UNIX or Linux computer you want to monitor, and then use the cd and ls commands. (Bug 953718)
If you are using a version of the UNIX agent released prior to December 2015, the Policy Name and Policy ID fields on UNIX events are blank. Functionality that uses the information in these fields, such as alerts, does not work. (Bug 906274)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2016 NetIQ Corporation. All Rights Reserved.