Date Published: March 2014

 

NetIQ Sentinel UNIX Agent

Version 7.4

Release Notes

 
 

 

This version of the NetIQ UNIX Agent product (the UNIX agent) replaces support for the older NetIQ Security Manager with NetIQ Sentinel. This change was made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Sentinel product forums on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

This version of the UNIX agent does not include files required for an AppManager or Security Manager environment. If you need to use the UNIX agent with Security Manager, continue to use the 7.3 version. If you need to use the UNIX agent with AppManager, download that version from the AppManager Suite Product Upgrades page.

The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click Add Comment at the bottom of any page in the HTML version of the documentation posted at the NetIQ Documentation page. To download this product, see the Novell Downloads Web site.

For the most recent technical specifications, see the Technical Information for Security Agent for UNIX website.

What's New?

The following is the key feature provided by this version, as well as issues resolved in this release:

Replaces Security Manager Support with Sentinel Support

This release of the UNIX agent now allows you to use the agent to monitor UNIX and Linux computers in a Sentinel environment. For information about how to install the UNIX agent for a Sentinel environment, see the Sentinel UNIX Agent Installation Guide on the NetIQ Documentation page.

This release of the UNIX agent does not support Security Manager. This release of UNIX Agent Manager allows you to view existing UNIX agents that you have installed for a Security Manager environment, but does not support changing the configuration of the security rules. If you want to maintain older agents for Security Manager, ensure that you also maintain an older version of UNIX Agent Manager so you can change settings when necessary.

Software Fixes

This version includes software fixes that resolve previous issues that occurred when used with other NetIQ products.

Cannot Identify Disk Space on IBM AIX with Workload Partitioning

The UNIX agent no longer reports an Unable to obtain disk space error when you attempt to apply a patch to IBM AIX computers that use Workload Partitioning (WPAR). ENG323237

Cannot Import Extremely Large List of Agents

UNIX Agent Manager no longer has an extremely slow response time when importing more than 500 agents. ENG329423

Return to Top

System Requirements

This release requires one of the following NetIQ products:

  • Sentinel version 7.1

The UNIX agent requires one of following operating systems on the computers you want to monitor:

  • CentOS on x86_32 or x86_64 (32-bit agent): 4, 5, and 6
  • CentOS on x86_64 (64-bit kernel, 32-bit agent): 4, 5, and 6
  • CentOS on Itanium (64-bit kernel, 64-bit agent): 4, 5, and 6
  • IBM AIX on IBM Power (32-bit kernel): 5.3, 6, and 7.1
  • IBM AIX on IBM Power (64-bit kernel, 32-bit agent): 5.3, 6, and 7.1
  • HP-UX on PA-RISC (64-bit kernel): 11.1x, 11iv2, and 11iv3
  • HP-UX on Itanium (64-bit kernel, 64-bit agent): 11iv2 and 11iv3
  • Oracle Linux on x86_32, x86_64, or PowerPC (32-bit agent): 6
  • Oracle Linux on x86_64 or PowerPC (64-bit kernel, 32-bit agent): 6
  • Oracle Linux on Itanium (64-bit kernel, 64-bit agent): 6
  • Oracle Solaris on SPARC (64-bit kernel): 9, 10, and 11
  • Oracle Solaris on x86 (32-bit kernel): 10 and 11
  • Red Hat Advanced Server on x86_32, x86_64, or PowerPC (32-bit agent): 4, 5, and 6
  • Red Hat Advanced Server on x86_64 or PowerPC (64-bit kernel, 32-bit agent): 4, 5, and 6
  • Red Hat Advanced Server on Itanium (64-bit kernel, 64-bit agent): 4, 5, and 6
  • SUSE Linux Enterprise Server on x86, x86_64, or PowerPC (32-bit agent): 9, 10, and 11
  • SUSE Linux Enterprise Server on x86_64 or PowerPC (64-bit kernel, 32-bit agent): 9, 10, and 11

UNIX Agent Manager requires one of the following operating systems:

  • CentOS 6
  • Oracle Linux 6
  • Red Hat Advanced Server 6
  • SUSE Linux Enterprise Server 11
  • Windows 7 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 2008 Server R2
  • Windows 2008 Server (32-bit and 64-bit)
  • Windows 2012 Server

Return to Top

Installing This Version

The following steps provide an overview of how install the UNIX agent:

  1. Install the UNIX Agent Manager Server.
  2. On the computers where you want to monitor agents, install the UNIX Agent Manager Console.
  3. On the UNIX and Linux computers you want to manage using Sentinel, install UNIX agent 7.4.
  4. Using UNIX Agent Manager, deploy the Sentinel security rules to the computers you want to manage using Sentinel.
  5. Install the collector and connector that you need to work with Sentinel.
  6. Begin monitoring using Sentinel.

For more information about installing the UNIX agent and deploying rules, see the Sentinel UNIX Agent Installation and Configuration Guide on the NetIQ Documentation page.

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. You might encounter problems when running security checks that use the following objects and attributes.

  • When you are monitoring uvserv service using the all rule from network rule group, no event is generated when you use the command line to restart the service. (ENG332643)
  • Errors are reported on 64-bit computers running Red Hat Enterprise Linux 6 for system calls that syslog reports as unknown. To work around this issue, manually remove the following system calls from the recommended audit rule on Linux PPC64, LinuxAuditObject_singleton, then restart the auditing system: (ENG319573)
    • -F arch=b32
    • -S openat
    • -S mkdirat
    • -S mknodat
    • -S linkat
    • -S symlinkat
    • -S renameat
    • -S unlinkat
    • -S fork
    • -S vfork
    • -S setreuid32
    • -S fcntl64
    • -S stime
    • -S futimesat
  • The Solaris operating system does not report all information that the btmp event expects for failed logins. Fields, such as logon type, that Solaris reports as EMPTY are left blank in Sentinel. If you are using the btmp event, ensure that the syslogd daemon process is running and configured to get host information populated correctly on btmp events for Solaris agent. (ENG333794)
  • On Linux computers, Sentinel does not report an event for the last record in the audit log. Sentinel reports the event only after another record is added to the audit log. (ENG332796)
  • If syslog is not configured to include facility and severity on HP-UX and Linux computers, Sentinel reports inaccurate facility and severity information. To work around this issue: (ENG333505)
    • On HP-UX, run the syslogd daemon with the -v option.
    • On SUSE, apply a template when you set the destination, which is before you set the source or filters.
    • On Red Hat, create a template to assign the severity and facility when rules are set for logging.
  • When you stop or start the uvserv process, network events report the service name as ontime instead of the correct service name. (ENG333702)
  • When you stop or start the uvserv process, network events report the service name as ontime instead of the correct service name. (ENG333702)
  • Sentinel displays hexadecimal values for foreign language characters that are processed by the UDetect provider. The Udetect provider handles file system policies, file integrity policies, process policies, and mount file system policies. ENG329377
  • Sentinel does not report events from Oracle endpoints that are registered in UNIX Agent Manager using the SYS user account. ENG333864

If you need further assistance with any issue, please contact Technical Support.

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

Return to Top

Legal Notice

Return to Top