SiteProtector SP9 Update - README ===================================================================== Last modified: August 27th, 2012 Copyright © 1994-2012 Internet Security Systems, Inc. All rights reserved worldwide. PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. ===================================================================== CONTENTS ===================================================================== - Description - Compatibility - Applying the Update - Getting the latest Documentation - Customer Support - Reporting product issues - Files included with The Update DESCRIPTION ===================================================================== This is a Cumulative SiteProtector.jar Patch. Please see the list of issues covered below. Cumulative Patch -- 08/27/2012 ========================================= Role file update -------------------------------------------- With the release of Update Server version 2.9.0.1 you may no longer see your Update Server agent listed in the policy tab. This is due to a change in versioning from 2.9 to 2.9.0.1 and stricter versioning required when the patch is applied. This update contains an updated role file that allows the 2.9.0.1 policy to be properly displayed. Cumulative Patch -- 07/23/2012 ========================================= Issue ID 407926 / RTC 16996 / APAR IV25176 -------------------------------------------- In SNMP Central Responses, the name field is populated with the Rule ID instead of the name of the rule. This update allows SNMP Central Responses to use the Rule Name in the name field instead of the Rule ID. This change should make the output of the SNMP name field be the same as previous versions. Issue ID 407852 / RTC 16136 / APAR IV25015 -------------------------------------------- When performing a scheduled analysis export and exporting the data via CSV, the Severity column will be exported as numbers (1, 2, 3) instead of text (High, Medium, Low). This update allows the severity values to be exported as text values. Issue ID 407839 / RTC 16119 / APAR IV25014 -------------------------------------------- When performing a scheduled analysis export, using the additional Filters button in the scheduled analysis export dialog, and selecting a different view from the scheduled analysis view dropdown box, it may be possible for the view to become unselected and the original view to be used instead. This update allows SiteProtector to correctly use the currently selected view from the view dropdown box when also using the additional Filters button in the scheduled analysis export dialog. Issue ID 407915 / RTC 16135 / APAR IV25040 -------------------------------------------- If attempting to view a very large number of agents in the Agent tab (over 65,000 agents) you may receieve a database error when attempting to query the health statuses for the agents due to a limitation in SQL Server. This update adds health status query batching to work around the SQL limitation. Issue ID 27737 / RTC 14166 -------------------------------------------- A console timeout feature was added to enhance the security of the console. When the idle timeout expires the user will be prompted to re-enter their password to continue viewing the console. If you wish to use this feature, it will need to be enabled in the file: \Program Files\ISS\SiteProtector\Console\config\console.xml To enable it, log in and out of the console while this patch is applied, then locate the lockoutTime tag in the base section of the console.xml file and change the enabled flag to "true". For example: The value in this configuration represents the number of minutes before the idle timer expires. Note: the timeout login screen does not support two-factor authentication. Cumulative Patch -- 06/11/2012 ========================================= Issue ID 407869 / APAR IV21380 ------------------------------ This update improves the design of SNMP Central Responses to include OtherParameters and other details if supplied by the sensor and Event Collector. These changes do not affect email responses. These enhancements are complemented by the Central Response Event Collector enhancement update (which populates OtherParameters if the sensor did not). Cumulative Patch -- 03/28/2012 ========================================= Issue ID 407786 / APAR IV17351 ------------------------------ When using email responses that contain attachments (such as in reporting emails that have the report attached), the mime header for the attachment may not be correct. This will not affect most email clients but may cause certain email clients to not display the attachment correctly. This update allows SiteProtector to use the proper mime type for the email attachment. Cumulative Patch -- 03/05/2012 ========================================= Issue ID 407759 / APAR IV15687 ------------------------------ When using the SiteProtector web console with start and end dates the filter dates may reverse when sorting on columns causing the data to not display. This update allows SiteProtector to properly order the filter dates when sorting. Cumulative Patch -- 02/20/2012 ========================================= Issue ID 407750 / APAR IV15407 ------------------------------ When using SNMP Central Responses the UserActionList field, which displays the actions taken on the sensor is no longer populated. This update allows SiteProtector to once again populate that field in the SNMP responses. Cumulative Patch -- 02/14/2012 ========================================= Issue ID 407723 / APAR IZ99927 ------------------------------ When performing a SecureSync export and import, special formatting needs to be applied when exporting certain tables. This update is the second part of a two-part fix for APAR IZ99927. This part specifically fixes the SecureSync export mechanism on the Application Server side. The second part of this fix is posted as a separate database patch. Cumulative Patch -- 01/26/2012 ========================================= Issue ID 407708 / APAR IV12600 ------------------------------ When using Central Responses to send emails, you may see all of the text in the email sent as a single line instead of preserving the newline formatting. This update allows SiteProtector to properly preserve the newlines in Central Response emails. Issue ID 407708 / APAR IV13085 ------------------------------ When using the analysis view and setting columns to custom widths, the custom widths may be lost after refreshing the view. This update allows SiteProtector to properly save the column widths in the analysis view even after refreshing the tab. ========================================= To resolve this, follow the steps to replace files in the APPLYING THE UPDATE section carefully. Be sure to read any notes on individual fixes. MD5 for the files included in this update: - c62383feb25e87fb397560535741ae26 SiteProtector.jar - 464646fb2310b059a17add1d381a7350 responseAttributes.xml - ad14d7637737cc6ff89c5dc01922f420 createRulesDefinition.xsl - 6b5280ebc6f30b5b1ed8d4455091284f UpdateServer.xml Build Number: 2.9.0.0.237 COMPATIBILITY ===================================================================== This update is applicable only to: - SiteProtector 2.0 (SP9) APPLYING THE UPDATE ===================================================================== To apply the update: Step 1 - Close out all SiteProtector consoles. Step 2 - On the Application Server, stop the three SiteProtector services: SiteProtector Application Server Service SiteProtector Sensor Controller Service SiteProtector Web Server Step 3 - Put the SiteProtector.jar file in the following location on all Consoles. Be sure to backup the original files first. \Program Files\ISS\SiteProtector\Console\bin\ Step 4 - Put the SiteProtector.jar file in the following locations on the Application Server. Be sure to backup the original files first. \Program Files\ISS\SiteProtector\Application Server\bin\ \Program Files\ISS\SiteProtector\Application Server\deployed-apps\iss\SiteProtector.ear\lib\ Warning: Never place back up files in the deployment directories. Step 5 - Put the updated UpdateServer.xml role file in the following location on the Application Server. Be sure to backup the original file first. \Program Files\ISS\Schemas\cml\SiteProtector\sensorType28\UpdateServer.xml Warning: Do not backup the file anywhere in the Schema directories. Step 6 - If you wish to use the SNMP Central Response enhancements, put the responseAttributes.xml file in the following location on the Application Server. Be sure to backup the original file first. \Program Files\ISS\Schemas\cml\SiteProtector\CentralAlerting\ Step 7 - If you need the Central Response rule name in SNMP responses put the createRulesDefinition.xsl file in the following location on the Application Server. Be sure to backup the original file first. \Program Files\ISS\Schemas\cml\SiteProtector\CentralAlerting\ Step 8 - If you wish to use the SNMP Central Response enhancements, delete the following file on the Application Server machine to force it to regenerate: \Program Files\ISS\SiteProtector\Application Server\temp\CentralResponseServer\CAPolicy.xml Alternatively any edit to the Central Response policy will cause it to regenerate. Step 9 - On the Application Server, start the three SiteProtector services back up: SiteProtector Application Server Service SiteProtector Sensor Controller Service SiteProtector Web Server Note: When backing up files it is recommended to use a directory that's separate from the SiteProtector directory structure. If you feel the need to remove the patch at a later date, the original files can be restored using the same process. GETTING THE LATEST DOCUMENTATION ===================================================================== For the latest version of the SiteProtector Readme file, go to the IBM Security download center: https://webapp.iss.net/myiss/login.jsp?action=download For the latest version of the product documentation, go to the IBM Security Product Information Center: http://publib.boulder.ibm.com/infocenter/sprotect/v2r8m0/index.jsp CONTACT IBM SUPPORT WORLDWIDE ===================================================================== IBM Security offers a variety of contact options. To view these options, please visit the IBM Support Portal: http://www.ibm.com/support/entry/portal INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES ===================================================================== If you encounter a problem with this product, please make notes that are as detailed as possible about the following: - Component and Build versions - Specific failure symptoms or undesirable behavior This information helps us reproduce the problem and resolve it as quickly as possible. FILES INCLUDED ===================================================================== - SiteProtector.jar - responseAttributes.xml - createRulesDefinition.xsl - UpdateServer.xml ===================================================================== =====================================================================