Sentinel 6.1.0.0 Service Pack 1
This document (5046500) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
| File | Product | Status | Patch |
|---|---|---|---|
| 2008-12-24_SENTINEL_6.1.0.20_HOTFIX_01.zip | Sentinel 6.1 | Obsolete | Sentinel 6.1.0.20 Hotfix 01 |
patches that supersede this patch
patch attributes
document
abstract
This Service Pack will apply the latest software fixes and enhancements to an existing installation of Sentinel 6.1, including the updates in Sentinel 6.1 Hotfix 1 (6.1.0.1). Sentinel 6.1 must already be installed before applying this Service Pack.
details
Overview:
The information in this Release Note file pertains to Novell Sentinel 6.1.1.0, which provides a real-time, holistic view of security and compliance activities, while helping customers monitor, report, and respond automatically to network events across the enterprise.
This Service Pack will apply the latest software fixes and enhancements to an existing installation of Sentinel 6.1, including the updates in Sentinel 6.1 Hotfix 1 (6.1.0.1). Sentinel 6.1 must already be installed before applying this Service Pack.
The Service Pack must be installed on all existing Sentinel 6.1 installation machines, client and server. This includes machines with Sentinel Server the Correlation Engine, Sentinel Database, Collector Manager, Sentinel Control Center, Collector Builder, and Sentinel Data Manager.
This Service Pack is mandatory for all users who subscribe to the Advisor data service.
System Requirements:
If Sentinel is not yet installed, it must be installed using the Sentinel 6.1.0.0 installer. Please see the Sentinel Installation Guide for instructions.
Sentinel 5.x is installed, it must be upgraded to Sentinel 6.1.0.0 using the upgrade installer.
Please see the Patch Installation Guide for instructions.
Sentinel 4.x is installed, Sentinel 6.1.0.0 must be installed using the Sentinel 6.1.0.0 installer. Some data can be migrated to the Sentinel 6.1.0.0 installation. Please see the Patch Installation Guide for instructions.
The full product documentation and the most recent version of this file are available at the Novell
Sentinel Documentation Web site http://www.novell.com/documentation/sentinel61.
New Features in Sentinel 6.1:
This section explains the new features available in Sentinel 6.1.
Section 2.1, "New Features in Sentinel 6.1.1.0"
Section 2.2, "New Features in Sentinel 6.1 Hotfix 1"
2.1 New Features in Sentinel 6.1.1.0
Sentinel 6.1.1.0 is a maintenance release for Sentinel 6.1. In addition to bug fixes, it contains enhanced Advisor feature.
2.1.1 Advisor update
The 6.1.1.0 service pack installer deletes the old Advisor data, which has erroneous Advisor mappings, and enables you to start downloading the new Advisor data. With the Sentinel 6.1.1.0 release, the existing Advisor download URL will be redirected to a server containing the new Advisor data. In order to continue to receive automatic updates of the latest Advisor data, you need to upgrade to Sentinel 6.1.1.0.
2.2 New Features in Sentinel 6.1 Hotfix 1
This section lists the features available in Sentinel 6.1 Hotfix 1 Release. AUDIT_RECORD Table Partitioning - The AUDIT_RECORD table is configured for partitioning and archiving for better table management. Customizing Data and Time Format in Sentinel Control Center - This feature gives the ability to customize the date/time format that is displayed in event tables in SCC. These event tables are the ones seen in Active Views, Historical Event Query, Offline Query, etc. By default, the date/time format will be based on the locale of the machine running SCC; however, the user can override this default by adding a property to the SentinelPreferences.properties file found in $ESEC_HOME/config.
Prerequisites:
The prerequisites depend on the Sentinel system version and platform. Read each section below carefully to determine whether the steps apply to your environment.
Back Up Sentinel System
This prerequisite applies to all Sentinel systems, regardless of version or platform. It is highly recommended that a complete backup be made of the machines on which you are installing the service pack, including the Sentinel database. If this is not possible, then at a minimum a backup of the contents of the ESEC_HOME directory should be made. This will help protect your system against unexpected installation errors.
Back Up AUDIT_RECORD Table:
This prerequisite is not necessary if you have already applied Sentinel 6.1 Hotfix 1 (6.1.0.1). It is necessary if Hotfix 1 has not been applied yet.
Starting with Sentinel 6.1 Hotfix 1, the AUDIT_RECORD table, which contains internal audit events for the Sentinel system, is configured for partitioning and archiving for better table management. Because the existing table is not partitioned or archived, the PatchDB script may fail if the AUDIT_RECORD table is too large relative to the amount of temporary tablespace available. There are two approaches to ensure the PatchDB script runs successfully, depending on whether it is critical to your organization to preserve the data in the AUDIT_RECORD table.
If the AUDIT_RECORD data is not important, truncate the AUDIT_RECORD table using the following SQL command:
TRUNCATE TABLE AUDIT_RECORD
If the AUDIT_RECORD data is important and needs to be preserved, add more space to the temporary tablespace. The amount of space to be added depends on your environment; consult your Database Administrator (DBA) for adequate settings.
Installation:
The instructions provided in this section are for installing Sentinel 6.1.1.0 Service Pack only. This Service Pack can be run against an existing installation of Sentinel 6.1.
Follow the below listed instructions to install the Service Pack for software and database:
1 Login to any machine which has Sentinel installed.
On Linux/Solaris, log in as root.
On Windows Vista, log in as any user unless User Access Control is disabled. If User Access Control is disabled, you must log in as an Administrator.
On other (non-Vista) Windows systems, log in as an Administrator.
2 Verify that the environment variables for Sentinel are set by running one of the following commands:
On Linux/Solaris, echo $ESEC_HOME
On Windows, echo %ESEC_HOME%
3 Extract the Service Pack zip file.
4 Close all Sentinel applications running on this machine, including:
Sentinel Control Center
Sentinel Collector Builder
Sentinel Data Manager
Solution Designer
5 Shut down the Sentinel services running on this machine:
On Windows, use Windows Service Manager to stop the "Sentinel" services.
On Linux/Solaris, run $ESEC_HOME/bin/sentinel.sh stop
6 Open a command prompt. For most Windows systems and Linux/Solaris, you can use any method to open the prompt. For Windows Vista, you must open the command prompt as an administrator using the following instructions.
6a Go to Start > All Programs > Accessories.
6b Right-click Command Prompt and select Run as administrator.
6c If User Access Control is enabled and you are logged in as a user with administrator privileges, a User Access Control window appears to notify you that "Windows needs your permission to continue".
6d Click Continue. If you are logged in as a user without administrative privileges, you will be prompted to authenticate as an administrative user.
7 On the command line, return to the extracted Service Pack top level directory and run the service_pack script to start the Service Pack installer:
On Windows: .\service_pack.bat
On Unix: ./service_pack.sh
8 Press the
9 After the installation completes, log out and log back in to apply environmental variable changes.
10 Repeat the above steps on every machine with Sentinel software installed. This is required for all machines with any Sentinel software, including both Sentinel server and client software.
11 Restart the Sentinel services on all machines:
On Windows, use Windows Service Manager to start the "Sentinel" services.
On *NIX, run $ESEC_HOME/bin/sentinel.sh start
12 This Service Pack also contains a mandatory patch for the Sentinel Database. Apply the database patch by performing the appropriate steps in the section below for the database platform you are using.
Sentinel Database Patch Installation
In addition to patching the Sentinel components, you must run a script to patch the database. The instructions are different depending on which database you have.
Sentinel Database Patch Installation on Oracle:
There are several prerequisites for applying the Oracle database patch. The machine and account from which the database patch is run must meet the following requirements:
User has the Oracle client application sqlplus in its PATH.
User has the environment variable ORACLE_HOME set to the directory where the Oracle software is installed.
User must be a member of the Oracle "dba" group.
User has the Java 1.5 executable java in its PATH.
TIP: The easiest way to apply the patch is to run the PatchDB script directly on the database server machine after logging in as a user that meets the requirements above. However, in some environments, local policies prohibit this (for example, you cannot install Java on the database server).In this situation, the script can be run from any other machine that meets the requirements stated above. Any Sentinel 6.1 machine will already have the necessary version of Java, but the default Java installation done by Sentinel does not allow the oracle user access to the $ESEC_HOME/jre directory. You can add the Oracle user to the esec group (for example, groupmod -A oracle esec), temporarily modify the permissions on the directory (for example, chown -R oracle $ESEC_HOME/jre), or install a second instance of Java. If using a non-Sentinel machine, the Java version and PATH variable settings can be verified by running the java -version command from a command line:
If necessary, the PATH environment variable can be updated to include the java installation directory, for example:
export PATH=/opt/novell/sentinel6/jre/bin:$PATH
If Java is not installed on the non-Sentinel machine, the correct Java version [Java Runtime Environment (JRE) 5.0] can be downloaded from the Sun Web site http://java.sun.com/javase/downloads/index_jdk5.jsp.
After the prerequisites are met, use the following instructions to apply the database patch.
1 Log in to the database server or another machine with connectivity to the Sentinel Database as a user who meets the above installation prerequisites.
2 Verify that your machine meets the Java prerequisites.
3 Extract the Service Pack zip file.
4 On the command line, go into the Service Pack top level directory that was just extracted.
5 Change directories to the following directory under extracted top level directory:
db_patch/bin
6 Enter the ./PatchDb.sh command.
7 Follow the prompts and enter the following information:
Hostname or static IP address of the Oracle Sentinel Database that you want to patch.
Port number of the Oracle Sentinel Database that you want to patch.
Database net service name.
Database service name of the Oracle Sentinel Database that you want to patch.
esecdba user password.
After you press Enter the final time, the script verifies the entered information and begins the database patch.
8 After the script is done applying the patch, check for any errors. If there are no errors, you are done with the Sentinel Database patch. If there are errors, resolve the errors and re-run the PatchDb utility.
9 Restart the Sentinel services on all machines:
On Windows, use Windows Service Manager to start the "Sentinel" services.
On *NIX, run $ESEC_HOME/bin/sentinel.sh start
Sentinel Database Patch Installation on SQL Server:
The following steps must be performed on the machine with a Microsoft SQL Server database to prepare the database for 6.1.1.0. There is one main patch script for SQL Server (PatchDb.bat).
There are several prerequisites for applying the SQL Server patch.
The patch must be copied to the machine that is running the Sentinel database.
The patch must be run by using the Sentinel Database User credentials, or esecdba if you are using SQL Authentication.
The user has the Java 1.5 executable as the PATH variable.
If you are using a machine that does not have Sentinel installed on it, run the following command to verify the Java version and PATH variable settings:
java -version
If Java is not installed on the non-Sentinel machine, the correct Java version [Java Runtime Environment (JRE) 5.0] can be downloaded from the Sun Web site http://java.sun.com/javase/downloads/index_jdk5.jsp
Use the appropriate instructions depending on whether the database uses Windows authentication or SQL Server authentication.
Installing Database Patch with Windows Authentication:
To install the database patch with Windows authentication, you need the credentials for the Sentinel Database User.
1 Log into the database machine as the Windows Domain user who is the Sentinel Database User.
2 Shut down the Sentinel Server processes (if this has not already been done).
3 Extract the Service Pack zip file (if this has not already been done).
4 Open a command prompt.
5 Change directories to the following directory under the extracted Service Pack directory:
db_patch\bin
6 Enter the .\PatchDb.bat command.
7 Follow the prompts and enter the following information:
Hostname or static IP address of the SQL Server Sentinel Database machine.
SQL Server Database instance name, if any.
Port number of the SQL Server database.
Name of the SQL Server database to patch (ESEC by default).
1 for the Windows Authentication option.
After you press Enter the final time, the script verifies the entered information and proceeds if authentication is successful.
8 After the script has done applying the patch, check for any errors. If there are errors, resolve the errors and re-run the PatchDb utility.
9 After the patch runs with no errors, "Sentinel" services should be restarted.
Installing Database Patch with SQL Server Authentication
To install the database patch with SQL Server authentication, you need the credentials for the Sentinel Database User.
1 Log into the database machine as the Windows Domain user who is the Sentinel Database User.
2 Shut down the Sentinel Server processes (if this has not already been done).
3 Extract the Service Pack zip file (if this has not already been done).
4 Open a command prompt.
5 Change directories to the following directory under the extracted directory:
db_patch\bin
6 Enter the .\PatchDb.bat command.
7 Follow the prompts and enter the following information:
Hostname or static IP address of the SQL Server Sentinel Database machine.
SQL Server Database instance name, if any.
Port number of the SQL Server database.
Name of the SQL Server database to patch (ESEC by default).
2 for the SQL Authentication option.
esecdba user password.
After you press Enter the final time, the script verifies the entered information and proceeds if authentication is successful.
8 After the script is done applying the patch, check for any errors. If there are errors, resolve the errors and re-run the PatchDb utility.
9 After the patch runs with no errors, "Sentinel" services should be restarted.
Post-Installation:
After running the installer, some additional updates may be necessary.
By default, the Sentinel Control Center (SCC) uses a date and time format that is appropriate for the locale for which the Sentinel Control Center is configured, but that default can be overridden. For formatting details on customizing the date and time format in event field in Sentinel Control Center, see the Java Web site http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html.
1 Edit the SentinelPreferences.properties file.
On Windows:
%ESEC_HOME%\config\SentinelPreferences.properties
On *NIX:$ESEC_HOME/config/SentinelPreferences.properties
2 Uncomment the following line and modify to customize date and time format for Sentinel Control Center event date/time fields.
com.eSecurity.Sentinel.event.datetimeformat=yyyy-MM-dd'T'HH:mm:ss.SSSZ
Defects Fixed in Sentinel 6.1 Release
This section lists the defects fixed in the Sentinel 6.1 Hotfix 1 and Sentinel 6..1.1.0 Release.
Defects Fixed in Sentinel 6.1.1.0 Release
452478 and 452476 Issue: Advisor server is not downloading the latest CVE.
FIXED: Data quality issues in the Advisor data feed have been fixed to provide more complete data and more accurate CVE information.
452473 Issue: Advisor feed failed to be processed by the client.
FIXED: Advisor data feed have been fixed to provide complete data.
451602 Issue: Cannot reliably download feed files.
FIXED: Improved error handling of corrupted file downloads in Advisor.
451723 Issue: A manual clean up of the partially downloaded file is required, If the Advisor download is interrupted in the middle (like downloading partial feed file).
FIXED: Partial or corrupted feed files are re-downloaded by Advisor client and all feed files will be then processed.
451601 Issue: Cannot reliably download feed files.
FIXED: Partial or corrupted feed files are re-downloaded by Advisor client and all feed files will be then processed.
Performance enhancements
465935 Issue: Slow performance when querying mssql.
FIXED: The file jtdsoverride.properties has been added, which contains JDBC driver properties that increase query performance on SQL Server. This properties file is only enabled in the configuration.xml file when using SQL Server. This fix does not affect Oracle.
463818 Issue: Sentinel Control Center (SCC) User Preferences time-out setting configurable.
FIXED: A configurable setting has been added to SentinelPreferences.properties to set the user references load time-out in milliseconds. Increasing this value will fix login time-out issues over slow connections. This file includes comments with more information.
452093 Issue: Improve the performance of repeated javascript action execution.
FIXED: Javascript actions are cached to improve performance.
452092 Issue: Improve the metadata manager performance for mapping and event transformations.
FIXED: Performance improvements have been added to the mapping service.
470664 Issue: HIST_EVENTS view is not updated when archived partition is imported back to database.
FIXED: The HIST_EVENTS view is updated with the data from the imported partitions.
468193 Issue: Imported archived partitions are unsearchable.
FIXED: The HIST_EVENTS SQL Server database view did not include data imported from archived event files. Therefore, imported data did not show up in reports. The stored procedure that generates the database view has been fixed so imported data is available in these scenarios.
NOTE: The event data will still not show up in Historical Query or Offline Query.
Defects Fixed in Sentinel 6.1 Hotfix 1
This lists the defects fixed in the Sentinel 6.1 Hotfix 1 Release.
474567 Issue: javascripts end mail action only substitutes replacement strings on first execution of action.
FIXED: Variable inputs to JavaScript plugin actions retained the variable input from the first correlated event to trigger the action. The action framework has been fixed to correctly accept variable input from all correlated events.
468118 Issue: Emailing large report results takes a very long time.
FIXED: Errors sending email with large attachments (for example, incidents with associated data) have been resolved.
468130 Issue: Intermittent unique constraint violation on EVENTS table, particularly during startup. Improper shutdown resulted in attempts to insert duplicate events into the database, which resulted in the message
"ERROR: duplicate key value violates unique constraint 'events_p_[date]_events_p_max_pk'"
FIXED: Duplicate events are cleared from the buffer and no errors are generated.
452471 Issue: Collector debugger Upload function does not properly update the Package object of the Plugin object store in the DB.
FIXED: Uploading a Collector through the Collector debugging interface properly loads information from the Collector's package.xml file.
452112 Issue: Instructions are needed to verify that Advisor and exploit detection are working from start to finish.
FIXED: Advisor is now working properly. A section has been added to the "Testing the Installation" chapter of the Installation Guide to describe how to test Advisor.
475280 Issue: Active Views does not work properly if client time is not in sync with server time.
FIXED: Client will now properly sync with server time.
SEN-8471 Issue: Moving through raw data tap events with keyboard does not update details in lower half of window.
Fixed. Raw data tap now updates correctly.
SEN-8467 Issue: Sentinel Data Manager login screen hangs up throwing exception if any table space (used,free,total) exceeds 2,147,483,647 MB.
Fixed. SDM login works properly.
SEN-8032 Issue: Sentinel Data Manager does not work with [enter] key to login.
Fixed. SDM now work with [enter] key to login.
SEN-8113 Issue: Selecting checkboxes in Dynamic List inconsistent.
Fixed. Selecting checkboxes in Dynamic List now are consistent.
SEN-8080 Issue: Sentinel Data Manager "History Status" window is limited in size.
Fixed. Provided text area with scrollbar so that lengthy messages can be displayed.
SEN-7947 Issue: Moving through raw data tap events with keyboard does not update details in lower half of window.
Fixed. Details are updated properly.
SEN-7156 Issue: Offline Query doesn't stop its execution when the "Stop" link is clicked.
Fixed. Offline Query now stops properly.
SEN-8501 Issue: Correlation Engine errors when running JavaScript.
Fixed. Correlation Engine work properly.
SEN-8463 Issue: Cannot debug JS correlation actions that create incidents.
Fixed. Debugging JS correlation actions work properly.
SEN-8440 Issue: Linux environment variables should not be set directly in /etc/profile.
Fixed. Linux environment variables are moved to /etc/profile.d/
SEN-8210 Issue: Sentinel Data Manager (SDM) does not ever finish loading when it encounters an error from the database.
Fixed. SDM finishes loading properly.
SEN-8039 Issue: PatchDB fails on non-English install.
Fixed. PatchDB now installs on non-English system properly.
SEN-7062 Issue: Customer would like to customize the way date/time is formatted in event tables.
Fixed. Please follow the following manual steps to take advantage of this feature. To customize date and time format in event time stamp fields in the Sentinel Control Center and related exports to .csv or .html files, modify %ESEC_HOME%\config\SentinelPreferences.properties on Windows, $ESEC_HOME/config/SentinelPreferences.properties on Solaris and Linux to the format you desire. Uncomment the following line in the file:
#com.eSecurity.Sentinel.event.datetimeformat=yyyy-MM-dd'T'HH:mm:ss.SSSZ
The date and time format can be modified using the formatting information on the following web page: Class SimpleDateFormat http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html
By default, the Sentinel Control Center will use a pattern appropriate for the locale for which it is configured. This property gives the user the ability to override this default.
DAT-366 Issue: Inability to manage SENT_AUDITD tablespace probably causing Sentinel to lock up.
Fixed. Perform partitioning and archiving of data in the SENT_AUDITD tablespace.
Known Issues in Sentinel 6.1.1.0 Release
DAT-375 Issue: PatchDB fails when Audit Record table is large. When AUDIT_RECORD table is large, there might not be enough of temporary table space available to constraints in order to support AUDIT_TABLE partition management.
change log
Adding the java requirement for the PatchDb.bat to execute on a non-sentinel install (Database only Machine.)
file contents
| Files Included | Size | Date |
|---|---|---|
| 2009-03-17_SENTINEL_6.1.1.0.zip | 63.1 MB (66213477) | 2009-04-01 13:08:48 |
| readme_5046500.html | N/A | 2010-01-14 11:28:17 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.