Readme File for IBM® Platform Symphony 7.1 Interim Fix 458079
Readme
file for: IBM Platform Symphony
Product/Component Release: 7.1 Fix Pack 1
Update Name: Interim Fix 458079
Fix ID: sym-7.1-build458079
Publication date: July 10, 2017
This interim fix provides instructions on
upgrading the Apache Tomcat version from v6.0.43 to v7.0.78 in IBM Platform
Symphony 7.1 Fix Pack 1 in order to address multiple security vulnerabilities
in Tomcat (CVE-2017-5647, CVE-2017-5648, and CVE-2017-5651).
Contents
1. List of fixes
2.
Download location
3. Scope
4.
Installation and
configuration
5.
List of files
6.
Copyright and trademark
information
1. List of fixes
APAR:
P102279
2. Download location
3. Scope
Before you install this update in your cluster,
note the following requirements:
Applicability |
|
Operating systems |
Linux2.6-glibc2.3-x86_64 |
Product version |
IBM Platform Symphony 7.1 Fix Pack 1 |
Cluster type |
Single
grid cluster |
4. Installation and configuration
Follow the instructions
in this section to download and install this update in your cluster.
System requirements
Linux
x86_64 hosts
File
name |
Description |
sym7.1_lnx26-lib23-x64_build458079.tar.gz |
Package for Linux
management hosts in a 7.1 Fix Pack 1 cluster. |
Before installation
1.
Log on to the master host as the cluster administrator and stop the WEBGUI service:
> source
$EGO_TOP/cshrc.platform
> egosh service stop WEBGUI
2.
For recovery purposes, back up the following files:
On each management host in a Platform Symphony 7.1 Fix Pack 1 cluster,
back up:
$EGO_TOP/gui/3.1/tomcat/
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
Installation
1.
Copy the apache-tomcat-7.0.78.tar.gz
package to a temporary folder and decompress the file:
> cp apache-tomcat-7.0.78.tar.gz /tmp
> tar -zxvf apache-tomcat-7.0.78.tar.gz
> rm -rf apache-tomcat-7.0.78/conf/
> rm -rf apache-tomcat-7.0.78/work/
> rm -rf apache-tomcat-7.0.78/logs/
2. Copy the Tomcat folder to each management host:
> rm -rf $EGO_TOP/gui/3.1/tomcat
> cp -rf apache-tomcat-7.0.78 $EGO_TOP/gui/3.1/tomcat
3. On each management host, copy the sym7.1_lnx26-lib23-x64_build458079.tar.gz package and decompress it:
> tar zxfo sym7.1_lnx26-lib23-x64_build458079.tar.gz -C $EGO_TOP
a.
If you ran
the ¡°egoconfig mghost shared_dir¡± command during installation to set up a shared
location for configuration files, ensure that the configuration file is changed
in the shared directory:
> cp $EGO_TOP/gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.policy
> cp
$EGO_TOP/gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/catalina.properties
> cp $EGO_TOP/gui/conf/server.xml
$EGO_CONFDIR/../../gui/conf/server.xml
b.
If you
modified the server.xml configuration file for details such as the GUI service port, manually
redo those changes:
$EGO_CONFDIR/../../gui/conf/server.xml
4. Edit the web.xml files to add the following configuration:
a. Edit each of the following files:
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
b. Find the ¡°<servlet-name>dwr-invoker</servlet-name>¡± line in the ¡°</servlet>¡± section.
c. Add the following configuration:
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
For example:
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
After installation
1. On each management host, delete all subdirectories and
files in the following directory:
> rm -rf $EGO_TOP/gui/work/*
2. On all client hosts, open your web browser and clear
the browser cache.
3. Start the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh service start WEBGUI
4.
In the $EGO_TOP/gui/logs/catalina.out file, check whether the GUI start version indicates version 7.0.78:
INFO: Starting Servlet Engine: Apache Tomcat/7.0.78
Uninstallation (if required)
1.
Log on to the master host as the cluster administrator and stop the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh service stop WEBGUI
2.
Restore the backup files:
a.
Remove the Tomcat folder from management hosts, which was
introduced by this fix:
> rm -rf $EGO_TOP/gui/3.1/tomcat
b.
On each
management host, restore the following folders and files from your backup:
$EGO_TOP/gui/3.1/tomcat
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
3. On each management host, delete all
subdirectories and files in the following directory:
> rm -rf $EGO_TOP/gui/work/*
4. On all client hosts, open your web browser and clear
the browser cache.
5. Start the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh service start WEBGUI
5. List of files
gui/conf/catalina.policy
gui/conf/catalina.properties
gui/conf/server.xml
catalina.sh
6. Copyright and trademark information
© Copyright IBM Corporation 2017
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.