Readme File
for IBM® Platform Symphony 7.1 Fix Pack 1 Interim Fix 491553
Readme file for: IBM Platform Symphony
Product/Component
Release:
7.1 Fix Pack 1
Update Name: Interim Fix 491553
Fix ID: sym-build491553
Publication date: May 18, 2018
This interim fix provides instructions on upgrading Apache Tomcat
from v6.0.43 to v8.5.31 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address a security vulnerability in Tomcat
(CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304).
Contents
1.
List of fixes
2. Download
location
3.
Scope
4. Installation
and configuration
5. List of
files
6. Copyright
and trademark information
1.
List of fixes
APAR: P102398
2.
Download location
3.
Scope
Before you
install this update in your cluster, note the following requirements:
|
Applicability |
|
|
Operating systems |
Linux2.6-glibc2.3-x86_64 |
|
Product version |
IBM Platform Symphony
7.1 Fix Pack 1 |
|
Cluster type |
Single
grid cluster |
4.
Installation and configuration
Follow
the instructions in this section to download and install this update in your
cluster.
System requirements
Linux x86_64 hosts
|
File
name |
Description |
|
sym7.1_lnx26-lib23-x64_build491553.tar.gz |
Package for
Linux management hosts in a 7.1 Fix Pack 1 cluster. |
Installation
Before installation
1. Log on to the master host as the cluster administrator
and stop the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh
service stop WEBGUI
2. Log on to each management host in the cluster and back up the following
files for recovery purposes:
$EGO_TOP/gui/3.1/tomcat/
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
Installation
1. Copy
the apache-tomcat-8.5.31.tar.gz
package to a temporary folder and decompress the file:
> cp apache-tomcat-8.5.31.tar.gz /tmp
> tar zxvf
apache-tomcat-8.5.31.tar.gz
> rm -rf
apache-tomcat-8.5.31/conf/
> rm -rf
apache-tomcat-8.5.31/work/
> rm -rf
apache-tomcat-8.5.31/logs/
2.
Copy the Tomcat folder:
> rm -rf $EGO_TOP/gui/3.1/tomcat
> cp -rf apache-tomcat-8.5.31 $EGO_TOP/gui/3.1/tomcat
3.
Copy the sym7.1_lnx26-lib23-x64_build491553.tar.gz
package and decompress it:
> tar zxfo sym7.1_lnx26-lib23-x64_build491553.tar.gz -C $EGO_TOP
a. If
you ran the “egoconfig mghost shared_dir” command during installation to
set up a shared location for configuration files, ensure that the configuration
file is changed in the shared directory:
> cp $EGO_TOP/gui/conf/catalina.policy $EGO_CONFDIR/../../gui/conf/catalina.policy
> cp $EGO_TOP/gui/conf/catalina.properties $EGO_CONFDIR/../../gui/conf/catalina.properties
> cp $EGO_TOP/gui/conf/server.xml
$EGO_CONFDIR/../../gui/conf/server.xml
b. If
you modified the server.xml configuration file for
details such as the GUI service port, manually redo those changes:
$EGO_CONFDIR/../../gui/conf/server.xml
4.
Edit the web.xml
files to add the following configuration:
a.
Edit each of the following files:
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
b.
Find the “<servlet-name>dwr-invoker</servlet-name>” line in
the “</servlet>” section and add the following
configuration:
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
For example:
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
After installation
1.
On each management host, delete all
subdirectories and files in the following directory:
>
rm -rf $EGO_TOP/gui/work/*
2.
On all client hosts, open your web
browser and clear the browser cache.
3.
Start the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh
service start WEBGUI
4. In
the $EGO_TOP/gui/logs/catalina.out
file, check whether the GUI version indicates version 8.5.31:
INFO: Server version:
Apache Tomcat/8.5.31
Uninstallation (if required)
Follow the instructions
in this section to uninstall this update in your cluster, if required.
1. Log on to the master host as the cluster administrator
and stop the WEBGUI service:
> source
$EGO_TOP/cshrc.platform
> egosh
service stop WEBGUI
2. On each management host, restore the backup files:
a. Remove the Tomcat folder, which was introduced by this
interim fix:
> rm -rf $EGO_TOP/gui/3.1/tomcat
b. Restore
the following folders and files from your backup:
$EGO_TOP/gui/3.1/tomcat
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/3.1/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/soamgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
3.
Delete all
subdirectories and files in the following directory:
> rm -rf $EGO_TOP/gui/work/*
4.
On all client hosts, open your web
browser and clear the browser cache.
5.
Start the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh
service start WEBGUI
5.
List of files
gui/conf/catalina.policy
gui/conf/catalina.properties
gui/conf/server.xml
gui/$EGO_VERSION/tomcat/bin/catalina.sh
6.
Copyright and trademark information
© Copyright IBM
Corporation 2018
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com_ are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.