Readme File for IBM^® Spectrum Symphony 7.2.0.2 Interim Fix 495134

Readme File for: IBM Spectrum Symphony

Product Release: 7.2.0.2

Update Name: Interim Fix 495134

Fix ID: sym-7.2.0.2_x86_64-build495134

Publication Date: July 20, 2018

This interim fix provides a resolution to prevent Arbitrary File Reads from the cluster management console in IBM Spectrum Symphony 7.2.0.2.

Contents

1. List of fixes

2. Download location

3. Product and components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7. Copyright and trademark information

1.     List of fixes

APAR: P102505

2.     Download location

Download interim fix 495134 from the following location: https://www.ibm.com/eserver/support/fixes/

3.     Product and components affected

Component name, Platform, Fix ID:                                                  

PMC, Linux x86_64, sym-7.2.0.2_x86_64-build495134

4.     Installation and configuration

Follow the instructions in this section to download and install this interim fix in your cluster.

System requirements

Linux x86_64

Before installation

a.      Log on to the master host as the cluster administrator and stop the WEBGUI service:

$ egosh user logon -u Admin -x Admin

$ egosh service stop WEBGUI

b.      For recovery purposes, log on to each management host as the cluster administrator and back up the following files:

$EGO_TOP/gui/3.6/lib/egogui.jar

$EGO_TOP/gui/3.6/lib/rest-ego-3.6.0.jar

c.      Download the sym-7.2.0.2_x86_64-build495134.tar.gz file.

Installation

a.      Log on to each management host in your cluster as the cluster administrator and decompress the sym-7.2.0.2_x86_64-build495134.tar.gz file to the top-level installation directory. For example, enter:

$ tar zxfo sym-7.2.0.2_x86_64-build495134.tar.gz -C $EGO_TOP/

b.      Delete all subdirectories and files from the following directories:

$ rm -rf $EGO_TOP/gui/work/*

$ rm -rf $EGO_TOP/gui/workarea/*

$ rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*

c.      Open the $EGO_CONFDIR/../../gui/conf/pmcconf/pmc_conf_ego.xml file and check that the following parameters are configured to restrict log retrieval to a whitelist of directories for the host. Add them if they are not configured:

<Parameter>
   <Name>RestrictHostLogRetrieve</Name>
      <!-- This parameter restricts retrieving logs for a host. -->
      <!-- Valid values are true or false. By default, this parameter is false, so that there is no restriction: all logs from any directory can be retrieved. -->
      <Value>true</Value>
</Parameter>

<Parameter>
    <Name>WhitelistLogsDir</Name>
       <!--This parameter takes effect only when the RestrictHostLogRetrieve parameter is set to true. -->
       <!--This parameter allows you to define the specific directories from which logs can be retrieved for a host. -->
       <!--Define any number of directories as required, separating multiple directories by a semicolon (";"). -->
       <Value>${SOAM_HOME};${EGO_TOP}</Value>
</Parameter>

d.      Clear your browser cache.

e.      Start the WEBGUI service:

$ egosh service start WEBGUI

5.     Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from your cluster.

a.         Log on to the master host as the cluster administrator and stop the WEBGUI service:

$ egosh user logon -u Admin -x Admin

$ egosh service stop WEBGUI

b.         Log on to each management host in the cluster as the cluster administrator and restore your backup for the following files:

$EGO_TOP/gui/3.6/lib/egogui.jar

$EGO_TOP/gui/3.6/lib/rest-ego-3.6.0.jar

c.         Delete all subdirectories and files from the following directories:

$ rm -rf $EGO_TOP/gui/work/*

$ rm -rf $EGO_TOP/gui/workarea/*

$ rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*

d.         Open the $EGO_CONFDIR/../../gui/conf/pmcconf/pmc_conf_ego.xml file and remove the following parameters:
<Parameter>
   <Name>RestrictHostLogRetrieve</Name>
      <!-- This parameter restricts retrieving logs for a host. -->
      <!-- Valid values are true or false. By default, this parameter is false, so that there is no restriction: all logs from any directory can be retrieved. -->
      <Value>true</Value>
</Parameter>
<Parameter>
    <Name>WhitelistLogsDir</Name>
       <!--This parameter takes effect only when the RestrictHostLogRetrieve parameter is set to true. -->
       <!--This parameter allows you to define the specific directories from which logs can be retrieved for a host. -->
       <!--Define any number of directories as required, separating multiple directories by a semicolon (";"). -->
       <Value>${SOAM_HOME};${EGO_TOP}</Value>
</Parameter>

e.         Clear your browser cache.

f.           Start the WEBGUI service:

$ egosh service start WEBGUI

6.     List of files

gui/3.6/lib/egogui.jar

gui/3.6/lib/rest-ego-3.6.0.jar

7.     Copyright and trademark information

© Copyright IBM Corporation 2018

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.