Readme File
for IBM® Platform Symphony 6.1.1 Interim Fix 497567
Readme file for: Platform Symphony
Product/Component
Release:
6.1.1
Update Name: Interim Fix 497567
Fix ID: sym-build497567
Publication date: August 3, 2018
This interim fix provides instructions on upgrading Apache Tomcat
from v5.5.36 to v7.0.90 in Platform Symphony 6.1.1 to address security
vulnerability CVE-2018-8014 in Tomcat.
Contents
1.
List of fixes
2. Download
location
3.
Scope
4. Installation
and configuration
5. Uninstallation
6. List of
files
7. Copyright
and trademark information
1.
List of fixes
APAR: P102656
2.
Download location
3.
Scope
Before you
install this update in your cluster, note the following requirements:
Applicability |
|
Operating systems |
Linux2.6-glibc2.3-x86_64 |
Product version |
Platform Symphony
6.1.1 |
Cluster type |
Single
grid cluster |
4.
Installation and configuration
Follow
the instructions in this section to download and install this update in your
cluster.
System requirements
Linux x86_64 hosts
File
name |
Description |
Sym6.1.1_lnx26-lib23-x64_build497567.tar.gz |
Package
for Linux management hosts in a 6.1.1 cluster. |
Optional prerequisite
For a
Platform Symphony 6.1.1 cluster, you can optionally take advantage of a
security service pack. To apply this interim fix along with the security
service pack:
a. Install the service pack (sym-6.1.1-spk-Security-build227853).
b. Apply this interim fix to your cluster (sym6.1.1_lnx26-lib23-x64_build497567.tar.gz).
If you do
not want to apply the 6.1.1 security service pack, proceed to directly apply
this interim fix to your cluster.
Before installation
a. Log on to the master host as the cluster administrator
and stop the WEBGUI service:
> egosh user logon -u Admin -x Admin
> source $EGO_TOP/cshrc.platform
> egosh
service stop WEBGUI
b. Log on to each management host in the cluster and back up the following
files for recovery purposes:
$EGO_TOP/gui/1.2.8/tomcat/
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/1.2.8/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/6.1.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/1.2.8/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/6.1.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/6.1.1/soamgui/WEB-INF/web.xml
Installation
a. On
each management host, copy the apache-tomcat-7.0.90.tar.gz package to
a temporary folder and decompress the file:
> cp apache-tomcat-7.0.90.tar.gz /tmp
> tar zxvf apache-tomcat-7.0.90.tar.gz
> rm -rf apache-tomcat-7.0.90/conf/
> rm -rf apache-tomcat-7.0.90/work/
> rm -rf apache-tomcat-7.0.90/logs/
b.
Copy the Tomcat folder:
> rm -rf $EGO_TOP/gui/1.2.8/tomcat
> cp -rf apache-tomcat-7.0.90 $EGO_TOP/gui/1.2.8/tomcat
c.
Copy the sym6.1.1_lnx26-lib23-x64_build497567.tar.gz
package and decompress it:
> tar zxfo sym6.1.1_lnx26-lib23-x64_build497567.tar.gz -C $EGO_TOP
a) If
you ran the “egoconfig mghost shared_dir” command during installation to
set up a shared location for configuration files, ensure that the configuration
file is changed in the shared directory:
> cp $EGO_TOP/gui/conf/catalina.policy $EGO_CONFDIR/../../gui/conf/catalina.policy
> cp $EGO_TOP/gui/conf/catalina.properties $EGO_CONFDIR/../../gui/conf/catalina.properties
> cp $EGO_TOP/gui/conf/server.xml
$EGO_CONFDIR/../../gui/conf/server.xml
b) If
you modified the server.xml configuration file for
details such as the GUI service port, manually redo those changes:
$EGO_CONFDIR/../../gui/conf/server.xml
d.
Edit the web.xml
files to add the following configuration:
a)
Edit each of the following files:
$EGO_TOP/gui/ego/1.2.8/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/6.1.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/1.2.8/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/6.1.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/6.1.1/soamgui/WEB-INF/web.xml
b)
Find the “<servlet-name>dwr-invoker</servlet-name>” line in
the “</servlet>” section and add the following
configuration:
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
For example:
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
After installation
a.
On each management host, delete all
subdirectories and files in the following directory:
>
rm -rf $EGO_TOP/gui/work/*
b.
On all client hosts, open your web
browser and clear the browser cache.
c.
Start the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh
service start WEBGUI
d. In
the $EGO_TOP/gui/logs/catalina.out
file, check whether the GUI version indicates version 7.0.90:
INFO: Server version: Apache
Tomcat/7.0.90
5.
Uninstallation
Follow the instructions
in this section to uninstall this update in your cluster, if required.
a. Log on to the master host as the cluster administrator
and stop the WEBGUI service:
> egosh
user logon -u Admin -X Admin
> source
$EGO_TOP/cshrc.platform
> egosh
service stop WEBGUI
b. On each management host, restore the backup files:
a) Remove the Tomcat folder, which was introduced by this
interim fix:
> rm -rf $EGO_TOP/gui/1.2.8/tomcat
b) Restore
the following folders and files from your backup:
$EGO_TOP/gui/1.2.8/tomcat/
$EGO_CONFDIR/../../gui/conf/catalina.policy
$EGO_CONFDIR/../../gui/conf/catalina.properties
$EGO_CONFDIR/../../gui/conf/server.xml
$EGO_TOP/gui/ego/1.2.8/platform/WEB-INF/web.xml
$EGO_TOP/gui/is/6.1.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/1.2.8/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/6.1.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/6.1.1/soamgui/WEB-INF/web.xml
c.
Delete all
subdirectories and files in the following directory:
> rm -rf $EGO_TOP/gui/work/*
d.
On all client hosts, open your web
browser and clear the browser cache.
e.
Start the WEBGUI service:
> source $EGO_TOP/cshrc.platform
> egosh
service start WEBGUI
6.
List of files
gui/conf/catalina.policy
gui/conf/catalina.properties
gui/conf/server.xml
gui/1.2.8/tomcat/bin/catalina.sh
7.
Copyright and trademark information
© Copyright IBM
Corporation 2018
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com_ are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.