Readme File for IBM®
Spectrum Symphony RFE SPCS-I-915
Readme file for:
IBM Spectrum Symphony
Product Release: 7.3.2
Fix ID:
sym-7.3.2-build601412-citi
Publication date: February 10, 2023
This update enhances the EGO
and SOAM audit logs in IBM Spectrum Symphony 7.3.2 to capture details of a
client host from which user operations are triggered, especially those through
the cluster management console GUI.
Specifically, this enhancement logs GUI user
operations to these corresponding audit logs:
|
Function |
Audit log
file |
|
EGO service started |
$EGO_TOP/audits/egoservice.audit.log |
|
EGO service stopped |
|
|
EGO service configured |
|
|
Host opened |
$EGO_TOP/audits/ego.audit.log |
|
Host closed |
|
|
User added |
|
|
User modified |
|
|
User deleted |
|
|
User assigned a new role |
|
|
User unassigned a role |
|
|
User logged on from GUI or CLI |
|
|
User logged off from CLI |
|
|
User logged on unsuccessfully from GUI,CLI, or
API |
|
|
Consumer added |
|
|
Consumer modified |
|
|
Consumer deleted |
|
|
Consumer changed resource plan |
|
|
Service packages added |
$EGO_TOP/audits/repositoryservice.audit.log |
|
Service packages removed |
|
|
Sessions killed |
$EGO_TOP/audits/application.audit.log |
|
Sessions suspended |
|
|
Sessions resumed |
|
|
Applications enabled |
|
|
Applications disabled |
|
|
Applications registered |
|
|
Applications unregistered |
Note: There are no audit logs for unsuccessful logons (incorrect username or
password) with the GSS Kerberos plug-in, because the
authentication fails on the client side and has not yet arrived on the VEMKD
side, thereby, audit logging is not triggered.
Before you
install this enhancement to your cluster, note the following requirements:
|
Operating system |
RHEL 7.x
64-bit |
|
Product version |
IBM
Spectrum Symphony 7.3.2 |
Follow these instructions to download
and install this enhancement on Linux management hosts in your cluster.
Prerequisites
Fix 601349 must be installed before this fix package.
Installation
a. Log on to the primary host as the cluster
administrator, stop applications, and shut down the
cluster:
> soamcontrol app disable all
> egosh service stop all
> egosh ego shutdown all
b.
On each management host, download the following packages, for example, to a /symfixes directory:
egorest-4.0.0.0_noarch_build601412.tar.gz
egomgmt-4.0.0.0_noarch_build601412.tar.gz
soammgmt-7.3.2.0_noarch_build601412.tar.gz
egocore-4.0.0.0_x86_64_build601412.tar.gz
soamcore-7.3.2.0_x86_64_build601412.tar.gz
c. Run the egoinstallfixes command to install the packages:
> egoinstallfixes /symfixes/egorest-4.0.0.0_noarch_build601412.tar.gz
> egoinstallfixes /symfixes/egomgmt-4.0.0.0_noarch_build601412.tar.gz
> egoinstallfixes /symfixes/soammgmt-7.3.2.0_noarch_build601412.tar.gz
> egoinstallfixes /symfixes/egocore-4.0.0.0_x86_64_build601412.tar.gz
> egoinstallfixes /symfixes/soamcore-7.3.2.0_x86_64_build601412.tar.gz
Important: Running the egoinstallfixes command automatically backs up the current binary files to a fix
backup directory. For recovery purposes of the original file, do not delete
this backup directory. For more information on using this command, see the egoinstallfixes command reference.
d.
Delete all
subdirectories and files in the following GUI work directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
Note: If you change the default
configuration for the WLP_OUTPUT_DIR environment variable and set the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Clear your web browser
cache.
f.
Enable audit logging as described in the “Configuration
and usage” section of this readme file.
g.
Start the cluster and
enable your applications:
> egosh ego start all
> soamcontrol app enable applocation_name
h.
Launch your web
browser, clear the browser cache, and log in to cluster management console as
usual.
i.
Run the pversions command to verify the installation:
> pversions -b 601412
Configuration
·
Ensure that audit
logging is configured as follows:
i.
In the $EGO_CONFDIR/ego.conf file, set:
EGO_AUDIT_LOG=Y
EGO_AUDIT_LOGDIR=$EGO_TOP/audits
EGO_AUDIT_LOGMASK=LOG_INFO
EGO_AUDIT_LOG_WITH_HOSTINFO=Y
Where $EGO_TOP is the cluster installation directory
or the directory you want to save audit log files.
ii.
In the $EGO_ESRVDIR/esc/conf/egosc_conf.xml file, set:
<ESC_AUDIT_LOG>ON</ESC_AUDIT_LOG>
iii.
In the $EGO_ESRVDIR/esc/conf/services/rs.xml file, set:
<ego:EnvironmentVariable
name="RS_AUDIT_LOG">ON</ego:EnvironmentVariable>
iv.
In the $EGO_ESRVDIR/esc/conf/services/sd.xml file, set:
<ego:EnvironmentVariable
name="SD_AUDIT_LOG">ON</ego:EnvironmentVariable>
Usage
· If you want to
create or delete a role from the cluster management console, go to System
& Services > Users > Roles, and create or delete the “Guest”
role.
Details for the operation are logged to the $EGO_TOP/audits/ego.audit.log audit log as follows:
NOTICE CONFIG Admin ROLE Guest created. DETAIL: [ROLE_NAME] is
<Guest>, [ROLE_DESC] is <>. Request from ABC.ibm.com:xxx.xxx.xxx.xxx.
NOTICE CONFIG Admin ROLE Guest deleted. DETAIL: [ROLE_NAME] is
<Guest>. Request from ABC.ibm.com:xxx.xxx.xxx.xxx.
If required, follow these instructions
to uninstall this enhancement from management host in your cluster:
a.
Log on to the primary host as the cluster administrator,
stop applications, and shut down the cluster:
> soamcontrol app disable all
> egosh service stop all
> egosh ego shutdown all
b.
Log on to each management host in the cluster and
roll back this enhancement:
> egoinstallfixes -r 601412
Note: You can specify the full path and
file name instead of the build number, for example:
> egoinstallfixes -r /symfixes/egorest-4.0.0.0_noarch_build601412.tar.gz
> egoinstallfixes -r /symfixes/egomgmt-4.0.0.0_noarch_build601412.tar.gz
> egoinstallfixes -r /symfixes/soammgmt-7.3.2.0_noarch_build601412.tar.gz
> egoinstallfixes -r /symfixes/egocore-4.0.0.0_x86_64_build601412.tar.gz
> egoinstallfixes -r /symfixes/soamcore-7.3.2.0_x86_64_build601412.tar.gz
c.
In the $EGO_CONFDIR/ego.conf file, set the EGO_AUDIT_LOG_WITH_HOSTINFO parameter to N to disable this feature.
d.
Delete all
subdirectories and files in the following GUI work directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
Note: If you change the default
configuration for the WLP_OUTPUT_DIR environment variable and set the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Clear your web browser
cache.
f.
Start your cluster and enable your applications:
> egosh ego start all
> soamcontrol
app enable application_name
egorest-4.0.0.0_noarch_build601412.tar.gz
egomgmt-4.0.0.0_noarch_build601412.tar.gz
soammgmt-7.3.2.0_noarch_build601412.tar.gz
egocore-4.0.0.0_x86_64_build601412.tar.gz
soamcore-7.3.2.0_x86_64_build601412.tar.gz
To receive
information about product solution and patch updates automatically, subscribe
to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support
website (http://support.ibm.com). You can edit your subscription settings to
choose the types of information you want to get notification about, for
example, security bulletins, fixes, troubleshooting, and product enhancements
or documentation changes.
© Copyright IBM Corporation 2023
U.S. Government Users Restricted Rights - Use,
duplication or disclosure restricted by GSA ADP Schedule Contract with IBM
Corp.
IBM®, the IBM logo
and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.