Chatta subito con l'assistenza
Chat con il supporto

Privilege Manager for Unix 7.2.1 - Release Notes

Privilege Manager for Unix 7.2.1

Privilege Manager for Unix 7.2.1

Release Notes

07 March 2022, 17:28

These release notes provide information about the Privilege Manager for Unix release.

Topics:
About this release

Privilege Manager for Unix protects the full power of root from potential misuse or abuse. With Privilege Manager for Unix there is no need to worry about anyone deleting critical files, modifying file permissions or databases, reformatting disks, or doing more subtle damage. Privilege Manager for Unix enables you to define a security policy that stipulates who has access to which root functions, as well as when and where they can perform those functions. It controls access to existing programs as well as purpose-built utilities that run common system administration tasks. At the administrator's request, Privilege Manager for Unix can protect sensitive data from network monitoring by encrypting the root commands or sessions it controls, including control messages and input keyed by users while running commands through Privilege Manager for Unix.

Privilege Manager for Unix 7.2.1 is a patch release that includes Resolved issues.

NOTE: Beginning with version 7.0, Privilege Manager for Unix supports only Linux-based systems for Privilege Manager for Unix policy servers.

End of support notice

After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.

As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.

New features

New features in Privilege Manager for Unix 7.2.1:

  • Privilege Manager for Unix is shipped with OpenSSL shared objects since version 7.0. Due to recent high severity fixes in the OpenSSL library, the shipped shared objects have been upgraded to version 1.1.1m, which include the corresponding fixes.

  • The text of the End-user license agreement (EULA) has been updated. Users must accept the updated EULA upon installing this product.

See also:

Resolved issues

The following is a list of issues addressed in this release.

Table 1: Resolved Issues
Resolved Issue Issue ID

Fixed updating the /etc/services file during policy server configuration.

In some cases, after unconfiguring the policy server, the policy server could leave entries belonging to Privilege Manager daemons in /etc/services file and the policy server configuration could result in having multiple entries.

287684

Fixed issue when orphaned pmmasterd processes hang indefinitely due to network disconnect.

If the policy server disconnects from the network while there is an open sudo session on a client, there is a chance that the pmmasterd process handling that client connection never terminates. This issue has been fixed by enabling SO_KEEPALIVE socket option on the socket by default. It can be disabled by setting the 'masterkeepalive' configuration option to 'NO' in the pm.settings product configuration file.

288722

On the relatively new Fedora 35, pmlogsearch failed to return search results.

pmlogsearch did not previously support "protected regular" security hardening option (which is enabled by default on the Fedora 35 server). This resulted the tool to run on error and search results to become empty.

296543

Fixed issue when audit trail files stored on the policy server could not be transmitted to an SPS logserver.

When the connection between the Safeguard for Sudo policy server and an SPS logserver is interrupted, IO logs are cached on the policy server if the policy server is not in 'enforced' mode. Later on, when the connection is restored, the cached trails can be sent to the SPS logserver by running the pmauditsrv send command. This caused critical error on SPS side, the received trails became corrupt, and data loss could happen.

296550

Linux packages now ship with native service files for systemd.

To work on older systems as well, our packages provide sysv init scripts for service maintenance.

Newer linux distributions however may not provide compatibility with these by default: some additional packages need to be installed for that (for example systemd-sysvinit / initscripts). Now these additional packages are not needed any more. Note that sysv init scripts are still provided, and distributions without systemd remains supported (like RHEL 6).

298900

Improved git-svn handling.

Prior to git-svn 1.8 it is not possible to query the version number without a working repository. In order to make the user interface more convenient, we postponed the version check until it is necessary. Because of this it is less likely to get warnings about missing or incompatible programs, however with this change the dependency is less obvious.

300197

Fixed a race condition between pmmasterd and pmlogsrvd.

There is a rare race condition between pmlogsrvd and pmmasterd when they both access the same event in the database. From now on pmlogsrvd detects such a situation and solves the problem by restarting the affected database operation.

300333

Supported platforms

The following table provides a list of supported platforms for Privilege Manager for Unix clients.

Table 2: Linux supported platforms — server and client

Platform

Version

Architecture

Amazon Linux

AMI, 2

x86_64

CentOS Linux

6, 7, 8

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

6, 7, 8

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Red Hat Enterprise Linux (RHEL)

6, 7, 8

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

SuSE Linux Enterprise Server (SLES)/Workstation

11 SP4, 12, 15

Current Linux architectures: s390x, PPC64, PPC64le, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Table 3: Unix and Mac supported platforms — client

Platform

Version

Architecture

Apple MacOS

10.15 or later

x86_64, ARM64

FreeBSD

12.x, 13.x

x32, x64

HP-UX

11.31

PA, IA-64

IBM AIX

6.1 TL9, 7.1 TL3, 7.2

Power 4+

Oracle Solaris

10 8/11 (Update 10), 11.x

SPARC, x64

Strumenti self-service
Knowledge Base
Notifiche e avvisi
Supporto prodotti
Download di software
Documentazione tecnica
Forum utente
Esercitazioni video
Feed RSS
Contatti
Richiedi assistenza sulle licenze
Supporto tecnico
Visualizza tutto
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione