Environment
Novell Access Manager 3.1
Novell eDirectory 8.8 for Solaris
Novell eDirectory 8.8 for Linux
Novell eDirectory 8.8 for AIX
Novell eDirectory 8.8 for Windows
Novell Identity Manager 3.6.1
Novell iManager 2.7
Novell SecureLogin 6.1
Novell Sentinel 6.1
Novell Sentinel RD
Situation
Introduction
Novell recently released a new Platform Agent (PA) known as the Sentinel Platform Agent which changes the way that audited events are stored and made accessible to audit-compatible applications. For customers still desiring to use the old Novell Audit PA the new PA must be removed and replaced with the older version.
Products Affected
Currently the new Sentinel PA is only shipped with eDirectory 8.8.5 and Identity Manager 3.6.1. For systems with either of these components installed other Audit-enabled applications may break. For example if the Novell Identity Manager User Application is installed on a SLES server which is later upgraded from IDM 3.6.0 to IDM 3.6.1 the platform agent configuration used by the User Application will be removed and auditing will cease. Any Audit PAs depending on the Audit PA configuration files will be disabled after the upgrade to the Sentinel PA. Always have a backup or sufficient documentation of relevant configuration files before performing an upgrade of software. Any customers installing 8.8.5 for the first time on a system and wishing to use Auditing will also need to retrieve the Audit PA if the Sentinel PA does not meet their immediate needs. The eDirectory 8.8.5 installation does not install the Sentinel PA by default; see the eDirectory 8.8.5 documentation for details.
Platform Agent Use
The Novell Platform Agent which has been used by (and is required for use with) Novell Audit and Novell Identity Audit is set up to push data from an audited application on that application's server to a listening data aggregation system in the form of either Novell Audit, Novell Identity Audit (NIA), or Novell Sentinel. The data are sent over a TCP port to the listening server and, for times when the network fails, a local cache (lcache) is used to temporarily store data until network connectivity is restored. The Novell PA is supported on Linux, NetWare, Solaris, and Windows in 32-bit mode and on Linux in 64-bit mode.
The Sentinel Platform Agent changes this slightly by removing the network and lcache dependencies for events to be written successfully. By default all audited events are captured and written directly to the filesystem. Unlike the Novell Audit PA the Sentinel PA does not attempt to send any data over the network.. In order to capture the data from the Sentinel PA the data must either be retrieved (pulled over the network) via a network-capable File Connector, which is planned to be part of Sentinel, or else must be sent (pushed over the network) via a Sentinel Collector Manager. This means that the Sentinel PA does not permit data to be captured and sent to either Novell Audit or Novell Identity Audit. Until the enhanced File Connector is released a full Sentinel Collector Manager must be installed on every machine where audited events are captured and written to the filesystem. The Sentinel PA is supported on Linux, Solaris, and Windows in 32-bit and 64-bit modes.
Novell recently released a new Platform Agent (PA) known as the Sentinel Platform Agent which changes the way that audited events are stored and made accessible to audit-compatible applications. For customers still desiring to use the old Novell Audit PA the new PA must be removed and replaced with the older version.
Products Affected
Currently the new Sentinel PA is only shipped with eDirectory 8.8.5 and Identity Manager 3.6.1. For systems with either of these components installed other Audit-enabled applications may break. For example if the Novell Identity Manager User Application is installed on a SLES server which is later upgraded from IDM 3.6.0 to IDM 3.6.1 the platform agent configuration used by the User Application will be removed and auditing will cease. Any Audit PAs depending on the Audit PA configuration files will be disabled after the upgrade to the Sentinel PA. Always have a backup or sufficient documentation of relevant configuration files before performing an upgrade of software. Any customers installing 8.8.5 for the first time on a system and wishing to use Auditing will also need to retrieve the Audit PA if the Sentinel PA does not meet their immediate needs. The eDirectory 8.8.5 installation does not install the Sentinel PA by default; see the eDirectory 8.8.5 documentation for details.
Platform Agent Use
The Novell Platform Agent which has been used by (and is required for use with) Novell Audit and Novell Identity Audit is set up to push data from an audited application on that application's server to a listening data aggregation system in the form of either Novell Audit, Novell Identity Audit (NIA), or Novell Sentinel. The data are sent over a TCP port to the listening server and, for times when the network fails, a local cache (lcache) is used to temporarily store data until network connectivity is restored. The Novell PA is supported on Linux, NetWare, Solaris, and Windows in 32-bit mode and on Linux in 64-bit mode.
The Sentinel Platform Agent changes this slightly by removing the network and lcache dependencies for events to be written successfully. By default all audited events are captured and written directly to the filesystem. Unlike the Novell Audit PA the Sentinel PA does not attempt to send any data over the network.. In order to capture the data from the Sentinel PA the data must either be retrieved (pulled over the network) via a network-capable File Connector, which is planned to be part of Sentinel, or else must be sent (pushed over the network) via a Sentinel Collector Manager. This means that the Sentinel PA does not permit data to be captured and sent to either Novell Audit or Novell Identity Audit. Until the enhanced File Connector is released a full Sentinel Collector Manager must be installed on every machine where audited events are captured and written to the filesystem. The Sentinel PA is supported on Linux, Solaris, and Windows in 32-bit and 64-bit modes.
Resolution
To remove the new Sentinel PA and install the old Audit PA follow
the steps below for the operating system and architecture in
use:
Linux
32-bit - The Audit PA is available with either the previous eDirectory installation in the case of eDirectory 8.8.3 or from the Audit 2.0.2 SP6 ( https://download.novell.com/Download?buildid=1O9cbsOIO8Y~ ) media in the case of earlier versions of eDirectory.
64-bit - The eDirectory 8.8.3/8.8.4 Audit PA is available for Linux in 64-bit mode at the following location: https://download.novell.com/Download?buildid=8hsF_lYQZJM~
To uninstall the new Sentinel PA use the following command entering root privileges when asked for them:
sudo rpm -e --nodeps novell-Sentinelplatformagent
To install the Audit PA use the following command, entering root privileges when asked for them, pointing to the the RPM available from the links above:
32-bit: sudo rpm -Uvh /path/to/novell-AUDTplatformagent-2.0.2-55.i586.rpm
64-bit: sudo rpm -Uvh /path/to/novell-AUDTplatformagent-2.0.2-55.x86_64.rpm
Solaris
32-bit - The Audit PA is available with either the previous eDirectory installation in the case of eDirectory 8.8.3 or from the Audit 2.0.2 SP6 ( https://download.novell.com/Download?buildid=1O9cbsOIO8Y~ ) media in the case of earlier versions of eDirectory.
64-bit - There is no 64-bit version of the Novell Audit PA for Solaris at this time.
To uninstall the Sentinel PA use the following command as 'root':
pkgrm novell-Sentinelplatformagent
To install the Audit PA use the following command pointing to the PKG available as shown above accepting the confirmation to install when prompted:
As root run:
pkgadd -d /path/to/NOVLaudpa.pkg all
NetWare
NetWare does not use the new Sentinel PA in any scenario and does not need to be changed at this time. In the future the Sentinel PA may be made available for NetWare for the enhancements it provides depending on customer requests.
Windows
32-bit - The old platform agent is available with either the previous eDirectory installation in the case of eDirectory 8.8.3 or from the Audit 2.0.2 SP6 ( https://download.novell.com/Download?buildid=1O9cbsOIO8Y~ ) media in the case of other versions of eDirectory. To install the Audit PA in eDirectory on Windows for the first time complete the following steps:
1. Download the Audit PA from the link above
2. Extract eDirectoryInstrumentation-win-8.8.5.zip from the install media. This directory contains the Audit DS Module and Audit schema, ediraudit.sch..
3. Copy nauditds.dlm to X:\novell\nds where 'X' is the drive on which eDirectory resides.
4. Using the install.dlm in NDSCons (the eDirectory console) add the ediraudit.sch schema file.
5. Restart eDirectory.
6. Using NDSCons set nauditds.dlm to auto start for future initializations.
7. Start nauditds.dlm.
After upgrading eDirectory from a previous version when Audit was already installed and configured the Audit components should still work so there is no need to change anything unless the Sentinel PA was installed another way.
After upgrading to IDM 3.6.1 from a previous release, or after installing IDM 3.6.1 for the first time, the Novell Audit PA is removed and the Sentinel PA is installed. To undo this use the following steps:
1. Search for all copies of logevent.dll in the system.
2. Delete/move all copies EXCEPT for the one in /windows/system32 which has a size of 637 KB and a date of 2008-09-26.
Later patches and versions of the Novell Audit PA are available from https://download.novell.com/patch/finder/ under 'Audit' in the product selection drop-down.
Once the Audit PA is installed be sure to modify the logevent.conf file appropriately for your platform. If you previously had this file, for example in /etc/logevent.conf on Linux, there should be a backup file located at /etc/logevent.conf.rpmsave with the previous settings. After saving the updated logevent.conf file restart eDirectory to apply the changes.. For a new Audit PA, installation documentation on configuring the logevent.conf (*nix platforms) or logevent.cfg (NetWare and Windows) file can be found in the Novell Audit documentation available at https://www.novell.com/documentation/novellaudit20/novellaudit20/data/al36zjk.html and https://www.novell.com/documentation/novellaudit20/ . Valid parameters for these files are also commented out in the shipping versions of the files with explanations regarding their functionality.
Customers have requested that the Audit PA be made available by default; as a result Novell re-released IDM 3.6.1 as 3.6.1a from the original 2009-06-04 build with the Audit PA included and the Sentinel PA removed.
Linux
32-bit - The Audit PA is available with either the previous eDirectory installation in the case of eDirectory 8.8.3 or from the Audit 2.0.2 SP6 ( https://download.novell.com/Download?buildid=1O9cbsOIO8Y~ ) media in the case of earlier versions of eDirectory.
64-bit - The eDirectory 8.8.3/8.8.4 Audit PA is available for Linux in 64-bit mode at the following location: https://download.novell.com/Download?buildid=8hsF_lYQZJM~
To uninstall the new Sentinel PA use the following command entering root privileges when asked for them:
sudo rpm -e --nodeps novell-Sentinelplatformagent
To install the Audit PA use the following command, entering root privileges when asked for them, pointing to the the RPM available from the links above:
32-bit: sudo rpm -Uvh /path/to/novell-AUDTplatformagent-2.0.2-55.i586.rpm
64-bit: sudo rpm -Uvh /path/to/novell-AUDTplatformagent-2.0.2-55.x86_64.rpm
Solaris
32-bit - The Audit PA is available with either the previous eDirectory installation in the case of eDirectory 8.8.3 or from the Audit 2.0.2 SP6 ( https://download.novell.com/Download?buildid=1O9cbsOIO8Y~ ) media in the case of earlier versions of eDirectory.
64-bit - There is no 64-bit version of the Novell Audit PA for Solaris at this time.
To uninstall the Sentinel PA use the following command as 'root':
pkgrm novell-Sentinelplatformagent
To install the Audit PA use the following command pointing to the PKG available as shown above accepting the confirmation to install when prompted:
As root run:
pkgadd -d /path/to/NOVLaudpa.pkg all
NetWare
NetWare does not use the new Sentinel PA in any scenario and does not need to be changed at this time. In the future the Sentinel PA may be made available for NetWare for the enhancements it provides depending on customer requests.
Windows
32-bit - The old platform agent is available with either the previous eDirectory installation in the case of eDirectory 8.8.3 or from the Audit 2.0.2 SP6 ( https://download.novell.com/Download?buildid=1O9cbsOIO8Y~ ) media in the case of other versions of eDirectory. To install the Audit PA in eDirectory on Windows for the first time complete the following steps:
1. Download the Audit PA from the link above
2. Extract eDirectoryInstrumentation-win-8.8.5.zip from the install media. This directory contains the Audit DS Module and Audit schema, ediraudit.sch..
3. Copy nauditds.dlm to X:\novell\nds where 'X' is the drive on which eDirectory resides.
4. Using the install.dlm in NDSCons (the eDirectory console) add the ediraudit.sch schema file.
5. Restart eDirectory.
6. Using NDSCons set nauditds.dlm to auto start for future initializations.
7. Start nauditds.dlm.
After upgrading eDirectory from a previous version when Audit was already installed and configured the Audit components should still work so there is no need to change anything unless the Sentinel PA was installed another way.
After upgrading to IDM 3.6.1 from a previous release, or after installing IDM 3.6.1 for the first time, the Novell Audit PA is removed and the Sentinel PA is installed. To undo this use the following steps:
1. Search for all copies of logevent.dll in the system.
2. Delete/move all copies EXCEPT for the one in /windows/system32 which has a size of 637 KB and a date of 2008-09-26.
Later patches and versions of the Novell Audit PA are available from https://download.novell.com/patch/finder/ under 'Audit' in the product selection drop-down.
Once the Audit PA is installed be sure to modify the logevent.conf file appropriately for your platform. If you previously had this file, for example in /etc/logevent.conf on Linux, there should be a backup file located at /etc/logevent.conf.rpmsave with the previous settings. After saving the updated logevent.conf file restart eDirectory to apply the changes.. For a new Audit PA, installation documentation on configuring the logevent.conf (*nix platforms) or logevent.cfg (NetWare and Windows) file can be found in the Novell Audit documentation available at https://www.novell.com/documentation/novellaudit20/novellaudit20/data/al36zjk.html and https://www.novell.com/documentation/novellaudit20/ . Valid parameters for these files are also commented out in the shipping versions of the files with explanations regarding their functionality.
Customers have requested that the Audit PA be made available by default; as a result Novell re-released IDM 3.6.1 as 3.6.1a from the original 2009-06-04 build with the Audit PA included and the Sentinel PA removed.