Issues resolved in NetIQ Privileged User Manager

  • 7007751
  • 01-Feb-2011
  • 28-Mar-2013

Environment

Privileged User Manager

Additional Information


NetIQ Privileged User Manager 2.3.2 (2.3.2): Released  Jan 23, 2013

New features included in NetIQ Privileged User Manager 2.3.2

Video Capture for Windows - Video Capture for Windows monitors user activity by capturing videos of every task performed by the user.You can browse the text log of a user and select a particular task and watch the video.  You can search for a particular event within a video based on the keyword search option. You can schedule compression and archiving of video files to external storage.You can turn the Video capture feature ON or OFF for a particular user based on your requirement. For detailed information, see Video Capture for Windows in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

Two Factor Authentication - Two factor authentication is required to enhance the security and to ensure the identity of the user is valid. Every framework user has to enter the secondary password to log in to the PUM Administration Console.For detailed information, see Modify User: Authentication Script in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

SSL Renegotiation DOS Attack Protection - A client can attack the SSL server by sending a number of renegotiation (SSL handshake) requests to it. This can overwhelm the server and the server can go down. To prevent such attacks you can limit the renegotiation requests from a particular client by setting a threshold.  For detailed information, see SSL Renegotiation DOS Attack Protection in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

Change Management - Any GUI specific operations performed by you is audited by the Change Management feature. Each operation is tracked and the log is maintained in the Change Management report. The default Sample Report displays all the collected audit records and any associated keystroke captures.  For detailed information, see Change Management in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

Fixes included in NetIQ Privileged User Manager 2.3.2:
*  100+ Bug fixes
Resolved:  Including stability fixes for Enhanced Access Control (EAC) and Windows RDP Relay.


NetIQ Privileged User Manager 2.3.1-2 (2.3.1-2): Released  Nov 16, 2012

Fixes included in NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2):

Note:  Privileged User Manager is vulnerable to an exploit whereby an attacker could, without prior authentication, change the password of the admin user and/or execute a Perl script with SYSTEM privileges.
 
Access Manager (auth):
LDAP Credential Agent (ldapagnt):
Registry Agent (regclnt):
Bug 789854 - Security Vulnerability: NetIQ Privileged User Manager Remote Code Execution Vulnerability
Resolved:  Resolved vulnerabilities 



NetIQ Privileged User Manager 2.3.1-1 (2.3.1-1): Released  Sept 11, 2012

Fixes included in NetIQ Privileged User Manager 2.3.1 HF1 (2.3.1-1)
 
Command Control Agent (rexec):
Bug 776218 - EAC: Error, cannot open policy: Bad file number (Solaris specific)
Resolved:  Resolved EAC error
 
Bug 774457 - EAC shell hoards audit data in memory
Resolved:  Resolved memory hog
 
Bug 767472 - EAC doesn’t work on Solaris x86 v9 - "Value too large for defined data type"
Resolved: EAC works on Solaris x86 v9
 
Bug 766958 - remove rush man page, add pcksh man page
Resolved: pcksh man page added, removed old rush man page
 
Bug 766638 - Solaris: EAC causes core when running 'man' as root
Resolved:  Resolved core when running man as root
 
Bug 763482 - HP-UX EAC corrupts when login with /usr/bin/ksh or /sbin/sh
Resolved: EAC works when login shell is /usr/bin/ksh or /sbin/sh
 
Bug 757337 - Unable to set ulimit after EAC is enabled
Resolved:  Resolved, ulimit can be set after EAC is enabled
 
Bug 754353 - Using EAC with 'tail -f' on SLES10 causes tail to segmentation fault when using PUTTY
Resolved: tail -f can be run on SLES without segmentation fault
  
Messaging Component (msgagnt):
Bug 767942 - msgagnt sending emails with 1970/01/01 date
Resolved:  Stopped utf-8 Date attributes in smtp headers
  
Framework Patch: 
Resolved: Update to 2.3.1 HF1 (2.3.1-1)
  
Agent Console:
Bug 674816 - Request Certificate - Finish button isn't enabled until you edit the Common Name
Resolved: Finish button is enabled after filling out blank settings
  
Command Control Manager (cmdctrl): 
Bug 747447 - default 20mb queue_wm_size too small
Resolved:  Default watermark increased to 100MB, max size 250MB
  
Reporting Console (audit):
Bug 746377 - Add option to Syslog configuration in Reports gui to enable/disable persistent connections
Resolved: Option added to enable/disable persistent connections


NetIQ Privileged User Manager 2.3.1 (2.3.1): Released  May 29, 2012

New features included in NetIQ Privileged User Manager 2.3.1

Windows Audit - Windows Audit is a service that enables you to view all the real-time and historical user activities on a local or remote Windows system. The user activities are known from the captured event log messages, which show all the user inputs and the resulting processes. The user inputs are captured to the level of every keystroke and mouse clicks. For example, when the OK button is clicked, an event saying the OK button is clicked is generated and sent to the Windows Audit service. For detailed information see "Monitoring the User Activities" in the NetIQ Administration Guide.

Privileged Account - The privileged account credentials and domain information are stored in domains and credentials. The user can create multiple credentials for a single domain.The credentials are securely stored in an encrypted form. For detailed information see “Privileged Accounts†in the the NetIQ Administration Guide.

Remote Desktop Protocol Relay - Remote Desktop Protocol Relay remotely connects you from the manager to a Windows machine  without an agent; and, relays the executed commands through a secured connection.For detailed information see “Remote Desktop Protocol Relay†in the NetIQ Administration Guide.

Secure Shell Relay - Secure Shell Relay (SSH Relay) provides the ability to access privileged accounts using a standard SSH client. This feature provides the ability to access Privileged User Manager functionality without a PUM agent on the target host. SSH Relay allows users to connect to a remote host using secure shell without knowing the privileged account credentials such as password or identity certificate of the user. For detailed information see “Secure Shell Relay†in the NetIQ Administration Guide.

LDAP Group Lookup - The LDAP Group lookup feature can be used to retrieve LDAP group membership information for a user stored in external LDAP directories, such as Novell eDirectory or Microsoft Active Directory. The information fetched can be used to perform external group matching in rules. For detailed information see "LDAP Group Lookup" in the NetIQl Administration Guide

Fixes included in NetIQ Privileged User Manager 2.3.1:
*  100+ Bug fixes


Novell Privileged User Manager 2.3.0 HF4 (2.3.0-4): Released  Dec 2, 2011

Admin Console (admin) -
Bug 721850  Finish button isn't enabled when typing different value in Syslog http port
Resolved:  Finish button is enabled when changing syslog http port

Bug 721301  Syslog Settings doesn't allow Syslog host port over 9999
Resolved:  Syslog allows ports over 9999

Command Control Agent (rexec) -
Bug 730201/706540  'ps -fea | more' hangs after set -o remote is set
Resolved:  Hang resolved

Bug 730108  HP-UX Not able to apply EAC while using cpcksh shell on HP UX 11.11
Resolved:   EAC works properly with cpcksh shell

Bug 729828  HP-UX ia64 installer does not install EAC preload library ccpreload-elf64.sl
Resolved:  EAC preload library properly installed on ia64

Bug 729799  HP-UX EAC on HP-UX 11.23 ia64 coredumps when running /usr/local/bin/bash
Resolved:  EAC core resolved

Bug 729671  HP-UX EAC on HP-UX ia64 corrupts when running /usr/bin/ksh
Resolved:  EAC core resolved

Bug 728948  HP-UX EAC on HP-UX PA-Risc coredumps when running /usr/bin/ksh
Resolved:  EAC core resolved

Bug 724850  pcksh produces an "assert" when it receives too much output too quickly
Resolved:  Fixed buffer overflow

Bug 723912  udsh with -b option suppresses the host name
Resolved:  udsh properly displays host name

Bug 708151  "/usr/bin/pcksh: alias: Permission denied" with pcksh illegal command script (with new regex feature enabled)
Resolved:  Fixed shell initialization with Illegal command script enabled

Bug 702038  Unable to limit the command using 'EAC' in the UNIX script.
Resolved:  EAC can limit commands in scripts

Bug 655325  HP-UX Output of 'who -Rm' on HP-UX agents truncate the domain portion of the hostname
Resolved: Fixed truncate of domain portion of hostname on 'who -Rm'

Access Manager (admin) , Audit Manager (audit), Command Control Console (cmdctrl), Command Control Manager (cmdctrl), Compliance Auditor (secaudit), Compliance Auditor Console (secaudit) -
Bug 709295  Compliance Auditor Enhancement - Add 'Command Risk' Filter for 'Command Control' Audit Category
Resolved:  Compliance Auditor includes an option to filter on 'Command Risk'
See TID# 7009837 at https://support.novell.com

SSH Relay agent (sshrelay) - 
Bug 699723  Cannot obtain client IP when connecting to SSH Relay via Perl Script
Resolved:  Fixed when the target details are not given, assign the 'submitHost' to the 'Host'node in metadata

Framework Patch (spf) -
Bug 727307  Unifid could coredump if the host information in the packet is missing
Resolved: Unifid core resolved

All
Bug 709070  NPUM 2.3 agent fails to install on RedHat 4.8 with failed dependencies
Resolved:  Fixed dependency issues in 2.3.0 HF4 builds for RedHat



Novell Privileged User Manager 2.3.0 HF3 (2.3.0-3): Released Sept 13,2011

Audit Manager (audit) -
Bug 683048 - sreplay terminates playing session part way through
Resolved: sreplay plays complete session without terminating

Command Control Agent (rexec) -
Bug 652372 - Remove 2.3.0 feature, 'update rush command history on the fly' 
Bug 688238 - rush shell doesn't appear when executing sh in vi, until 'ctrl+c' after upgrade to 2.3.0-2
Resolved: Removed feature, as it caused the history file to be a binary file and shell to hang under certain circumstances

Bug 672454 - Group list in Command Control metadata has rogue group node
Resolved: Group metadata displays properly
See TID# 7009325 - Group list in Command Control metadata has rogue group node

Bug 677839 - "man" command causes core on Solaris when to run under EAC as normal user
Bug 678722 - "find" command causes core on Solaris when to run under EAC as normal user
Resolved: cores resolved when running find or man with Enhanced Access Control script enabled

Bug 684888 - 'Require RunUser Password' script fails unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !
Resolved - Changed Linux default to "tty1", and also added enhancement to the Command Control agent to allow specification of service or tty to the auth call.
See TID# 7009326 - 'Require RunUser Password' script fails unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !

Bug 680288 - ccpreload-elf32.so and ccpreload-elf64.so have incorrect permissions - incorrectly marked -rwxr-xr-x instead of -rwsr-xr-x after patching to 2.3.0-2
Resolved: Files have correct permissions

Command Control Console (cmdctrl) -
Bug 681604 - Update Illegal Command script, allow regular expressions to define illegal commands
Resolved - Illegal Command script allows for regex to be used

Command Control Manager (cmdctrl) -
Bug 684351 - Run user and host rewrite only works for the first rule that is matched
Resolved -Run user and host rewrite works regardless of rule configuration

Bug 690010 - Deleting cmdctrl backups (delcfg), does not vacuum the DB after deletion.
Resolved - delcfg triggers vacuum of cmdctrl.db when cmdctrl backups are deleted

Bug 704300 - RDP relay does not start correct session when any rule other than first rule on rdprelay page is selected
Resolved -RDP relay starts correct session

Framework Patch (spf) -
Bug 679447 - Error, Error parsing 20014
Resolved - Improved XML parser error message

Bug 689360 - Debug trace on Windows causes unifid.exe to go into High Utilization
Resolved - Improved trace on Windows.

Package Manager (pkgman) -
Bug 686935 - Use the data directory to store the package files
Resolved - Store package files for Package Manager in correct structure (SLES/generic)

Privileged Credential Manager (prvcrdvlt) -
Bug 681572 - RDP relay - Error, Failed to relay client packet 0
Resolved - Privileged Credential Manager data created with proper ID's
See TID# 7009327 - Error, Failed to relay client packet 0

RDP Session Console (rdprelay) -
Bug 665449 - RPD relay page, multiple TAB Session are in-correct
Resolved - Multiple TAB sessions are correctly handled

RDP Relay (rdprelay) -
Bug 689389 - 'Error, Failed to receive packet header' in Alert after closing RDP session
Resolved - Changed end of session message from 'Error' to 'Info'

Registry Agent (regclnt) - 
Bug 686935 - Host summary for SLES servers show Disk Space for /opt directory instead of /var
Resolved - SLES specific host summary now show proper disk space from the /var directory structure

Registry Manager (registry) -
Bug 686251 - Allow ability to define new hosts via the command line
Resolved - Can create hosts and domains via the command line (reglcnt)
See TID# 7009329 - Creating hosts and domains via the command line (reglcnt)

Store and Forward Agent (strfwd) -
Bug 676300 - Enh: Update sfwdutil to allow for deletions using the IF node
Resolved - sfwdutil under certain circumstances can be used to edit a strfwd.ldb 

Known/Outstanding Issues:
Unable to install or patch RedHat 4.x servers to 2.3.0 or 2.3.0-3.
This will be resolved in the next Hot Fix.



Novell Privileged User Manager 2.3.0 HF2 (2.3.0-2): Released Mar 7, 2011

Fixes included in Novell Privileged User Manager 2.3.0 HF2 (2.3.0-2):

Agent Console (servers) -
Bug 672159 - Rollback to previous version, doesn't restore the Framework patch, until restart of daemon
Resolved - See TID# 7008037

Bug 670676 -Modify Host | 'Host name' should be changed to 'DNS name or IP address'
Resolved - 'Host name' changed to DNS name /IP address' in GUI

Access Control Console (access) -
Bug 657664 - Enhancement: Make the Last Logon status screen optional in the Admin console
Resolved - See TID# 7008038

Administration Manager (admin) -
Bug 648415 - Logon Successful 'Ok' button looses focus after failed login
Resolved - 'Ok' button remains focus after failed login

Bug 657005 - F1 triggers help for both PUM and IE's help while using PUM console
Resolved - F1 triggers NPUM help

Bug 657361 - Provide the ability to increase the font size in the NPUM console
Resolved - See TID# 7008039

Audit Manager (audit) -
Bug 673732 - Add debug option to sreplay
Resolved - '-D' option added to display debug output. See /opt/novell/npum/sbin/sreplay --help
Example: /opt/novell/npum/sbin/sreplay -U admin -r 2457561,cmdctrl.db -D 2>debug.log

Bug 670616 - Unable to use sreplay - Replay truncated - session end not found. Please press a key...
Resolved - See TID# 7007988

Bug 659646 - Windows audit events do not get processed for risk
Resolved - Windows audit events are processed for risk

Bug 664610 - Compliance Auditor replicates CommandRisk events unnecessarily
Resolved - Disabled replication of unnecessary tables, cutting down on unnecessary secaudit,replUpdates

Access Manager (auth) -
Bug 657664 - Enhancement: Make the Last Logon status screen optional in the Admin console
Resolved - See TID# 7008038

Command Control Agent (rexec) -
Bug 602488 - Enhancement: Use 127.0.0.1 instead of registered address for local npum connections
Resolved - See TID# 7008045

Bug 668985 - Audit, Password Filter not working on AIX agent with cpcksh shell
Resolved - See TID# 7008057

Bug 655325 - Output of 'who -Rm' on HP-UX agents truncate the domain portion of the hostname
Resolved - See TID# 7007513

Bug 670932 - "man" command fails to run under Enhanced Access Control (EAC) as normal user.
Resolved - See TID# 7008058

Bug 667638 - The uscp man page points to the udsh man page
Resolved - Updated uscp man page

Command Control Console (cmdctrl) -
Bug 656879 - NPUM 2.3.0 Upgrade: 'No module available' when Privileged Credential Manager is not installed
Resolved - See TID# 7007496

Bug 654940 - Enhancement: Truncate Stdout script enhancements
Resolved - See TID# 7008059

Bug 654916 - Truncate stdin/stdout/stderr has typo's causing script to fail
Resolved - See TID# 7008059

Command Control Manager (cmdctrl) -
Bug 668418 - Rule corruption when 'Transactions' are enabled in Command Control
Resolved - See TID# 7007742

RDP Session Console (rdprelay) -
Bug 662239 - Allow the size of the RDP relay ActiveX component to be controlled
Resolved - The rdprelay console includes a combo box that allows for resizing of the page

Registry Agent (regclnt) - 
Bug 670676 - Modify Host | 'Host name' should be changed to 'DNS name or IP address'
Resolved - 'Host name' changed to DNS name /IP address' in GUI

Registry Manager (registry) -
Corrections for Revision numbers in build

Command Reporting Console (report_command) -
Bug 665557 - Reporting: Add 'optional column' of Log file on Filter tab
Resolved - Optional column of 'Database' -enabled via Filter Tab by checking 'Database Name'

Compliance Auditor (secaudit) -
Bug 664610 - Compliance Auditor replicates CommandRisk events unnecessarily
Resolved - Disabled replication of unnecessary tables, cutting down on unnecessary secaudit,replUpdates

SSH Relay Agent (sshrelay) -
Bug 667632 - SSH Relay does not record the correct session duration
Resolved - SSH Replay records correct session duration

Store and Forward Agent (strfwd) -
Corrections for Revision numbers in build

Framework Patch (spf) -
Bug 664610 - Compliance Auditor replicates CommandRisk events unnecessarily
Resolved - Disabled replication of unnecessary tables, cutting down on unnecessary secaudit,replUpdates

Bug 602488 - Enhancement: Use 127.0.0.1 instead of registered address for local npum connections
Resolved - See TID# 7008045

SLES rpm specific fixes
Bug 650115 - SLES RPM installation of manager shows few things as Done without showing an attached message of what is done
Resolved - RPM shows appropriate messages when done



Novell Privileged User Manager 2.3.0 HF1 (2.3.0-1): Released Jan 6, 2011

Fixes included in Novell Privileged User Manager 2.3.0-1 (Hot Fix 1): 

Command Control Agent (rexec)
Administration Manager (admin)
Registry Agent (registry)
LDAP Credential Agent (ldapagnt)
Privileged Credential Manager (prvcrdvlt)
Command Control Manager (cmdctrl)
Bug 659965 - Old packages in 2.3.0 release for AIX 5.1, HPUX hppa 11 and TRU64 5
Resolved - Latest updates included in 2.3.0-1 release

SSH Relay Agent (sshagnt)
Bug 658851 - ssh relay fails if 'AND' user condition is added
Resolved - SSH Relay works with AND user condition


Novell Privileged User Manager 2.3.0: Released 13 Dec 2010

New features included in Novell Privileged User Manager 2.3.0: 

Secure Shell Relay (SSH Relay) - SSH Relay provides the ability to access privileged accounts using a standard SSH client. This feature provides the ability to access Privileged User Manager functionality without a PUM agent on the target host. SSH Relay allows users to connect to a remote host using secure shell without knowing the privileged account credentials such as password or identity certificate of the user.

Remote Desktop Protocol Relay (RDP Relay) - The RDP Relay feature offers Single Sign-on capability and remote access to desktops through a secured connection. In a privileged session, an administrator user who is allowed to access various devices can sign on to many managed devices from a single workstation without knowing the authentication passwords of those devices. In addition, the user can remotely view the desktops of the managed devices and work on them.

External LDAP Group Lookup - The External LDAP Group lookup feature can be used to retrieve LDAP group membership information for a user stored in external LDAP directories, such as Novell eDirectory or Microsoft Active Directory. The information fetched can be used to perform external group matching in rules.


Fixes included in Novell Privileged User Manager 2.3.0: 

* Bug 581384 - Command Control Backup minor enhancements
- Resolved: Backup's are sorted by date

* Bug 616349 - /etc/init.d/npum script fails after server crash
- Resolved: Verify process name with the pid listed in /opt/novell/npum/.pidfile is NPUM(unifid). If
it is, then don't start, if it isn't running, or is running and isn't NPUM, remove the pidfile, and start.

* Bug 621952 - Solaris 10: any 'usrun' that results in a coredump, it will also kill unifid
- Resolved: Added code for Solaris Process Contracts - Fixed in new Solaris installs only.  See TID# 7006452 for work around.

* Bug 624607 - All platforms now use pcksh, rpcksh and cpcksh shell
- Resolved: All platforms now use pcksh, rpcksh and cpcksh shell

* Bug 638325 - Allow cmdctrl delcfg to delete range/list of backups
- Resolved: Delete Range: opt/novell/npum/sbin/unifi -u admin cmdctrl delcfg -n 126-136
Delete list: opt/novell/npum/sbin/unifi -u admin cmdctrl delcfg -n 119,125

* Bug 649097 - With EAC script assigned, Test Suite returns 'next sibling'
- Resolved: Command Control adds a default Options node in the request if one is not supplied in the request

* Bug 649103 - Privileged User Manager Agent registration prompt can be clearer
- Resolved: Changed registration prompt to 'The DNS name or IP address of this host' and 'The registration server DNS name'

* Bug 650202 - HP-UX builds have default 666 perms in files
- Resolved: Resolved permission issues

* Bug 653283 - Change the default action to encrypt command control user input when "noecho" is selected
- Resolved: This enhancement ensures that even if the customers script do not clear sensitive data, it will not be readable in the audit database.

* Bug 654354 - uscp returns wrong return code
- Resolved: See TID# 7007512

* Bug 655490 - Error, cannot open policy: Too many open files using EAC when Solaris 10 is configured to set max file descriptors
- Resolved: See TID# 7007245

* Bug 655960 - /opt/novell/npum/service/local/regclnt/lib/SPF/regclnt/svc.pm is missing in SLES packages
- Resolved: SLES packages updated to include missing files.



Novell Privileged User Manager 2.2.2-1 (Hot Fix 1): Released Sept 20, 2010

Fixes included in Novell Privileged User Manager 2.2.2-1 (Hot Fix 1):

Command Control Console (cmdctrl) 2.2.2-1
* Bug 612465 - Generate Email Alert script is not working.
- Resolved: Updated 'Generate Email Alert' script in 'Import Samples'

Compliance Auditor Console (secaudit) 2.2.2-1
* Bug 609608 - Compliance Auditor search date oddities
- Resolved: Set the to and from dates according to the current filter

Administration Manager (admin) 2.2.2-1

* Bug 599007 - Move "Log off" to bottom option
- Resolved: Log off button moved to bottom of task menu.
- Resolved: Log off button now includes logged in username

Audit Manager (audit) 2.2.2-1
* Bug 580565 - Audit Managers create a large volume of"file-litter" under /opt/novell/npum/service/local/audit with file names such as "audit.ldb-mj5CB5BF75"
-Resolved: Audit Manager cleans up unnecessary audit.ldb-mj* files

Command Control Agent (rexec) 2.2.2-1
* Bug 591508 - EAC: syntax script argument violations shouldn't be allowed
- Resolved: Error message returned when the "usrun" is executed indicating an error in the policy.

* Bug 592199 - Wrong ELF class Error on Sparc solaris 64bit"usr/lib/secure/64/ccpreload-elf64.so: wrong ELF class: ELFCLASS64"
- Resolved: ELF class Error resolved

* Bug 607192 - ENH: Enhance sfwdutil to play back sessions pending in strfwd.ldb
- Resolved: sfwdutil to play back one session from strfwd.ldb by groupid
syntax: sfwdutil -d /tmp/strfwd.ldb -n 3520ef3b-71a3-294a-a21e-4c78fe26a9ac

Compliance Auditor (secaudit) 2.2.2-1
* Bug 631084 - secaudit.db on backup managers aren't vacuumed after an archive of Compliance records
- Resolved: Compliance Auditor vaccums (or shrinks) Primary and Backup databases on archive of records

Messaging Component (msgagnt) 2.2.2-1 
* Bug 608601 - NPUM sends invalid MIME mail when use non-English multi-byte characters in the report template
- Resolved: Uses Base64 Encoding for UTF-8 messages

Registry Manager (registry) 2.2.2-1
* Bug 620537 - Check ACL restrictions during registration
- Resolved: Apply the distrib module ACLs when performing module registration

Framework Patch (spf) 2.2.2-1



Novell Privileged User Manager 2.2.2: Released July 21, 2010

Fixes included in Novell Privileged User Manager 2.2.2: 

* Bug 576086 - PUM Syslog Emitter produces incorrect event when session not authorized
-Resolved: Does NOT generate an additional event for the Session create when session is not authorized

* Bug 599726 - NPUM's rrush restricted shell conflicts with SLES11's restricted shell mechanism
- Resolved: rush has been renamed to pcksh, crush has been renamed to cpcksh, rrush has been renamed to rpcksh in SLES specific builds.

* Bug 608727 - NPUM on SLES /bin/ls: cannot read symbolic link /proc/$$/exe: Permission denied
- Resolved: TID# 7003992

* Bug 608737 - Using rush shell on SLES, PS1 environment variable is munged: \h:\w$
- Resolved: TID# 7004288

* Bug 603287 - udsh line wraps output when told not to (with -b option)
- Resolved: TID# 7006295

* Bug 607126 - Enhanced Access Control doesnt run as non-root user. Also has problems finding the preload library on some platforms
- Resolved: EAC works with root and non-root users

* Bug 608727 - NPUM on SLES /bin/ls: cannot read symbolic link /proc/$$/exe: Permission denied
- Resolved: TID# 7003992

* Bug 619552 - NPUM's usrun fails (memory fault) in init script on RHEL after patching to 2.2.1 HF 2
- Resolved: No memory faults  when usrun is used in init scripts



Novell Privileged User Manager 2.2.1-2 (Hot Fix 2): Released March 31, 2010

Fixes included in Novell Privileged User Manager 2.2.1-2 (Hot Fix 2):

Compliance Auditor (secaudit) 2.2.1-2
* Bug 580607 Compliance Auditor: Selecting 'Authorized' hides all present records from view when logged in as a user with access to see only a certain 'audit roles'
- Resolved: Compliance Auditor now correctly retrieves filtered events.

Command Contorl Agent (rexec) 2.2.1-2
* Bug 575448 Command from /etc/profile on HP-UX Itanium B.11.23 not working with crush
- Resolved: Implement the new utmp system calls on HP-UX Itanium

* Bug 573980 rush process remains after killing ssh/telnet session
- Resolved: Ensure the rush process receives the correct HUP signal when running a child process.

Distribution Agent (distrib) and Agent Console (servers) 2.2.1-2
* Bug 584236 ENH: Ability to stop people accidentally installing manager modules
- Resolved: Added ability to restrict users to install specific modules. When a user is assigned the distrib.acl role, attempts to install modules will require the user to have the relevant distrib.Module: role, where is the package name of the module. For example, to restrict a user to managing only PUM agent packages, they would need the following roles:
+ distrib.acl
+ distrib.Module:distrib
+ distrib.Module:regclnt
+ distrib.Module:strfwd
+ distrib.Module:rexec

Audit Manager (audit) and Administration Manager (admin) 2.2.1-2
* Bug 580923 ENH: Implement multiple password filters
- Resolved: Added ability to use regular expression in password filter, allowing multiple strings to be matched

Command Control Manager (cmdctrl) and Command Control Console (cmdctrl) 2.2.1-2
* Bug 578268 ENH: Enhanced file protection and access control
- Resolved: Added Enhanced Access Control functionality which allows policies to restrict applications based upon files and directories. A sample script has been added to the PUM Command Control console (Enhanced Access Control Policy) to allow fine grained access control to be applied to a users privileged session. Full documentation for the policy is included in the sample script.

* Bug 582636 ENH: Provide the ability to use templates when setting the run user and host
- Resolved: Added ability to change the run user and host based on other attributes in
the meta data by using the ${}$ template The Run User and Run Host fields on the Modify Rule page can now use template substitution when rewriting the user. The template can use any value from the request object. For example, to rewrite the Run Host to the command the user typed, you would type ${Command.original_cmd}$ in the Run Host field.

Command Reporting Console (report_comm) 2.2.1-2
* Bug 559846 - Performance issues on large audit databases
- Resolved: Made computationally expensive columns optional for the report and improved query performance for large audit databases

Syslog Emmitter(syslog) 2.2.1-2 
* Bug 587611 - Syslog emmitter starts a session when the authorization fails
- Resolved: No session is started when authorization fails.



Novell Privileged User Manager 2.2.1-1 (Hot Fix 1): Released March 1, 2010

Fixes included in Novell Privileged User Manager 2.2.1-1 (Hot Fix 1):

Command Control Agent (rexec) 2.2.1-1
* Bug 559573 - /usr/bin/usrun[38]: Permission denied when user has more than 20 groups
-Resolved: Command control agent now uses the system defined maximum number of groups

* Bug 546476 - Running crontab -e on Solaris 9 and greater with BSM auditing enabled, cron jobs fail to run
- Added calls to register the Privileged User Manager process with BSM auditing

* Bug 536304 - Command Control agent does not support large files when running uscp
- Added large file support for uscp

* Bug 575227 - X Windows forwarding using usrun does not function on Red Hat
- Added support for non-standard paths for xauth

Command Reporting Console (report_command) 2.2.1-1
* Bug 559846 - Performance issues on large audit databases
- Added - Make computationally expensive columns optional for the report
- Improve the query performance for large audit databases

Compliance Auditor (secaudit) 2.2.1-1
* Bug 559717 - Compliance Auditor archive records failing
- Resolved: Compliance Auditor archiving now handles multiple audit records referencing the same audit event.

Framework Patch 2.2.1-1
* Bug 544362 - Audit Manager on AIX is producing SQL Errors,
- Resolved: Filesystem error synchronizing directories

* Bug 540004 - Package Manager: Unable to use Proxy host for https:/nu.novell.com/PUM/packages
- Added support for proxy HTTPS connections using HTTP Connect

Registry Manager (registry) 2.2.1-1
* Bug 575305 - Registry- Add Additional logging for invalid agent id messages
- Resolved:  Added Logging