Release Notes

BMC PATROL SecurityVersion: 3.0.15Component: Extended Security System 3.0.15May 03, 2011

BMC software is releasing version 3.0.15 of the BMC PATROL Security product. These release notes provide information about the enhancements and resolved problems in this version. This information supplements and supersedes information in the BMC PATROL Security User Guide.

What’s new in BMC PATROL Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Support for Internet Protocol version 6 (IPv6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Upgrade of OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Operating system support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Known issues and workarounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Installation information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Overwriting existing security content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Migrating your customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Support for BMC PATROL Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Levels of support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Product documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Where to view the latest product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5How to obtain the product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Customer support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Third-party product terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6OpenSSL License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Original SSLeay License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Frank Cusack License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

NOTE Before you install the product, check the Customer Support website at http://www.bmc.com/support for updated information about this version. Flashes, technical bulletins, and resolutions on the site contain details about any fixes that were issued for this version after its release.

*202491**202491*

*202491*

What’s new in BMC PATROL Security

What’s new in BMC PATROL SecurityBMC PATROL Security has been enhanced with the following new features.

Support for Internet Protocol version 6 (IPv6)

This release of BMC PATROL Security now supports native IPv6 servers.

Upgrade of OpenSSL

With this release, the version of OpenSSL used by BMC PATROL Security has been upgraded to version OpenSSL 0-9-8i.

Operating system supportBMC PATROL Security now supports the following operating systems:

■ Red Hat Enterprise Linux® 5.6 (x86-64)■ Red Hat Enterprise Linux 6.0 (x86-64)■ IBM® AIX® 7.1

2 Release Notes May 03, 2011

Known issues and workarounds

Known issues and workaroundsThe following issues remain open in this release. If a tracking ID has been assigned, it is provided.

yy

Table 1 Known issues and workarounds

Tracking ID Issue

QM001528592 When running at PATROL Security level 3 or 4 in attended mode on some versions of UNIX®, such as Red Hat Enterprise Linux 3.0 and IBM AIX 5.3, PATROL console 3.x cannot be started as a background process.

The problem occurs when a process running in the background, such as the PATROL console, invokes the standard input-based passworddialogascii prompter. You cannot access the prompter.

Workaround: To allow for an interactive password entry during initialization of the PATROL console at security level 3 or 4, start the process in the foreground and then force the process to run in the background, if you want to. This workaround implies that PATROL applications on these platforms at levels 3 and 4 should be invoked from the command line rather than from the PATROL script.

An alternative workaround requires that you place the password in the security policy and run in unattended mode.

QM001613509 You cannot use the bmckeycli utility to generate the DSA key pair with the selectable character key length of 512 or 1024.

none If the User Account Control (UAC) feature is enabled on Microsoft Windows Vista or Microsoft Windows Server 2008, you cannot view the output after executing certain Enterprise Security Station (ESS) binaries at the command prompt.

Workaround: To view the results, run the command prompt as an Administrator.

BMC PATROL Security version 3.0.15 3

Installation information

Installation informationThis section contains installation information that supplements information in the BMC PATROL Security User Guide.

Overwriting existing security content

When you upgrade to version 3.0.15, you can select the Overwrite check box to overwrite existing security content and configuration. However, this option replaces the security content in the keys directory with the BMC default security content. Therefore, you lose any custom security content, such as acquired Certificate Authority certificates, updated key databases, custom-generated key pairs and certificates, and modifications to policies.

For more information about using the Overwrite option, see the BMC PATROL Security User Guide.

Migrating your customizations

The migration process preserves your security-content customizations, such as key databases, acquired key pairs, unattended passwords, and other aspects, and transfers them from the ESS 2.0 policy to the ESS 3.0 policy. For information about migrating your customizations, see the BMC PATROL Security User Guide.

Support for BMC PATROL SecurityThis section provides information about

■ support for BMC PATROL Security■ documents that support the product■ how to obtain the latest information about the product■ how to obtain the product■ how to contact Customer Support

WARNING BMC does not recommend overwriting the existing security content and configuration.

4 Release Notes May 03, 2011

Levels of support

Levels of support

BMC supports the following product versions and releases:

For information about the latest support policies, see the Customer Support website at http://www.bmc.com/support.

Product documents

The BMC PATROL Security Getting Started Guide supports the product.

To view the latest BMC documents, see the Customer Support website at http://www.bmc.com/support. Notices, such as flashes, technical bulletins, and release notes, are available on the website. You can subscribe to proactive alerts to receive e-mail messages when notices are issued or updated. For more information about proactive alerts, see the Customer Support website.

Where to view the latest product information

Information about BMC PATROL Security is available from the BMC Performance Manager Portal, BMC Performance Manager Servers for Windows, and BMC Performance Manager Servers for UNIX customer support pages on the Customer support website at http://www.bmc.com/support.

From the Customer Support site, you can perform several tasks, including

■ viewing the latest product documentation (manuals, release notes, flashes, technical bulletins, online Help, and parameter information)

■ subscribing to proactive alerts to receive e-mail messages that inform you of new release notes, flashes, and technical bulletins for your products

Product name and version Level of support

BMC PATROL Security 3.0.15 Full

BMC PATROL Security 3.0.14 Full

BMC PATROL Security 3.0.xx Limited

TIP If you do not already have a user name and password that allow you to fully access the Customer Support site, you can register for a user name and password on the site.

BMC PATROL Security version 3.0.15 5

How to obtain the product

■ searching for existing product resolutions and frequently asked questions (FAQs)

How to obtain the product

BMC PATROL Security is packaged with the BMC Performance Manager Portal solution. This solution is available from the BMC Electronic Product (EPD) website at http://webapps.bmc.com/epd.

You can obtain the product in the following ways:

■ To download the product or to upgrade to the latest version, download it from the EPD site. Use the user name and password that your BMC sales representative gave you.

■ If you do not have a current license for the product or if you cannot download the product and require a kit, contact a BMC sales representative by calling 800 793 4262.

Customer support

If you have problems with or questions about a BMC product, see the Customer Support website at http://www.bmc.com/support. You can view or download product documents, find answers to frequently asked questions, and download products and maintenance. If you do not have access to the web and you are in the United States or Canada, contact Customer Support at 800 537 1813. Outside the United States or Canada, contact your local BMC office or agent.

Third-party product termsThe following terms apply to third-party products that are included with or in a BMC Software product as described in the BMC Software, Inc., License Agreement that is applicable to the product.

OpenSSL License

Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

6 Release Notes May 03, 2011

Original SSLeay License

3. All advertising materials mentioning features or use of this software must display the following acknowledgment:

“This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)”

4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

====================================================================

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License

Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

“This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)” The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related:-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: “This product includes software written by Tim Hudson (tjh@cryptsoft.com)”

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Frank Cusack License

Copyright (c) Frank Cusack, 1999-2000. fcusack@fcusack.com All rights reserved

BMC PATROL Security version 3.0.15 7

Frank Cusack License

1. Redistributions of source code must retain the above copyright notice, and the entire permission notice in its entirety, including the disclaimer of warranties.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

© Copyright 2011 BMC Software, Inc.

AIX and IBM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.

Linux is the registered trademark of Linus Torvalds.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

UNIX is the registered trademark of The Open Group in the US and other countries.

The information included in this documentation is the proprietary and confidential information of BMC Software, Inc., its affiliates, or licensors. Your use of this information is subject to the terms and conditions of the applicable End User License agreement for the product and to the proprietary and restricted rights notices included in the product documentation.

BMC SOFTWARE INC2101 CITYWEST BLVD, HOUSTON TX 77042-2827, USA• 713 918 8800Customer Support: 800 537 1813 (United States and Canada) or contact your local support center

8 Release Notes May 03, 2011