5.1.0-TIV-SCM-IF0001 November 7, 2004 -...

Tivoli® Security Compliance Manager

5.1.0-TIV-SCM-IF0001 Release Notes

Version 5.1 — 5.1.0-TIV-SCM-IF0001 — November 7, 2004

��

Tivoli® Security Compliance Manager

5.1.0-TIV-SCM-IF0001 Release Notes

Version 5.1 — 5.1.0-TIV-SCM-IF0001 — November 7, 2004

��

Note

Before using this information and the product it supports, read the information in “Notices,” on page 23.

First Edition (November 2004)

This edition applies to interim fix 5.1.0-TIV-SCM-IF0001 of version 5, release 1, modification 0 of IBM Tivoli Security

Compliance Manager (product number 5724-F82) and to all subsequent releases and modifications until otherwise

indicated in new editions.

© Copyright International Business Machines Corporation 2004. All rights reserved.

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract

with IBM Corp.

Contents

Chapter 1. 5.1.0-TIV-SCM-IF0001 overview . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2. Administration console changes . . . . . . . . . . . . . . . . . . . . 3

Client types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 3. Command changes . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Handling of special characters in options . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

scmcreatesnapshot command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

scmregisterclient command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

scmrunpolicycollectors command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

scmsuspendclient command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

scmunregisterclient command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 4. Documentation updates . . . . . . . . . . . . . . . . . . . . . . . 15

Supported operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Uninstalling components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Obtaining IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Updating clients from server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

win.any.NavV1.jar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

win.any.SnmpActiveV1.jar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 5. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Appendix. Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

© Copyright IBM Corp. 2004 iii

iv IBM Tivoli Security Compliance Manager: 5.1.0-TIV-SCM-IF0001 Release Notes

Chapter 1. 5.1.0-TIV-SCM-IF0001 overview

Interim fix 5.1.0-TIV-SCM-IF0001 for IBM® Tivoli® Security Compliance Manager

Version 5.1 provides several enhancements.

Enhancements have been made to the administration console to permit operations

to be performed on multiple collectors at a time, and to provide the ability to run

all the collectors associated with a policy on a client or client group. A snapshot

can be created for a single client or client group as well.

The data collection activity on a client or client group can be suspended using the

new scmsuspendclient command. Clients that are suspended are shown in the

administration console with different icons. Use the scmsuspendclient command to

resume data collection.

A new environment variable, SCMRMI_TIMEOUT, is provided to adjust the

amount of time that administration commands wait for a response from the server.

Additional information has been added describing the handling of special

characters, such as an ampersand (&) or forward slash (/) in command options.

© Copyright IBM Corp. 2004 1

2 IBM Tivoli Security Compliance Manager: 5.1.0-TIV-SCM-IF0001 Release Notes

Chapter 2. Administration console changes

A number of enhancements have been made to the administration console.

Client page changes

v Multiple collectors can now be selected and have operations performed on them.

v The Actions → Check client connection option can now be used on clients that

are shown as inactive. The connection checking has been enhanced to verify not

only that the server can contact the client, but also that the client can contact the

server.

v After one or more collectors are run using the Run collector option, the data

collected is immediately sent to the server and stored in the database. You no

longer need to wait for the next client/server heartbeat or use the Actions → Soft

reset request option to view the latest collected data.

v The icon for a client changes if data collection on the client has been suspended.

The icon returns to normal when data collection is resumed.

v Two new options have been added to the Policies drop-down menu. After

selecting a client or client group in the left pane, right-click on a policy. The new

Run policy collectors option causes all the collectors associated with the policy

to be run on the selected client or client group. The data collected is immediately

sent to the server and stored in the database. Similarly, the new Create Snapshot

option creates a policy snapshot for the selected client or client group.

Previously, snapshot creation could be done only from the Policies page, and

only for a client group, not a specific client.

Users/Roles page changes

The following menu options have been changed to use consistent terminology:

v Manage actions is now Manage permissions

v Manage objects is now Manage resources

Client types

Clients are of one of three types. The icon preceding the alias of the client indicates

the type of the client. When the data collection on a client is suspended, the icon

changes. The client types and their associated icons are described in Table 1.

Table 1. Client types

Client type Icon

Icon when

suspended

Description

push client

A client that permits communication with the

server to be initiated by either the client or the

server.

pull client

A client that permits communication with the

server to be initiated by only the server.


Table 1. Client types (continued)

Client type Icon

Icon when

suspended

Description

DHCP push

client

A client that has a dynamic IP address that

permits communication with the server to be

initiated by either the client or the server.

Use this option for systems using DHCP, or for

systems that frequently change their host name

or IP address.


Chapter 3. Command changes

Changes have been made to existing commands and new commands have been

added.

Timeout value increased and customizable

The amount of time that the administration console and the administration

commands wait for a response from the server has increased from 5 minutes to 30

minutes. A new environment variable, SCMRMI_TIMEOUT, is provided to

customize the value.

Changed commands

The scmcreatesnapshot command now permits you to create a snapshot for a

specific client. A new option is provided to control whether the results of a

snapshot are stored in the database.

The scmregisterclient command has a new -pull option that permits pull clients to

be registered. A new -clientport option also has been added.

New commands

The scmrunpolicycollectors command is provided to run all the collectors

associated with a policy on a specific client or client group.

The scmsuspendclient command is provided to suspend the data collection activity

on a client or client group. This command is subsequently used to resume a client

or client group that has had data collection suspended.

Handling of special characters in options

Enclose option values containing spaces in quotation marks. Some command shells

perform special processing when certain characters, such as an ampersand (&) or a

forward slash (/) are encountered in the command stream. Enclose options

containing special characters in quotation marks to ensure that they are processed

as expected by the command.

Note: On Windows® systems, the quotation mark character must be preceded by a

backslash character (\).

For example, to add a group called Windows 2000 using the scmaddgroup

command:

UNIX® and Linux™

./scmaddgroup -u admin -s myserver.mycomp.com -group "Windows 2000"

Windows

scmaddgroup -u admin -s myserver.mycomp.com -group \"Windows 2000\"

Option values that are the same as command options must be enclosed in

quotation marks. For example, to create a group called -group:

scmaddgroup -u admin -pw mypw -s a4serv.mycomp.com -group \"-group\"


Environment variables

Environment variables can be used to provide default values for options on the

administration commands.

Use the following environment variables to provide default values for some

options on the administration commands:

SCMCLI_USER

The user ID to use to authenticate with the server. Used if the –user option

is not specified on the command.

SCMCLI_PASSWORD

The password corresponding to the specified user ID. Used if the

–password option is not specified on the command. If neither the

–password option is specified or the SCMCLI_PASSWORD environment

variable is set, the user is prompted to enter the password.

SCMCLI_SERVER

The host name of the server. Used if the –server option is not specified on

the command.

SCMCLI_PORT

The port number to use to communicate to the server. Used if the –port

option is not specified on the command. If neither the –port option is

specified nor the SCMCLI_PORT environment variable is set, 1955 is used

as the port number.

SCMRMI_TIMEOUT

The amount of time to wait, in seconds, for a response from the server. If

not specified, the default value is 1800 seconds (30 minutes).

Note: On Windows systems, setting this variable as a system environment

variable also changes the amount of time that the administration

console on that system waits for a response from the server.

Options specified on the command override the setting of the corresponding

environment variable. The environment variables are used only if set.

scmcreatesnapshot command

Creates a policy snapshot and, optionally, writes the result of the snapshot to a file.

Syntax

scmcreatesnapshot {-user|-u} user_ID [{-password|-pw} password]

{-server|-s} server_name [{-port|-p} port]

{-policy|-pol} policy_name

[ [{-group|-g} group_name] |

[ {-clientid|-c} client_ID] ]

[{-file|-f} policy_snapshot_file_name]

[-nosave] [-?]

Options

–user | –u user_ID

The user ID to use to authenticate with the server.

Required option unless the SCMCLI_USER environment variable is set.


–password | –pw password

The password corresponding to the specified user ID. If no password is

specified and the SCMCLI_PASSWORD environment variable is not set,

you are prompted for the password.

–server | –s server_name

The host name of the server that is the target of the command.

Required option unless the SCMCLI_SERVER environment variable is set.

–port | –p port

The port number to use to communicate with the server. If this option is

not specified and the SCMCLI_PORT environment variable is not set, 1955

is used.

–policy | –pol policy_name

The name of the policy to use to create the snapshot. This option is

required.

–group | –g group_name

Optional. The name of the client group that the policy snapshot should be

restricted to. Cannot be specified with the –clientid parameter.

–clientid | –c client_ID

Optional. The ID of the client that the policy snapshot should be restricted

to. Cannot be specified with the –group parameter.

–file | –f policy_snapshot_file_name

Optional. The name of the file where the policy snapshot is saved.

–nosave

Optional. If specified, the results of the snapshot are not saved in the

database.

Note: If this parameter is specified without the –file parameter, no

snapshot is taken.

–? The usage statement for the command.

Notes

The results of the snapshot are saved in the database by default. Use the –nosave

and –file parameters to write the results of the snapshot to a file but not save the

results in the database. If the –nosave parameter is specified without the –file

parameter, no snapshot is taken.

Attention: A snapshot is created regardless of whether any data has been

collected. Running a snapshot against a client group that does not have

the policy added does not generate an error, but does complete

indicating no violations.

Authorization

You must have a valid administrator user ID and password on the server and must

have the required authority to perform the task.

Examples

Create a snapshot of the policy and restrict the snapshot to the data collected by

clients in the AIXEast client group:

Chapter 3. Command changes 7

scmcreatesnapshot -u becky -pw qwerty4z -s s44srv.mycomp.com -p 1955

-policy AIX2004 -group AIXEast -file AIX2004_AIXEast_20040509_snapshot.html

Create a snapshot of the policy using all collected data:

scmcreatesnapshot -u rashid -pw q9y3y42b -s scmrules.mycomp.com

-policy Windows_2000

Create a snapshot of the policy on the client with an ID of 44. In addition, save the

results of the snapshot to a file and do not save the results in the database:

scmcreatesnapshot -u woj -pw big4fun -s itscm.mycomp.com

-p 1955 -policy Windows_XP -c 44 -f winxp.htm -nosave

Return values

The following values can be returned:

0 The command completed successfully.

-1 The command failed.

scmregisterclient command

Registers one or more clients with a server.

Syntax

scmregisterclient {-user|-u} user_ID [{-password|-pw} password]


{-client|-c} client_name[{,|:}alias]

[ client_name[{,|:}alias] ]...

[{-clientport|-cp} client_port] [{-pull | -push}]

[-?]

Options











–port | –p port



is used.

–client | –c client_name [ {,|:}alias] [client_name{,|:}alias]...

The clients to be registered. The client_name is the host name or IP address

of the client to be registered and the alias is the optional client alias. If alias

is not specified, client_name is used.


–clientport | –cp client_port

The port number used by the client to communicate with the server. If this

option is not specified, 1950 is used.

–push Optional. Indicates that the clients are to be registered as push clients. If

neither this option nor the –pull option is specified, clients are registered

as push clients.

–pull Optional. Indicates that the clients are to be registered as pull clients. If

neither this option nor the –push option is specified, clients are registered

as push clients.


Authorization



Examples

v Register a push client to a server:

scmregisterclient -u a_user -pw password -s scmserver.myco.com -p 1955

-client amail422.dev.myco.com -push

v Register three push clients with aliases on a UNIX system:


-client jclam.myco.com,Jaya pcoole.nyco.com,Jose rhuen.myco.com,Rachel

v Register two push clients (with aliases with spaces in them) on a Windows

system:


-client \"zsmith.myco.com:Zachary Smith\" \"pdogh.myco.com:Pratish Dogh\"

v Register a pull client with an alias and using client port 2000:

scmregisterclient -u a_user -pw a_password -s server.myco.com -p 1955

–client theone.myco.com5:theOne –pull –clientport 2000

v Register two pull clients with aliases and using client port 2004:

scmregisterclient -u a_user -pw a_password -s server.myco.com -p 1955

–client test.myco.com:Tester nway.myco.com:NoWay –pull –cp 2004

Return values




scmrunpolicycollectors command

Runs all the collectors in the specified policy on a specific client or client group.

Syntax

scmrunpolicycollectors {-user|-u} user_ID [{-password|-pw} password]


{-policy|-pol} policy_name

{ {-clientid|-c} client_ID | {-group|-g} group_name }

[-wait] [-?]


Options











–port | –p port



is used.

–policy | –pol policy_name

The name of the policy containing the collectors that are to be run. This

option is required.


The numeric ID of the client where the collectors associated with the

specified policy are to be run. Either this option or the –group option is

required.


The name of the client group where the collectors associated with the

specified policy are to be run. Either this option or the –clientid option is

required.

–wait Optional. If specified, the command does not return until the data

associated with running the collectors has been stored in the database.


Authorization



Notes

This command is used to run all the collectors associated with a policy on the

specified client. Before running this command, ensure that the client is a member

of the specified client group, and the policy is assigned to that client group. By

default, the command returns after scheduling the collectors to be run on the

specified client or client group. Use the –wait option to cause the command to wait

until the data has been collected and stored in the database tables.

After correcting compliance issues on a client, use this command, with the –wait

option, to collect updated security compliance data for the client. After the

command completes, a snapshot can be taken to verify whether or not all issues

have been resolved.


Examples

Run all the collectors defined in the HPUX04 policy on the client with an ID of 5

and do not return until the data collected has been stored in the database tables:

scmrunpolicycollectors -u admin -pw pd4qr3yt29s -s jcas.mycom.com

-p 1955 –policy HPUX04 -clientid 5 -wait

Run all the collectors defined in the WIN2003 policy on all the clients in the

Workstation client group:

scmrunpolicycollectors -u clyde -pw ba1942xz -s scm.mycomp.com

-p 1955 –policy WIN2003 -group Workstation

Return values




scmsuspendclient command

Suspends or resumes data collection activity on a specific client or client group.

Syntax

scmsuspendclient {-user|-u} user_ID [{-password|-pw} password]


{ {-clientid|-c} client_ID | {-group|-g} group_name }

[ [-suspend [-begin yyyy/mm/dd[:hh:mm]]

[ [-until yyyy/mm/dd[:hh:mm]] |

[-length duration_in_minutes] ] ]

| [-resume] ] [-?]

Options











–port | –p port



is used.


The numeric ID of the client that is to be suspended or resumed. Either

this option or the –group option is required.



The name of the client group that is to be suspended or resumed. Either

this option or the –clientid option is required.

–suspend

Optional. Causes the data collection on the specified client or client group

to be suspended. The start and end times of the suspension are specified

using the –begin, –length, and –until options. Cannot be specified with the

–resume option.

–begin yyyy/mm/dd[:hh:mm]

Optional. Indicates the date, and optionally the time, when the data

collection on the affected clients is to be suspended. If time is omitted, then

midnight (00:00) is assumed. If this option is not specified, data collection

is suspended immediately.

–until yyyy/mm/dd[:hh:mm]

Optional. Indicates the date, and optionally the time, when the data

collection on the affected clients is to resume. If time is omitted, then

midnight (00:00) is assumed. If neither this option nor the –length option is

specified, data collection is suspended until explicitly resumed using the

scmsuspendclient command with the –resume option.

–length duration_in_minutes

Optional. Indicates the length of time, in minutes, that the affected clients

are to be suspended. After the time elapses, the affected clients are

resumed.

–resume

Optional. If specified, resumes the data collection on the specified client or

client group. Cannot be specified with the –suspend option.


Authorization



Notes

If neither the –suspend or the –resume option is specified, the default action is to

suspend the specified client or client group.

Only one suspend and resume request can be scheduled at a time for a client. If a

client is currently active and is scheduled to be suspended, making another

suspend request replaces the one that is currently scheduled. After a client has

been suspended, other requests to suspend the client are rejected. Similarly, if a

client is currently suspended and is scheduled to be resumed, another resume

request replaces the one that is currently scheduled.

Examples

Suspend the data collection on a particular client immediately. The client remains

suspended until resumed.

scmsuspendclient -u admin -pw pd4qr3yt29s -s jcas.mycom.com

-p 1955 –clientid 55 -suspend

Resume the data collection on the specified client.


scmsuspendclient -u admin -pw pd4qr3yt29s -s jcas.mycom.com

-p 1955 –clientid 55 -resume

Suspend the data collection on a client starting on April 1, 2005 at midnight:

scmsuspendclient -u clyde -pw bonnie1 -s scm.mycomp.com

-clientid 41 -suspend -begin 2005/04/01

Suspend the data collection on all clients in client group WindowsXP for 30

minutes, starting immediately:

scmsuspendclient -u bonnie -pw clyde1 -s scm.mycomp.com

-group WindowsXP -suspend -length 30

Suspend the data collection on all clients in client group Accounts until 8:00 a.m.

on January 3, 2005:


-group Accounts -suspend -until 2005/01/03:08:00

Suspend the data collection on all clients in client group Tax2004 from 4:30 p.m.

until 6:30 p.m. on Friday, April 15, 2005:


-group Tax2004 -suspend -begin 2005/04/15:16:30 -length 120

Return values




scmunregisterclient command

Unregisters one or more clients from a server.

Syntax

scmunregisterclient {-user|-u} user_ID [{-password|-pw} password]


{-clientid|-c} client_ID [client_ID]... [-?]

Options












–port | –p port



is used.

–clientid | –c client_ID [client_ID... ]

The numeric IDs of the clients to be unregistered.


Authorization



Examples

Remove a client from a server:

scmunregisterclient -u a_user -pw password -s jacserver.mycomp.com -p 1955

-clientid 425

Return values





Chapter 4. Documentation updates

Several problems in the documentation have been corrected.

Supported operating systems

The list of supported operating systems in IBM Tivoli Security Compliance Manager

Installation Guide has been updated to reflect that no specific patch or maintenance

level is required.

The following tables list the supported operating systems for the Tivoli Security

Compliance Manager server, client, collectors, and administration utilities. No

specific patch or maintenance level is required for any operating system. However,

keeping installed systems at the most current patch or maintenance level helps to

ensure that known security vulnerabilities in the operating system are corrected.

Table 2. Server

Operating system Level

IBM AIX® 5.1

IBM AIX 5.2

IBM AIX 5.3

Microsoft® Windows 2000 Server

Sun Solaris Operating Environment 2.8


SUSE Linux Enterprise Server 8

Table 3. Clients, collectors, and proxy relay


IBM AIX 5.1

IBM AIX 5.2

IBM AIX 5.3

HP-UX 11.0

HP-UX 11i

Red Hat Linux for Intel™ IA32 and xSeries® 6.2

Red Hat Linux for Intel IA32 and xSeries 7.0











Table 3. Clients, collectors, and proxy relay (continued)


Microsoft Windows NT® 4.0 Server

Microsoft Windows NT 4.0 Workstation

Microsoft Windows 2000 Server

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Professional

Microsoft Windows XP Professional

Microsoft Windows 2003 Server Standard Edition and

Enterprise Edition

Red Hat Enterprise Linux for Intel IA32 and xSeries 2.1

Red Hat Enterprise Linux Advanced Server for Intel IA32

and xSeries

3.0 (see note below)

Red Hat Enterprise Linux for zSeries® 3.0

Red Hat Enterprise Linux for iSeries™ or pSeries® 3.0

Red Hat Enterprise Linux for zSeries 7.2

Red Hat Enterprise Linux Advanced Server 2.1

SUSE LINUX 7.0

SUSE LINUX Enterprise Server 8

SUSE LINUX Enterprise Server for zSeries 8

SUSE LINUX Enterprise Server for iSeries or pSeries 8

Note: The Red Hat Enterprise Linux Advanced Server 3.0 platform can only be

installed using the console mode on Japanese language systems.

Table 4. Administration console




Table 5. Administration command line interface


IBM AIX 5.1

IBM AIX 5.2

IBM AIX 5.3


Microsoft Windows 2000 Server

Microsoft Windows 2000 Advanced Server




HP-UX 11

HP-UX 11i


Table 5. Administration command line interface (continued)


SUSE LINUX Enterprise Server 8

Red Hat Linux for Intel IA32 and xSeries 9

Red Hat Enterprise Linux Advanced Server for Intel IA32 and

xSeries

3.0

Red Hat Enterprise Linux for iSeries or pSeries 3.0

SUSE LINUX Enterprise Server for iSeries or pSeries 8

Uninstalling components

Additional information on uninstalling IBM Tivoli Security Compliance Manager

components on Microsoft Windows systems is provided.

On Microsoft Windows systems, do not use the Add/Remove Programs option

from the Control Panel to uninstall components of Tivoli Security Compliance

Manager. That option does not completely remove the product from the system,

and might leave one or more components listed as Windows services. Instead, use

the procedure described in the section entitled ″Uninstalling Tivoli Security

Compliance Manager″ in the IBM Tivoli Security Compliance Manager Installation

Guide.

Obtaining IBM HTTP Server

Information on obtaining IBM HTTP Server for use with the IBM Tivoli Security

Compliance Manager Operational Reports.

In the ″Operational Reports″ section of the IBM Tivoli Security Compliance Manager

Release Notes, the procedure mentions that the IBM HTTP Server Version 1.x is

required but that it is not provided. To obtain IBM HTTP Server Version 1.x, go to:

http://www14.software.ibm.com/webapp/download/preconfig.jsp?id=2

Updating clients from server

An additional step might be needed before updating clients automatically from a

server running on a UNIX or Linux system.

The client software running on client systems can be updated automatically from

the server using the Server page of the administration console. On UNIX and

Linux systems, if a client update JAR file is already in use, you must ensure that

the permissions on the file permit the server to replace the file. If the file

ownership or permissions are not set correctly, an error might occur when you

attempt to replace the JAR file from the administration console.

This problem usually occurs after installing an interim fix or patch, where the JAR

file might have been installed by the root user with file permissions of 755. To

correct the problem, change the owner of the file to be the scmsrver user ID in the

scmsrver group. Alternately, the permissions on the JAR file can be set to 777, but

this permits any user to change the file. After correcting the problem, click Update

client code again to replace the file.

Chapter 4. Documentation updates 17

http://www14.software.ibm.com/webapp/download/preconfig.jsp?id=2

win.any.NavV1.jar

Collects information about Norton and Symantec AntiVirus Corporate Edition

software running on Windows systems. This information replaces the description

in the IBM Tivoli Security Compliance Manager Collector and Message Reference.

Tables

WIN_NAV_V1

Table 6. Column information for WIN_NAV_V1

Column Name Description Type (size)

NAV_CLIENT_VERSION The version of the Norton AntiVirus client. VARCHAR (50)

LIVE_UPDATE_TIME The time when virus definition Live Update occurs in

hh:mm format. If no Live Update is scheduled or if the

information is not available, null is returned.

VARCHAR (5)

LIVE_UPDATE_DAY_OF_WEEK The day of the week when the virus definitions are

updated, in the range 0 to 6, where 0 represents

Sunday. If no live update is scheduled or if the


INTEGER

LIVE_UPDATE_DATE_OF_MONTH The day of the month when the Live Update is

performed. If no live update is scheduled or if the


INTEGER

LAST_VIRUS_DEFN_UPDATE The time and date of the virus definition file. If the


TIMESTAMP

LAST_SCAN_DATE The time and date of the last virus scan. If the


TIMESTAMP

Parameters

None.

Notes

The values returned for each column are obtained from Windows registry keys.

Unless otherwise noted, the specified keys are used for all versions of the Norton

AntiVirus software.

Field Registry Keys

NAV_CLIENT_VERSION

InstallDir value of

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton AntiVirus

NT\Install and from

KEY_LOCAL_MACHINE\SOFTWARE\INTEL\DLLUsage\VP6

LIVE_UPDATE_TIME, LIVE_UPDATE_DAY_OF_WEEK,

LIVE_UPDATE_DATE_OF_MONTH

Type value of HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\

LANDesk\VirusProtect6\CurrentVersion\PatternManager\Schedule

LAST_VIRUS_DEFN_UPDATE

Version 5.x

SystemTime value of


HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton

Antivirus\Virus Defs\LastUpdate

All other versions

PatternFileDate value of

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\

LANDesk\VirusProtect6\CurrentVersion

LAST_SCAN_DATE

Version 5.x

SystemTime value of

HKEY_LOCAL_MACHINE\Software\Symantec\Norton

Antivirus\LastScan

All other versions

TimeOfLastScan value of

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\

LANDesk\VirusProtect6\CurrentVersion

The weekly update information is not available on Microsoft Windows NT 4.0

systems. This collector returns null in the LAST_VIRUS_DEFN_UPDATE and

LAST_SCAN_DATE fields either when the registry key does not exist or the value

for the field does not exist in the registry key.

The collector can obtain information from supported versions of Norton AntiVirus

Corporate Edition software up to Version 7.x, and Version 8.x of the Symantec

AntiVirus Corporation Edition software.

Error messages

v HCVHC0000E

v HCVHC0012E

v HCVHC0013E

v HCVHC0016E

v HCVHC0017E

v HCVHC0025E

v HCVWA0100W

v HCVWA0101W

v HCVWA0102W

v HCVWU0003E

v HCVWU0004E

v HCVWU0005E

v HCVWU0006E

v HCVWU0007E

v HCVWU0008E

v HCVWU0009E

win.any.SnmpActiveV1.jar

Returns indication of the existence of public and private SNMP Registry subkeys.

This information replaces the description in the IBM Tivoli Security Compliance

Manager Collector and Message Reference.

Chapter 4. Documentation updates 19

Tables

WIN_SNMP_V1

Table 7. Column information for WIN_SNMP_V1

Column Name Description Type (size)

PUBLIC_EXIST A Boolean flag indicating that the SNMP Public key

exists.

SMALLINT

PRIVATE_EXIST A Boolean flag indicating that the SNMP Private key

exists.

SMALLINT

Parameters

None.

Notes

The collector examines the

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SNMP\\

Parameters\\ValidCommunities registry key to obtain Simple Network

Management Protocol (SNMP) community information. If the registry key does not

exist, no SNMP communities exist and an empty row of headers is returned. If the

registry key exists, the fields are set based on the type of communities defined.

Error messages

v HCVHC0000E

v HCVWA0170W


Chapter 5. Troubleshooting

Additional information on diagnosing problems with IBM Tivoli Security

Compliance Manager.

Server and client connectivity

Connectivity between the server and a client can be tested from the Clients page of

the administration console. To verify that the server can communicate with the

client and that the client can communicate with the server, select the client and

then click Actions → Check client connection. This option is available for any

client registered on the server. The response from this operation can be used to

help diagnose connectivity problems. See Table 8 for possible responses and

suggested actions.

Table 8. Check client connection responses

Response from operation Meaning and corrective actions

Client id nnn response indicates it is suspended. The client has been suspended using the

scmsuspendclient command. Retry the operation after

the client has been resumed.

Client id nnn response indicates it cannot connect

to the server.

The server was able to contact the client, but the client

cannot communicate with the server. Verify that the port

and server names in the client.pref file are correct. Verify

that network connectivity exists between the client and

the server, and that any firewalls between the client and

server are properly configured to permit network

communication on the specified ports.

Client id nnn response indicates it cannot connect

to the server. The client encountered the following

error when attempting to connect to the server:

exception-message

The server was able to communicate with the client, but

an exception occurred when the client attempted to

communicate with the server. Review the error and trace

logs on the client and the server to determine the cause

of the exception and correct the problem.

AccountingServer (ID=nnn) -

com.ibm.jac.JACException: Error connecting to

client: Connection refused: connect

The server was able to communicate with the client

system, but the client is not running. Start the client and

try the operation again.

AccountingServer (ID=nnn) -

com.ibm.jac.JACException: Error connecting to

client: Operation timed out: connect

The server was unable to communicate with the client

system. Verify that the correct host name and IP address

are specified for the client. Verify that the client type and

port number are correct on the server. Verify that the

server name and port number in the client.pref file on

the client are correct. Verify that any firewalls between

the server and the client are properly configured to

permit network communication on the specified ports.



Appendix. Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in

other countries. Consult your local IBM representative for information on the

products and services currently available in your area. Any reference to an IBM

product, program, or service is not intended to state or imply that only that IBM

product, program, or service may be used. Any functionally equivalent product,

program, or service that does not infringe any IBM intellectual property right may

be used instead. However, it is the user’s responsibility to evaluate and verify the

operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter

described in this document. The furnishing of this document does not give you

any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing

IBM Corporation

500 Columbus Avenue

Thornwood, NY 10594

U.S.A

For license inquiries regarding double-byte (DBCS) information, contact the IBM

Intellectual Property Department in your country or send inquiries, in writing, to:

IBM World Trade Asia Corporation

Licensing

2-31 Roppongi 3-chome, Minato-ku

Tokyo 106, Japan

The following paragraph does not apply to the United Kingdom or any other

country where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER

EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS

FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or

implied warranties in certain transactions, therefore, this statement may not apply

to you.

This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be

incorporated in new editions of the publication. IBM may make improvements

and/or changes in the product(s) and/or the program(s) described in this

publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for

convenience only and do not in any manner serve as an endorsement of those Web

sites. The materials at those Web sites are not part of the materials for this IBM

product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it

believes appropriate without incurring any obligation to you.


Licensees of this program who wish to have information about it for the purpose

of enabling: (i) the exchange of information between independently created

programs and other programs (including this one) and (ii) the mutual use of the

information which has been exchanged, should contact:

IBM Corporation

2Z4A/101

11400 Burnet Road

Austin, TX 78758

USA

Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.

The licensed program described in this information and all licensed material

available for it are provided by IBM under terms of the IBM Customer Agreement,

IBM International Program License Agreement, or any equivalent agreement

between us.

Customers are responsible for ensuring their own compliance with various laws

such as the Graham-Leach-Bliley Act, the Sarbanes-Oxley Act, and the Health

Insurance Portability and Accountability Act. It is the customer’s sole responsibility

to obtain advice of competent legal counsel as to the identification and

interpretation of any relevant laws that may affect the customer’s business and any

actions the customer may need to take to comply with such laws. IBM does not

provide legal, accounting or auditing advice, or represent or warrant that its

products or services will ensure that customer is in compliance with any law.

Any performance data contained herein was determined in a controlled

environment. Therefore, the results obtained in other operating environments may

vary significantly. Some measurements may have been made on development-level

systems and there is no guarantee that these measurements will be the same on

generally available systems. Furthermore, some measurement may have been

estimated through extrapolation. Actual results may vary. Users of this document

should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.

IBM has not tested those products and cannot confirm the accuracy of

performance, compatibility or any other claims related to non-IBM products.

Questions on the capabilities of non-IBM products should be addressed to the

suppliers of those products.

All statements regarding IBM’s future direction or intent are subject to change or

withdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily business

operations. To illustrate them as completely as possible, the examples include the

names of individuals, companies, brands, and products. All of these names are

fictitious and any similarity to the names and addresses used by an actual business

enterprise is entirely coincidental.

If you are viewing this information softcopy, the photographs and color

illustrations may not appear.


Trademarks

The following terms are trademarks or registered trademarks of International

Business Machines Corporation in the United States, other countries, or both:

AIX

DB2

DB2 Universal Database

IBM

IBM logo

iSeries

pSeries

Tivoli

Tivoli logo

xSeries

zSeries

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of

Microsoft Corporation in the United States, other countries, or both.

Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation

in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks or registered

trademarks of Sun Microsystems, Inc. in the United States and other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, or

both.

UNIX is a registered trademark of The Open Group in the United States and other

countries.

Other company, product, and service names may be trademarks or service marks

of others.

Appendix. Notices 25


��

Printed in USA

Date post:	01-Apr-2018
Category:	Documents
Upload:	doanhanh
View:	223 times
Download:	3 times

5.1.0-TIV-SCM-IF0001 November 7, 2004 -...

Documents