20.02.01: Patch 1 for TrueSight Server Automation 20.02

Patch 1 is now available for TrueSight Server Automation 20.02. This topic provides the enhancements and defect fixes in the patch and instructions to download and apply the patch.

Known and corrected issues

For information about the issues corrected in this patch, see Known and corrected issues.

Enhancements

This patch provides the following enhancements:

You can now download and apply patches on CentOS systems using the out-of-the-box patching solution. For more information, see Getting started with CentOS patch analysis.

The existing patching solution that uses the Vendor Patch Content (VPC) installer is also supported.

You can now manage target servers in private networks (in on-premises or cloud environments such as AWS). For more information, see Deployments in cloud environments and Getting started with Smart Agents.

This release now supports the following new templates: CIS for RHEL 8, CIS for Oracle Linux 8, and CIS for CentOS 8

For information about downloading and importing these templates, see the following topics:

• Updating CIS for Red Hat Enterprise Linux 8 to newer benchmarks
• Updating CIS for Oracle Linux 8 to newer benchmarks
• Updating CIS for CentOS 8 to newer benchmarks

Also, updated the benchmarks for the following templates:

• CIS for Windows 2019
• DISA for Windows 2012 DC
• DISA for RHEL7
• DISA for Windows 2016

This release now supports Security Content Automation Protocol (SCAP) 1.3. For more information, see SCAP compliance analysis.

You can now use a new operations dashboard to know the overall status of jobs in your environment. For more information, see Ops dashboard.

TrueSight Server Automation upgrade using the unified product installer no longer installs or upgrades the following artifacts by default:

• Zipkit
• blcontent script
• Script to create container compliance jobs
• Quick start page

If you want to install or upgrade any of these artifacts, you can provide the appropriate parameters to the upgrade command. For more information, see the following topics:

• Walkthrough: Upgrading to the latest version for Microsoft Windows
• Walkthrough: Upgrading to the latest version for Linux
• Upgrading silently using the unified product installer
  
  

This release offers the following logging enhancements:

• Version of Log4j is updated from 1.x to Apache Log4j 2.
• Logging configuration is changed from the properties to XML format. Therefore, the configuration changes you have made in the properties files such as log4j.properties, rcp,cf, and blcli-log.cf are not retained after the upgrade.

For information about configuring the logs, see Controlling Application Server logging.

While running ACL Push jobs, you can now exclude the target servers where the File Server or Repeaters are installed. For details, see ACL Push Job - General.

On Linux systems with systemd support, the systemctl commands are now the default commands to start or stop the RSCD and Smart Agents. For details, see Starting and stopping TrueSight Server Automation components and Managing the Smart Agent.

This release now includes the job policy rules that are used to manage the following job-related parameters:

• Maximum targets that a job can run simultaneously
• Maximum targets that can be assigned to a job
• Job scheduling frequency

By default, these rules are assigned to all the user roles. For details, see Managing job policy rules.

Added support for scheduling an automatic database cleanup. For details, see Scheduling the automatic data cleanup.

You can now use the secure SMTP for a job complete notification email. For information about configuring the email settings, see Configuring a mail server.

This release offers the following REST API enhancements:

• A new version of API to retrieve the list of all patches in catalogs.
• Support for patching on SUSE systems.
• Support to select logging levels.
• Support for Remedy Single Sign-On authentication. For details, see Implementing Remedy Single Sign-On authentication.
• Support to cancel and abort Patching, Deploy, and NSH Script jobs.

For more information, see Trying out the REST APIs and REST API endpoints.

This release offers the following security enhancements:

• Enabled TLS 1.2 as a default protocol for the new installation of TrueSight Server Automation. For more information, see Configuring the TLS protocol.
• Upgraded JRE to version 1.8.0_252. 
• Added support for PBKDF2 to be used with the secure remote password (SRP) authentication. For more information, see Secure remote password authentication.
  
  

TrueSight Server Automation now supports the following operating systems and databases:

• CentOS 8
• Oracle Enterprise Linux 8
• Ubuntu 20.04
• Oracle Exadata
• Debian 9 and 10
• SQL Server 2019

For information about the modules for which this support is added and for the complete list, see Supported platforms.

Supported TrueSight Smart Reporting for Server Automation version

TrueSight Server Automation 20.02.01 supports TrueSight Smart Reporting for Server Automation version 20.02.01. If you are using TrueSight Smart Reporting for Server Automation, upgrade it to 20.02.01 prior to upgrading TrueSight Server Automation to 20.02.01. For the upgrade instructions, see Upgrading TrueSight Smart Reporting for Server Automation .

Downloading the patch

This patch includes the full installer of TrueSight Server Automation 20.02.01. For instructions, see Downloading the installation files of TrueSight Server Automation.

Applying the patch

The following table explains the various scenarios for applying the patch: