Updates included in Service Pack 2
BMC BladeLogic Decision Support for Server Automation version 8.2 SP2 provides the updates described in the following sections:
- Support for Active Directory
- Support for Public Key Infrastructure (PKI)
- New versions for Apache web server and OpenSSL
- Security enhancements for Apache web server
- New query subjects and query items
- Change in depot folder name for Report Scripts
- Updates in the Report Authoring Guide
Support for Active Directory
BMC BladeLogic Decision Support for Server Automation supported Active Directory for the 8.1.x versions. However, support for Active Directory was removed in versions 8.2.00 and 8.2.01. From version 8.2.02, BMC BladeLogic Decision Support for Server Automation again provides support for Active Directory and you can see Active Directory data in the reports.
Support for Public Key Infrastructure (PKI)
BMC BladeLogic Decision Support for Server Automation now provides support for PKI.
To configure the product to use PKI, perform the following steps:
- Configure the Web Server to use the HTTPS protocol.
- Navigate to the REPORTS_HOME/webserver/conf/extra folder.
Open the httpd-ssl.conf file and remove commenting before the following tags:
SSLVerifyClient require
SSLVerifyDepth 10Add the following tags to the http-ssl.conffile:
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
SSLUserName SSL_CLIENT_S_DN_CN
RequestHeader add X-Forwarded-User %{REMOTE_USER}e
</FilesMatch>
<Directory "/usr/local/bmc/reports/webserver/cgi-bin">
SSLOptions +StdEnvVars +ExportCertData
SSLUserName SSL_CLIENT_S_DN_CN
RequestHeader add X-Forwarded-User %{REMOTE_USER}e
</Directory>- Generate the dod-root-certs.pem file and copy it to the REPORTS_HOME/webserver/conf folder.
- Modify the Certificate Authority section in the httpd-ssl.conf file to include the path for the dod-root-certs.pem file.
- Generate the dod-root.jks file and copy it to the REPORTS_HOME/br folder.
- Access the Application Server Administration console:
- Microsoft Windows:REPORTS_HOME\bin
- UNIX: REPORTS_HOME/br
Run the following commands:
Blasadmin –a set set Pki TruststorePass password
Blasadmin –a set Pki TruststorePath DoDRoot.jks
Blasadmin –a set Pki TruststoreType JKS
Blasadmin –a set Pki UseCommon true- Restart the Apache Web Server.
- Restart the Authentication and Cognos services.
New versions for Apache web server and OpenSSL
BMC BladeLogic Decision Support for Server Automation now uses Apache web server version 2.2.22 and OpenSSL version 0.9.8r.
Security enhancements for Apache web server
The following security related enhancements have been made in BMC BladeLogic Decision Support for Server Automation:
- The product upgrade now takes a backup of the existing HTTP configuration files by renaming the existing files with a .bak extension appended.
- The HTTP trace method is disabled for the default Apache web server configuration.
- The Options directive for the Apache web server is set to None for security purposes.
- The limitexcept directive for the Apache web server is set to allow only the GET, HEAD, and POST HTTP request methods.
- To prevent clients from modifying unauthorized files on the web server, the Web-based Distributed Authoring and Versioning (WebDAV) feature of the Apache web server is disabled.
- The bundled Apache web server now supports the TLSv1 SSL protocol.
- The Apache web server now has minimal statically linked modules.
New query subjects and query items
The following sections list the new query subjects and query items that are added to various domains.
New query subject and query items in the Compliance domain
The Compliance Server Result query subject, consisting of the following query items, is added to the Compliance domain folder:
Query item | Description |
|---|---|
Rules Checked | Displays the number of rules checked for a server for a policy in a job run. |
Rules Compliant | Displays the number of rules compliant for a server for a policy in a job run. |
Rules Compliant With Exception | Displays the number of rules compliant with exception for a server for a policy in a job run. |
Rules Non Compliant | Displays the number of non compliant rules for a server for a policy in a job run. |
Rules Unknown | Displays the number of rules unknown for a server for a policy in a job run. |
% Compliance | Displays % compliance as a ratio of compliant to rules checked for a server for a policy in a job run. Aggregation rule is AVG. |
Server Is compliant | Displays 1 if server is compliant for a policy in a job run. |
Server Is Non Compliant | Displays 1 if server is non compliant for a policy in a job run. |
Server Is Unknown | Displays 1 if server has all its rules indeterminate for a policy in a job run. |
New query subject and query items in the Audit domain
The Audit Server Result query subject, consisting of the following query items, is added to the Audit domain folder:
Query item | Description |
|---|---|
Total On source | Displays the number of items on source against which an Audit Job is run. |
Extra On Target | Displays the number of items found extra on a target. |
Changed On Target | Displays the number of items changed on a target |
Missing On Target | Displays the number of items missing on a target. |
Total Differences | Displays the total differences found on a target. |
% Audit Compliance | Displays the % audit compliance for a server in a run calculated as 100 - ( Total differences*100/( Total on source+ Extra on Target)). |
Server Is Compliant | Displays 1 if there are no differences found in audit. |
Server Is Non Compliant | Displays 1 if there are differences found in audit. |
Server Unknown/Error | Displays 1 if there were errors in audit. |
New query items in the Patch domain
In the Patch domain folder, the Patch Analysis Result query subject now includes the following query items:
Query item | Description |
|---|---|
Compliant Server Count | Displays the number of compliant servers (Server count on which missing patches are 0 (zero). |
Non Compliant Server Count | Displays the number of non-compliant servers (Server count on which missing patches are > 0 (zero). |
New query item and filter in the Inventory domain
In the Inventory domain folder, the following query item is added to the Local Users query subject (under Windows folder):
Query item | Description |
|---|---|
Member Of (Groups) | Displays the groups, which a user belongs to. |
In the Inventory domain folder, a new Show Latest Server Attributes filter is added. This filter allows you to filter reports with the latest values for all server attributes.
For more information, see the Excel sheet containing the query items and query subjects at PDFs.
Change in depot folder name for Report Scripts
The depot folder name is changed to Bladelogic Report Scripts.
Updates in the Report Authoring Guide
The BMC BladeLogic Decision Support for Server Automation User Guide: Report Authoring at PDFs now contains illustrated examples of how to combine specific query items from the specified query subjects in a domain. BMC recommends that you combine only these query items to generate meaningful ad hoc reports.