Release Notes ================ InfoSphere Guardium. Release: 9.0. Fix ID# V9.0 GPU Patch 50. Fix Completion Date:

Transcription

1 Release Notes ================ Product: IBM InfoSphere Guardium Release: 9.0 Fix ID# V9.0 GPU Patch 50 Fix Completion Date: Description: Guardium Patch Update for v9.0, patch 50 Finding the Fix/Patch ============================= This document is intended to provide a reference to the contents of this fix/patch. If applicable, the detailed description of each fix and instructions for applying this fix/patch are contained within the download package. The actual package is available for downloading from the IBM Fix Central web site at Make the following selections on Fix Central: Product Group: Information Management Product: InfoSphere Guardium Installed Version: 9.0 Platform: Linux Click "Continue", then select "Browse for fixes" and click "Continue" again. ============================= 1

2 V9.0 GPU patch 50 Release Notes will appear when running the CLI command, show build Configuration notes 1. The Guardium GUI only supports a Windows XP operating system with an Internet Explorer 8 (IE8) web browser. The Guardium GUI supports a Windows 7 operating system with an Internet Explorer 9 (IE9) and above web browser. If using IE9 or IE10, press F12 to access a configuration window. In this window, go to the top line and select a Document Mode of "Standard". Otherwise, online help will not display properly. The Linux Firefox browser version should be 10 or higher. There are no restrictions on the Chrome web browser. 2. GUI Layout In v9.0 (or v8.2) if users have created custom report panes or panel customizations before applying the GPU for v9.0 patch, and wish to save these custom report panes and panel customizations, then an administrator must run the CLI command, keep_psml, before applying the GPU for v9.0 patch 02. If the CLI command, keep_psml, is not run beforehand, the default behavior is to remove custom report panes and consolidate prior custom reports under a new "v9.0 Custom Reports" pane for each user. 3. Upgrade/new installation of Accelerator patch that comes with v9.0 GPU patch 50 Requirement: You must use Accelerator patch that comes with v9.0 GPU patch 50. If you upgrade to GPU patch 50, no action is needed, but for new installations, you must use the Accelerator patch that comes with V9.0, GPU patch 50. Example scenario: 1. You downloaded a v9.0 Accelerator and installed it on a v9.0 Guardium, System A, and saved the Accelerator patch. 2. You upgrade Guardium system A to v9.0 GPU patch 50. (At this point, the Accelerator on Guardium system A is fine). 3. You install a different Guardium, System B with v9.0 GPU patch 50 and attempt to install the Accelerator patch you saved in example scenario 1. This will not work. The correct action in this step is to install the Accelerator that comes with v9.0 GPU patch Health check patch dependence, 32-bit installation Health check patch 9997 must be installed before installing the v9.0 GPU patch 50 supporting 32-bit upgrades. The upgrade patch will not install without FIRST installing the Health Check patch. The name of this file is SqlGuard-9.0p9997.tgz.enc. 2

3 5. Installation order after a restore When performing a restore from a previous upgrade in a Central Manager/Managed units/collector environment, first upgrade the Central Manager or Aggregator or Central Manager/Aggregator, followed by manged node (aggregator or collector that is managed from the Central Manager) or collecting node (Guardium collector). When a Central Manager is upgraded, then upgrade the managed nodes, before you log into the managed nodes. Go to the Central Manager, select the upgraded managed node and Refresh it. 6. Japanese and Chinese restore from previous version When restoring from previous versions in Japanese and Chinese, using the CLI command, restore db-from-prev-version, all pre-defined reports are reset. After the restore, the original language has to be reset using the CLI command, store language. 7. A Guardium system can support a UPS backup power unit. However on an installation of a V9 p50, 64-bit OS system, there is a need by users to download the APCUPSD code with RPM on their own, then upload this code to the Guardium system via fileserver mode, and finally install this code via the CLI command, store system package install Download and install the specific file, apcupsd el5.x86_64.rpm This download/transfer/install procedure applies only to an installation of a V9.0 p50, 64-bit OS (or greater) system. 8. When trying to restore a v9.0 GPU patch 50, 32-bit OS audit result onto the Investigation Center of v9.0 p50, 64-bit OS, the restore will fail. In a v9.0 p50, 64-bit OS system, audit process results that include a security assessment and were archived from a system between Guardium v9.0 and Guardium v9.0 GPU patch 50, 32- bit OS, cannot be restored. 9. VMware ESX 4.1 Virtual machine running Guardium might get a kernel panic after a reboot. To correct this situation, VMware recommends: a. Install update 2 on ESX4.1 or b. Set CPU/MMU virtualization to "Use software only instruction set and MMU Virtualization". This option is found under Settings/ Options/ CPU/MMU Use software for instruction set and MMU Virtualization. 3

4 New and Enhanced Features The new and enhanced changes have three themes: Presentation of data Performance (fewer appliances needed) Additional Platforms including NoSQL/Big Data Platforms 4

5 Presentation of data Quick search of audit data within the Guardium GUI The quick search facility, available from the top banner of the Guardium UI when enabled, provides fast search and browse capability for database activities, errors, and violations. This capability uses search indexing, which runs every one to two minutes. Users will be able to use common search techniques, including faceted search and text search, together or in combination to quickly do ad hoc investigations of audit data. It includes the following capabilities: A histogram view of statistics of the Who, Where, What and When facets of database activities. Click on any of these facets to narrow down your search. Free-text search that searches all indexed audit data. For example, you could enter the string john and it will search all indexed data to find john, whether it appears in the DB User, OS User, Client, Error, in the message details, and so on. This feature is disabled by default. To enable it you can run the following grdapi as a CLI user, grdapi enable_quick_search. When the user enables it through grdapi, then they will get a message stating that it requires 24 GB of memory if the system has less than that, but it will still be enabled. Use Data Mart capabilities to improve performance of predefined reports You can use your own or Guardium predefined queries and reports to create a data mart that can be used to significantly improve the performance for your frequently used reports. A data mart is a designated table that is based on your desired report structure. You define the data mart s data granularity for summarization purposes (such as minutes, hours, days or weeks) and schedule it to run periodically. Because the structure is predefined, it eliminates the need to do runtime joins or other resource intensive database activities. Using data marts can be especially effective when used with the regular reporting that you may need to do on the Guardium Aggregators. The data mart definition is pushed down to the managed units and the data is aggregated and summarized at the Aggregator to the enable highlevel/ corporate view with a reasonable response time. A Data Mart is a subset of a Data Warehouse. A Data Warehouse aggregates and organizes the data in a generic fashion that can be used later for analysis and reports. A Data Mart begins with user-defined data analysis and emphasizes meeting the specific demands of the user in terms of content, presentation and ease-of-use. 5

6 Tablet UI Use this feature to enable access to InfoSphere Guardium via tablets and smartphones. As a result of screen size and browser limitations, the flow is limited to summary screens, to-do-list and main screens showing problems and exceptions. Two roles have been added, Mobile Administration (admin-mobile) and Mobile Security Analyst (security-mobile-analyst). These two roles have been added in order to meet Guardium s methodology of separation of duties. Each role has a default layout. Query Performance Improvements In the upper right corner of the Main Entity query definition screen is the selection Two Stages.(not report, it is at query level) and will take effect when it is executed as an audit process, but it will appear if the conditions are met (entities and conditions) allowing the user to select it regardless of whether there is a report for that query and how it is run, later it will be applied ONLY when a report on a query with the two stages set is executed under an audit process. This two stages mechanism applies to queries running as audit processes with columns and conditions only on the following entities: Access (Client/Server), Session, Access Period, Construct (SQL), Object and Sentence (Command). This two stage new mechanism is not used if the query contains a condition with operator "Like Group" or any alias related operator (such as "In Aliases Group") or the condition uses "Having". 6

7 Performance (use fewer appliances) 64-Bit O/S 32-bit and 64-bit versions of Red Hat operating system in the Guardium application are now offered. A newer version of MySQL is included. Changes to logger and options (Quick Parse and No Parse) so Parser has less to do. Faster database kernel and multi-line insert now available. Notes for 64-bit O/S You can install the Guardium software onto your own 64-bit hardware. To deploy Guardium in a 64-bit environment, download the product image from Passport Advantage, or obtain the product DVD, and follow the instructions in the Installation Guide, which is provided on the Guardium information center at The installation process is the same for 64-bit and 32-bit environments. Read this entire section before you begin, because some tasks must be performed in a specific order. The system requirements for a 64-bit environment are different from those for a 32-bit environment. Refer to the V9.0 technical requirements document at for details. Be sure that your system is configured to enable the CPU to run at the highest level supported by the hardware. For example, you might want to disable the Processor Performance option, which can limit CPU performance. Follow these steps: 1. Interrupt the system startup to open the System Configuration and Boot management panel. 2. Select System Settings. 3. Select Processors. 4. Locate the Processor Performance value and change it to Disabled. 5. Boot the system. In 64-bit environments, some data-intensive Java applications, such as the Classifier, can run 10-15% slower than they do in 32-bit environments. This is because native pointers in 64-bit environments are eight bytes long instead of four. Actual performance varies depending on the hardware in use, the size of the database being processed, and other factors. If you have a current Guardium installation, V9 or V8.2, you can export the settings and data from that system and import them into the 64-bit Guardium system. Follow these steps: 1. Perform a full system backup of the existing Guardium system, including data and configuration. 2. Install the product image on your 64-bit hardware. 7

8 3. Use the restore db-from-previous-version command to import the data into the new system. See "File Handling CLI Commands" in the online help for information about this command. 4. If your Guardium system uses a non-english language, use the store language command to ensure that all strings are rendered in the appropriate language. See "File Handling CLI Commands" in the online help for information about this command. You must restore from a Guardium system of the same usage type. For example, you can restore data from a Guardium system that has been used as a collector to another Guardium system that will be used as a collector, or from a Guardium system that has been used as an aggregator to another Guardium system that will be used as an aggregator. You cannot restore data from a Guardium system that has been used as a collector to another Guardium system that will be used as an aggregator or as a central manager. Planning for aggregation A 32-bit Guardium system cannot aggregate data from a 64-bit Guardium system. Therefore, if you deploy a 64-bit Guardium system as a collector or aggregator, any system that aggregates data from that system must be a 64-bit Guardium system. A 64-bit Guardium system can aggregate data from either 64-bit or 32-bit Guardium systems. See Table 1 for a summary of the Guardium systems from which 32-bit and 64-bit Guardium systems can aggregate data. A Guardium system at V9.0 (without V9.0 GPU patch 50) or earlier cannot aggregate data from any Guardium system that has V9.0 GPU patch 50 applied. Table 1. Aggregation Collector 64-bit can aggregate 32-bit can aggregate 64-bit yes no 32-bit yes yes 9.0 yes yes 8.2 yes yes Using a 64-bit system as a Central Manager When you apply a patch or upgrade your systems, you must update the central manager first, then the aggregators, and finally the managed units. This gives you, temporarily, an updated system managing other systems that have not been updated to the same level of code. If you want to use a 64-bit system as your central manager, note these requirements: A 64-bit Guardium system can manage only other 64-bit systems. It cannot manage Guardium systems at prior releases or 32-bit systems with V9.0 GPU patch 50 applied. Therefore you cannot deploy a 64-bit system as your central manager and then update your aggregators and managed units afterwards. In order to use a 64-bit system as a central manager, follow these steps: 1. Apply V9.0 GPU patch 50 to your current 32-bit central manager. This system can manage Guardium systems that have not yet had the patch applied. 8

9 2. Apply V9.0 GPU patch 50 to your other Guardium systems, or deploy new 64-bit Guardium systems as managed units. Update your aggregators first and then your collectors. If you have systems running Guardium version 8.2, upgrade those systems to version 9.0 and then apply the patch. For information about upgrading from V8.2 to V9.0, refer to the Upgrade Guide on the Guardium information center at 3. Replace all your 32-bit aggregators with 64-bit systems, and then replace all your 32-bit collectors with 64-bit systems. See above for steps that you can use to export data from your 32-bit system and import it into your 64-bit system. 4. After all the other systems have been replaced with 64-bit systems, install a 64-bit Guardium system and make it the central manager, taking over from the prior central manager. Table 2. Central Management Collector/Aggregator 64-bit can manage 32-bit can manage 64-bit yes yes 32-bit no yes 9.0 no yes 8.2 no yes Figure 1. Compatibility between different versions 9

10 If you use a Guardium system as both an aggregator and a central manager, see Table 3 for a summary of supported combinations. Table 3. Combined Aggregation and Central Management 64-bit can manage and aggregate 64-bit yes no 32-bit no yes 9.0 no yes 8.2 no yes 32-bit can manage and aggregate Performance enhancement Add additional Policy rules for performance enhancement in certain use cases. No Parse - Do not parse the SQL statement. Quick Parse - Do not parse the SQL statement after the Where condition. Quick Parse No Fields - Do not parse fields in the SQL statement. Quick Parse Native - This is used only in DB2 for z/os and means, do not parse. Use only the information from the S-TAP for z/os. 10

11 Additional Platforms including NoSQL/Big Data Platforms This patch introduces support for several new databases that are used for high-volume data in addition to IBM InfoSphere BigInsights and Cloudera.. Note: IBM InfoSphere BigInsights 2.0 with this Guardium patch also supports monitoring of HBase via the Guardium Proxy. Previously, this support was only available via S-TAP monitoring. Cassandra 1.2.x Use Cassandra inspection engine on port 9160 Install S-TAPs on all nodes in the cluster Limitations: no discovery of databases or instances: no classification of data; no vulnerability assessment; no identification of affected records. CouchDB 1.2.x Use CouchDB inspection engine on port 5984 Install S-TAPs on all nodes to which users can connect Limitations: no discovery of databases or instances: no classification of data; no vulnerability assessment; no identification of affected records. DB_USER is identified only when futon is used. No blocking of users, detection of failed logins or exceptions. No extrusion or redaction of returned data. Greenplum DB 4.0, 4.1, and 4.2 Use GreenplumDB inspection engine on ports 5432 and and HTTP inspection engine on the port where gpfdist runs Install S-TAPs on master nodes GreenPlum HD 1.2 Use Hadoop inspection engine and ports 11

12 HortonWorks Data Platform 1.2 Use Hadoop inspection engine and ports MongoDB 2.0, 2.2, and 2.4 Use MongoDB inspection engine on ports 20717, 20718, or the ports configured for mongod and mongos. Install S-TAP on each shard (mongod) and the routing server (mongos) to monitor privileged user/admin activity For detailed information about using Guardium to provide security for MongoDB databases, see: um+data+security+protection+mongodb For data sheets and other information about all of these new databases, visit Traditional databases/ Operating Systems Informix 12 Microsoft Windows Server

13 Vulnerability Assessment Vulnerability Assessment and Database Protection Service Enhancements You can specify an SQL statement to be tested to decide whether to run a test. You can configure a test to loop through several databases and return a composite result. You can use a search box to find tests to add to an assessment. If a test fails, you can add failing elements to an exception group, or create an exception for them. This is a great feature for privileges tests where you may have hundreds or thousands of authorized members that need to be added to an exception group. For SQL-based tests, add the ability to loop through several databases and provide details (and determine result) based on the union of the data retrieved by the query on each database. Pre-test Check: This is required for specific cases for predefined tests, but we will implement generically. It consists on one additional SQL added to the SQL Based tests that returns 0/1. The test will be executed ONLY if the SQL returns 1. Vulnerability Assessment - Changed Test 159 (Only DBAs In Fixed Server Roles) to use a user defined exception group and detail list instead of hard coded group ID 65. Note that customers using this test on a version prior than v9.0 GPU patch 50 will have to define the exceptions group for this test, otherwise no exceptions will be used. Vulnerability Assessment - Add Statistics by Test type per assessment The assessment result contains now a count of total number of tests and a count of total number of tests that passed of each one of the following categories: CIS, STIG and CVE tests: Total number of CIS tests Total number of CIS passed tests Total number of CVE tests Total number of CVS passed tests Total number of STIG tests, and Total number of STIG passed tests These values are available for reporting as part of the VA results domain as well as displayed in the assessment result viewer. Note the values are summarized for the whole assessment. 13

14 Shortcuts from Vulnerability Assessment Result Viewer Add new shortcuts from the Vulnerability Assessment Result Viewer to: Add detail members to exceptions group Add detail members to a group Invoke Add test exception API to ensure the test will pass until a given date. Denial of Service Vulnerability Assessment tests Check whether a critical user/account is locked. Databases can lock an account under several different circumstances, and in most cases the lock is correct and what users expect. However there may be some cases that a critical account (used by certain applications) gets locked as a consequence of a mistake or some malicious action. If that happens it might cause denial of service. Add tests for: Oracle; SQL Server; Sybase ASE; Sybase IQ; Teradata; and, Netezza. List of VA tests new to this release New Informix tests and new tests for MS SQL Server to cover CIS SQL Server 2008 Benchmark. Test ID Database type Test Name 2273 INFORMIX Authority granted to PUBLIC 2274 INFORMIX Columns granted to PUBLIC in user databases 2275 INFORMIX Databases owned by root 2308 INFORMIX No Informix Sample Databases INFORMIX Restrict DBA Authority 2277 INFORMIX Restrict Resource Authority 2278 INFORMIX Roles granted to PUBLIC 2279 INFORMIX Roles granted with GRANT OPTION 2280 INFORMIX Routines granted directly to users 2281 INFORMIX Routines granted to PUBLIC INFORMIX Routines granted with GRANT OPITON 2283 INFORMIX Routines owned by root 2284 INFORMIX Tables and Views granted directly to users INFORMIX Tables and Views granted to PUBLIC in user databases 2286 INFORMIX Tables and Views granted with GRANT OPTION 14

15 Test ID Database type Test Name 2287 INFORMIX Tables and Views owned by Informix in user databases 2288 INFORMIX Tables and Views owned by root 2289 MS SQL SERVER Access to server level permissions granted to non-database Administrators 2303 MS SQL SERVER Change Data Capture 2267 MS SQL SERVER Critical accounts locked - MS-SQL 2304 MS SQL SERVER DBMS application object ownership 2305 MS SQL SERVER DBMS encryption compliance 2306 MS SQL SERVER DBMS source code encoding or encryption 2307 MS SQL SERVER DBMS symmetric key management 2290 MS SQL SERVER Default trace enabled 2291 MS SQL SERVER Disable Database Mail 2298 MS SQL SERVER Disable Named Pipes protocol 2292 MS SQL SERVER Disable Ole Automation Procedures 2293 MS SQL SERVER Disable Remote Access 2294 MS SQL SERVER Disable Scan for Startup Procedures 2299 MS SQL SERVER Disable Shared Memory protocol 2295 MS SQL SERVER Disable the sa Login Account 2300 MS SQL SERVER Disable VIA protocol 2301 MS SQL SERVER Hide SQL Server Instance 2302 MS SQL SERVER Maximum number of SQL error Log files 2296 MS SQL SERVER MSDB database Role Members Privilege 2297 MS SQL SERVER Set CLR Assembly Permission Set to SAFE_ACCESS for All CLR Assemblies 2268 NETEZZA Critical accounts locked - Netezza 2269 ORACLE Critical accounts locked - Oracle 2270 SYBASE Critical accounts locked - Sybase ASE 2271 SYBASE IQ Critical accounts locked - Sybase IQ 2272 TERADATA Critical accounts locked - Teradata 15

16 Additional features Changed Data Values (CDC) Integration Add an entity to the Guardium application that can be used with the IBM InfoSphere Change Data Capture (InfoSphere CDC) replication solution that allows the replication to and from supported databases. Maintenance of replicated databases can be used to reduce processing overheads and network traffic. This Guardium integration uses Java CDC user exit to send value change information to the Guardium collector. Configure BIG-IP Application Security Manager (ASM) to communicate with Guardium system Use the latest information on this feature, available from IBM Business Partner, F5 Networks: Guardium Installation Manager (GIM) Improve GIM performance on the collector side (Faster GUI, Better performance in all unit types, especially in managed appliance environments) Increase the number of DB servers managed by a single appliance. o Manage up to 3000 DB servers by the Central Manager o Manage up to 500 DB servers by a Managed or Stand-alone appliances o Upgrade up to 300 DB servers in the same time Improve control of large DB server install base. o Manage upgrades by groups o Faster and flexible GIM reports o Distribute GIM bundles to Managed Units Consolidated Installer - Windows and UNIX/Linux The IBM InfoSphere Guardium GIM client installer can also automatically install other modules (S-TAP and Discovery) during the initial GIM install, without the need to push the modules from the server. UNIX/Linux Install GIM client, UNIX S-TAP and Discovery Windows - Install GIM client and Windows S-TAP 16

17 Run API And other shortcuts Enable users to take action from the Results viewer instead of navigating through the menu and writing down all the codes needed for the new task configuration. Add Run API (related-task) capability from Report Results to execute APIs. Use this feature to easily create Audit Process/Task via the Report Results or easily create VA Results for Vulnerability Investigation and Action- Taking. API for Aliasing Add GuardAPI commands to create, update and delete alias functions. Windows S-TAP Auto Discovery for MS SQL Automatically create inspection engines based on findings from the registry. Not Like Group Add a new operator for query building, Not Like Group, which will set-up a condition so that a specified attribute is NOT LIKE any of the group members. Use this condition only when absolutely necessary for desired results; it may cause the query to run more slowly. Alias Builder changes Select Clear existing group members before Importing to indicate if the content of the group should be deleted prior to the import of new members. Connection Profile Connection profiling is the ability for Guardium to use connection identification information to give you more control over configuring actions and reports based on those connections. Connections are identified using the tuple Client IP/Src App./DB User/Server IP/Svc. Name. The following are new: A new predefined group, Connection Profiling List, which is the group of all known (or allowed) connections, each of which is identified by its associated tuple. (Wildcards can be used for components of the tuple.) A new predefined admin report, Connection Profiling List, on the Daily Monitor tab, which reports the details on all connections that are not in the Connection Profiling List. Use this report to see whenever new, unapproved, connections are entering the system. 17

18 A new predefined threshold alert, which by default runs the Connection Profiling List query every 60 minutes and alerts on new unapproved connections. Reminder: The Alerter and Anomaly Detection must be activated from the administration console. Supportability features Add to CLI option to change S-TAP parameters Add new domain for Policy rules Add API to clone policy MustGather GUI Automatic collection of support ticket information Add GUI for CLI commands related to Basic Information for IBM Support. This log information is Aggregation, Alerts, Application, Audit process, Backup, Central Manager, Database User, Purge, Scheduler, Sniffer, System Database, and Patch Install. Audit Process Summary At the bottom of the Audit Process Finder screen appears the Audit Process Status Summary. This section contains information on scheduled audit processes, as well as results, receivers outstanding and errors. This summary is a consolidation of data from multiple audit process reports. Audit Process Delete Results Add an additional button to the Audit Process Finder screen to delete any audit process results. Default policy on v9.0 p50, 64-bit or 32-bit (new) installations On a new installation only (not on upgrades), a new default policy exists. The default policy on v9.0 p50, 64-bit (new installation) is "Default Ignore Data Activity for Unknown Connections". This means that only connection information (such as Client IP, Source Application, DB User, Server IP and Service Name) is logged by default, not all database activity. The advantage of this default policy is to avoid flooding the network with traffic when activating and validating a new S-TAP. A new report, the Connection Profiling List, is added to the Daily Monitor tab to make it easy to add connections to the known connections group, which is also named Connection Profiling List. 18

19 Policy Violation Summary Add a summary table to the lower half of the Policy Finder screen, Latest Logs and Violations". This table shows, for the previous 5-, 30-, or 60-minutes (user customizable), policy rules that have had any saved SQLs or access violation records. New policy install role To help enforce separation of duties, the new Policy install role added. This role provides access to the Data Access Policy install application, which is separate from task of building the policy. Enhancements to Alert Builder A new Recommended Action field lets you add free text as a recommended action for the specific correlation alert as appropriate for your organizational policies and procedures. Now you can specify a custom message template similar to what you could do previously for real-time alerts. The templates use a predefined list of variables that are replaced with the appropriate value for the specific alert. Central Manager Redundancy Use Central Manager Redundancy or Backup Central Manager (CM) to configure a secondary or backup CM, in case the Primary CM becomes unavailable. Note: There is a second message on either 32-bit OS of 64-bit OS Guardium systems during the switch to the secondary Backup server via Central Manager Redundancy, which informs you that this process might take a while to complete. In most cases, you will get a blank screen on the secondary server which is being transitioned into the primary server. Also at some point, you might see both secondary and the primary servers with the managed nodes. The managed nodes will disappear from the primary Central Manager. Wait for this to happen. Notes on Central Manager (CM) Redundancy When the user is ready to start the process of making the backup the Primary CM be sure to understand the following: 1. Select the "Make Primary CM" link under Central Manager on the backup CM to start the change where the backup CM will become the Primary CM 2. Answer OK to the first message "Do you want to start this process Answer OK to the second message "This will take a while... 19

20 4. The screen will blank.. This process will take a while to complete. The CM Redundancy process restoration has begun. The process will take awhile depending on the size of the configuration backup file size. This file was copied over to /var/importdir on the backup CM when you registered the backup CM. You can see how big the file is by using the ls - lh command. A 2.0 GB backup file with 10 managed nodes will take up to 15 minutes to complete. This also depends on the power of the servers that are running the Guardium application. 5. DO NOT click the "Make Primary CM" twice. 6. To view the progress of the restoration, login as CLI onto the backup CM (which you are making the primary) and view the load_secondary_cm_sync_file.log file 7. After the backup restoration completes, you will get a GUI restart message - Answer OK. This message TAKES A WHILE to APPEAR after you have selected ok to the FIRST two messages 8. You can log into the Backup CM which is now the primary. The managed nodes will be configuring for you as you log in. What was the Primary node might still have managed nodes, but they will soon be unmanaged. Generate Role Layout for Central Manager Generate Role Layout from the GUI, for both users and roles, and distribute from a Central Manager to managed nodes FIPS140-2 compliant OpenSSL Switch to a FIPS compliant OpenSSL library. Add Ability to Exclude Group Members from Definitions Export Add a check box in Definitions export screen to "Exclude group members". Upload multiple datasources created from a spreadsheet By using a specific set of columns in a data sheet to store your datasource information, you can more easily update your stored datasources, such as if you have to change passwords on many servers. Create the datasources in a spreadsheet with a specific set of columns and then save as a tab-delimited.txt file. Then in the Customer Upload section of the Administration Console, you can upload this file into Guardium. 20

21 Access Policy and Installed Policy reporting Add new domain Access Policy and the Access Policy Tracking pane under Query & Report Building. Classifier Enhancements Add a link in the Classification Process Builder to Classification Policy Builder. This way, the user does not have to close out of Classification Process Builder to go to Classification Policy Builder. Add CAS and Text Filtering To Security Assessment Builder Add the ability to filter CAS-based tests (those with an asterisk). 21

22 List of new predefined reports Hadoop - BigInsights MapReduce Report Hadoop - Exception Report Hadoop - Full Message Details report Hadoop - HBase Report Hadoop - HDFS Report Hadoop - Hue/Beeswax Report Hadoop - MapReduce Report Hadoop - Unauthorized MapReduce Jobs Access Direct from Extranet/DMZ Accounts Created and Deleted within a Short Period CIS vulnerability CVE compliance Compliant(Pass) Results Connection Profiling List Custom Table Upload Log DataSource Status Distributed Datamart Status Excessive Errors per Period Excessive Failed Attempts to Grant Failed User Login Attempts - Distributed Failed Vulnerability Results Privileged Account Utilization Privileged User Access of Business Objects SQL Errors - Distributed STIG compliance Scheduled Jobs Exceptions - distributed Slow queries Top Massive Grants Unit Utilization Daily Summary Users Inactive Since Use of Application Accounts by Other than Application Use of Privilege Accounts to Create a New Login Datamart Extraction Log 22

23 List of new GuardAPI commands clone_policy create_alias create_policy datamart_set_active datamart_set_inactive delete_alias delete_approved_stap_client delete_audit_process_result delete_policy disable_quick_search disable_special_attributes display_stap_config enable_quick_search enable_special_attributes execute_autodetect_process list_compatibility_modes list_policy must_gather_api nscd reinstall_policy reinstall_policy_rule uninstall_policy_rule update_alias update_policy update_stap_config 2013 June 28 IBM InfoSphere Guardium Version 9.0 Licensed Materials - Property of IBM. Copyright IBM Corp U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information ( 23