IBM Support

IBM Netcool System Service Monitor SSM 4.0 interim fix 10 README file Netcool/System Service Monitor 4.0.1.3 4.0.1.3-TIV-SSM-IF0010

Fix Readme


Abstract

The readme file for the IBM Netcool System Service Monitor SSM 4.0 interim fix 10.

Content

Readme file for: 4.0.1.3-TIV-SSM-IF0010
Product/Component Release: 4.0.1.3
Update Name: 4.0.1.3-TIV-SSM-IF0010
Fix ID: 4.0.1.3-TIV-SSM-LINUX-PPC-IF0010, 4.0.1.3-TIV-SSM-LINUX-X86-IF0010, 4.0.1.3-TIV-SSM-LINUX-X86_64-IF0010, 4.0.1.3-TIV-SSM-WIN32-X86-IF0010, 4.0.1.3-TIV-SSM-MULTIPLATFORM-IF0010-DSCFiles, 4.0.1.3-TIV-SSM-SCRIPTFILE-IF0010 
Publication Date: 31 December 2022
Last modified date: 31 December 2022

Contents

Download location
Prerequisites and co-requisites
Known issues
Known limitations

Installation information

   Before installation
   Installing
   Performing the necessary tasks after installation
   Uninstalling if necessary

Additional information
List of fixes
Document change history

Download location

To download this update, first login to IBM FixCentral. Once logged in, you can select from the individual download packages.

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Netcool+System+Service+Monitor&release=4.0.1.3&platform=All&function=fixId&fixids=4.0.1.3-TIV-SSM-IF0010&includeSupersedes=0&source=fc

Here are a list of components, platforms, and file names that apply to this readme file.

Fix Download for Linux

Product/Component Name: Platform: Fix:
Netcool/System Service Monitor Linux pSeries 4.0.1.3-TIV-SSM-LINUX-PPC-IF0010
Netcool/System Service Monitor Linux 32-bit,x86
Linux 64-bit,x86_64		 4.0.1.3-TIV-SSM-LINUX-X86-IF0010
Netcool/System Service Monitor Linux 64-bit,x86_64 4.0.1.3-TIV-SSM-LINUX-X86_64-IF0010
Netcool/System Service Monitor Linux 64-bit,x86_64 4.0.1.3-TIV-SSM-SCRIPTFILE-IF0010
Netcool/System Service Monitor Linux pSeries
Linux 32-bit,x86
Linux 64-bit,x86_64		 4.0.1.3-TIV-SSM-MULTIPLATFORM-IF0010-DSCFiles

Fix Download for Windows

Product/Component Name: Platform: Fix:
Netcool/System Service Monitor Windows 4.0.1.3-TIV-SSM-WIN32-X86-IF0010
Netcool/System Service Monitor Windows 4.0.1.3-TIV-SSM-MULTIPLATFORM-IF0010-DSCFiles

Prerequisites and co-requisites

The 4.0.1.3 interim fix 10 patch requires the original Netcool/SSM 4.0.1 product to be installed first. Patch installers are identified by file name: ssm401-interimfix-03-10-*

For Windows 2008 SP2 you must first install the following Microsoft patch:
You cannot run an application that is signed with a SHA-256 certificate on a computer that is running Windows Server 2008 SP2

4.0.1.3 interim fix 10 has no other prerequisites. It is a cumulative release and so contains the previously released:

  • Fix Pack 1
  • 4.0.1.1-TIV-SSM-IF0001
  • 4.0.1.1-TIV-SSM-IF0002
  • 4.0.1.1-TIV-SSM-IF0003
  • Fix Pack 2
  • 4.0.1.2-TIV-SSM-IF0001
  • 4.0.1.2-TIV-SSM-IF0002
  • 4.0.1.2-TIV-SSM-IF0003
  • Fix Pack 3
  • 4.0.1.3-TIV-SSM-IF0001
  • 4.0.1.3-TIV-SSM-IF0002
  • 4.0.1.3-TIV-SSM-IF0003
  • 4.0.1.3-TIV-SSM-IF0004
  • 4.0.1.3-TIV-SSM-IF0005
  • 4.0.1.3-TIV-SSM-IF0006
  • 4.0.1.3-TIV-SSM-IF0007
  • 4.0.1.3-TIV-SSM-IF0008
  • 4.0.1.3-TIV-SSM-IF0009

Hardware and Software requirements.

Known issues

Non-APAR Defect alm00295041 - Can't remote install ssm with V3 Configurations

Problem Description
Remote installation fails on all platforms with V3 Configurations with the following error:
KDY3209E: Failed to add v3 user itmkdyuser might not add the new SNMP v3 user with a remote connection

Non-APAR Defect alm00295075 - Can't remote uninstall ssm on windows

Problem Description
Remote uninstall fails on Windows platforms with the following error:
KDY3501E: Could not find the uninstall key with the command regedit /E uninst.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EFDE76FA-B83A-4608-AFF0-37829C7F5186}. Could not find the required uninstall key.

Non-APAR Defect alm00295526 - The transaction.oid file is missing in the oid directory

Problem Description
Trying to load the transaction subagent shows the following warning because the transaction.oid file is missing from the OID subdirectory:
Could not open script file "oid/transaction.oid"

Known limitations

IJ09207: APACHE 2.4 REQUIRES ADDITIONAL CONFIGURATION TO BE MONITORED ON RED HAT LINUX BY THE SSMAGENT

Problem Description
Apache 2.4 is configured slightly differently than earlier versions and this prevents the documented method of enabling the server-status URL from working. Additionally Red Hat linux does not allow the SSM Agent to read the httpd.pid file when the soft link is a root[/] soft link rather than a relative soft link.

Work-around

  1. Enabling Apache 2.4 server-status
    • Check the server status module is available:

      /usr/sbin/httpd -M | grep status
      status_module (shared)

    • Create the status.conf file: /etc/httpd/conf.modules.d/status.conf

      <IfModule mod_status.c>
           <Location /server-status>
             SetHandler server-status
               <RequireAny>
                 Require local
                 Require ip 127.0.0.1
              </RequireAny>
           </Location>
           ExtendedStatus On
      </IfModule>

    • Make sure that the PidFile is entered in the httpd.conf file, for example:

      cd /etc/httpd/conf
      grep PidFile httpd.conf
      PidFile run/httpd.conf

    • To stop Apache, kill the root HTTPd process:

      cat /etc/httpd/run/httpd.pid
      ######

      ps -ef | grep ######
      <list of httpd pids>

      kill -15 ######

      ps -ef | grep ######
      <nothing>

    • To start Apache run:

      /usr/sbin/httpd

      curl http://127.0.0.1/server-status?auto

      Resulting status query results

  2. The Apache server installation uses root[/] paths for the run directory, which is a problem in newer Red Hat releases. This prevents the SSM Agent from reading the PID file of the Apache server.

    To make the run directory relative, perform the following task:

    • Stop Apache

      ps -ef | grep httpd | grep root | grep -v grep
      root <PID> .... /usr/sbin/httpd
      kill -15 <PID>
      ps -ef |grep httpd | grep root | grep -v grep

      <Nothing returned>

    • Now create a new link for run:

      cd /etc/httpd
      mv run run.orig
      ln -s ../../var/run/httpd run

      ln -s ../../var/run/httpd run

    • Start Apache

      /usr/sbin/httpd

    • Restart the SSM agent
      /opt/netcool/ssm/bin/init.ssmagent stop
      /opt/netcool/ssm/bin/init.ssmagent start
      /opt/netcool/ssm/bin/init.ssmagent status
    • Check for the Apache PID

    To roll back:

    • Stop Apache
    • mv run run.apache22
    • mv run.orig run
    • Start Apache

Patch fails to install via the tacmd createNode or updateAgent command

Problem Description
Remote deployment command tacmd createNode or updateAgent might fail with the following error:
Error message: KDY3604E: SSM agent not running on remote host. The remote host requires the SSM agent to be running in order to perform agent patching without the use of credentials.
Verify that the specified hostname is the intended remote host, and that all SNMP connection parameters are correct. This can be checked by using the MIB explorer or SSM agent console to remotely connect to the host. Verify that the specified hostname is the intended remote host, and that all SNMP connection parameters are correct. This can be checked by using the MIB explorer or SSM agent console to remotely connect to the host.

Installation information

Before installation

Although the SSM patch installer verifies its integrity before proceeding, you can verify the integrity of the patch installer without installing the patch by using the -t (test) option:

UNIX/Linux: ./ssm401-interimfix-03-10-platform-arch.run -t
Windows: ssm401-interimfix-03-10-win32-x86.exe -t

Also note that on some platforms installation might fail if you have any SSM-related programs running. Make sure that you close all instances of the SSM console and the MIB Explorer (Windows) before installing the patch. The patch installer stops and restarts the SSM agent process automatically.

Installing

SSM patches are self-extracting interactive programs that guide you through the installation process. You need only execute the installer (for your operating system) and follow the prompts:

UNIX/Linux: ./ssm401-interimfix-03-10-platform-arch.run
Windows: ssm401-interimfix-03-10-win32-x86.exe

Silent installation is achieved by adding the word silent as a parameter to the end of the shown command.

Further details about advanced patch installation can be found in the patch installation guide:

PDF: http://pic.dhe.ibm.com/infocenter/tivihelp/v61r1/topic/com.ibm.netcool_ssm_4.0.1.doc/ssmpig-pdf.pdf
HTML: http://pic.dhe.ibm.com/infocenter/tivihelp/v61r1/topic/com.ibm.netcool_ssm_4.0.1.doc/pig/topic/pig.html

Performing the necessary tasks after installation

For Defect 31796: "Add additional memory types to hostres.  SSM RFE 143541"
Summary of use:
  1. Back up the existing libhostres.so. In the default installation the location is /opt/netcool/ssm/bin.
  2. Copy the new library into the location where you found the existing library.
  3. Edit the SSM agent configuration (init.cfg) to add MemoryIncludeVirtualSharedBufferCache=1 as a new inivar.
  4. Stop and restart the SSM agent.
How the data is calculated:
The actual values returned are calculated as follows. The names used represent the line from /proc/meminfo used. For example, given the following lines from /proc/meminfo:
MemTotal:       16265716 kB
MemFree:          318232 kB

MemTotal would be 16265716.

 

Troubleshooting installation problems from the Support site


http://www.ibm.com/software/sysmgmt/products/support/NetcoolSystemServiceMonitor.html

Uninstalling if necessary

On Windows, 4.0.1.3 interim fix 10 may be uninstalled via Control Panel - Add or Remove Programs. Make sure you check the "Show updates" box for SSM patches to appear in the list. Also ensure that the SSM console and MIB Explorer are not running before uninstallation (so that previous file versions can be restored correctly), otherwise the removal process fails.

On all platforms 4.0.1.3 interim fix 10 can be uninstalled with the "patchman" tool, which is found in the SSM bin directory:

patchman -r "401 Interim Fix 03-10"

Additional information

Security Bulletins

SSM 4.0.1.3 interim fix 10 contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors ( CVE-2022-2068, CVE-2022-2097)

SSM 4.0.1.3 interim fix 09 contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2021-4160, CVE-2022-0778, CVE-2022-1434, CVE-2022-1343, CVE-2022-1)

SSM 4.0.1.3 interim fix 08 contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2021-3712, CVE-2021-3711)

SSM 4.0.1.3 interim fix contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2020-1971,CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, CVE-2021-3450)

SSM 4.0.1.3 interim fix 06 contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

SSM 4.0.1.3 interim fix 04 contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-3737, CVE-2018-0732)

SSM 4.0.1.3 interim fix 03 (also included in this 4.0.1.3 interim fix 04) contains fixes to the following Security Bulletin:

- Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)

SSM 4.0.1.3 interim fix 02 (also included in this 4.0.1.3 interim fix 04) contains fixes to the following Security Bulletins:

- Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2000-1254, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306, CVE-2016-7052, CVE-2016-7055, CVE-2016-8610, CVE-2017-3732)
- Security Bulletin: A vulnerability in Net-SNMP affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-5621)

SSM 4.0.1.3 interim fix 01 (also included in this 4.0.1.3 interim fix 04) contains fixes to the following Security Bulletins:

- Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176)

The version of libcURL used by SSM 4.0.1.3 Interfix Fix 01 was uplifted to 7.49.1 to maintain best practice.

Red Hat Installation requirements

SSM 4.0.1 requires the libstdc++-32-3.2.3 compat libraries and the libstdc++ runtimes to execute on Red Hat Linux 6.x. On 64-bit Red Hat systems you can install the 64-bit versions of these libraries as well.

Checksums

The SHA1 Checksum of the images are as follows:
SHA1(ssm401-interimfix-03-10-linux-ppc64.run)=d2 83 0e 2e 79 8d 2b 01 ee bc 88 12 9e 90 ce e6 69 fb 2f 27
SHA1(ssm401-interimfix-03-10-linux-x86.run)=ec bb 63 79 36 66 d4 47 c7 2b 27 e3 4c 94 03 9a 51 35 7b 91
SHA1(ssm401-interimfix-03-10-linux-x86_64.run)=a7 1a 29 7f 3e f6 a5 51 14 d5 be 2d 10 8e eb c9 06 0c f0 16
SHA1(ssm401-interimfix-03-10-win32-x86.exe)=42 b7 a3 7c 00 94 6a b5 72 b7 11 58 7d 76 6e 82 64 5a a3 cd
SHA1(ssm401-interimfix-03-10-Multiplatform-DSCFiles.zip)=77 36 8a d3 cf b2 f8 db f4 6b 64 35 fc 3c ec e4 96 af 81 a2

List of fixes

SSM 4.0.1.3 interim fix 10 contains fixes to the following items:

PSIRT only release

OpenSSL support

Updating of all components to use OpenSSL 1.1.1r

Task ID APAR Fixed in Release Description
RTC31505 4.0.1.648 03-04 RFE 125144: Allow file containing PID to be placed somewhere other than /var/tmp
RTC315116 IJ09655 4.0.1.648 03-04 SSM V4.0.1.3: DVD/CD ROM IS DETECTED AS HARDDISK IN HRDISKSTORAGE TABLE IN SYSTEM WITH MULTIPLE DISKS
RTC314996 IJ09066 4.0.1.648 03-04 SSM AGENT DOES NOT DETECT MORE THAN ONE DISK IN THE HRDISKTABLE
RTC31505 4.0.1.559 03-02 RFE 52528: SSM agent does not allow the use of reclaimable memory in calculations causing unwanted threshold violations
RTC31364 4.0.1.559 03-02 SSM with unix autofs enabled configuration, mounts all the nested directories in RHEL 7
RTC30617 IV86553 4.0.1.247 03-01 SSM 401 AGENT iCORE WHEN STRING EXCEEDS SIZE

Document change history

 
Version Date Description of change
1.0 31 December 2022 Initial Release

















 

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSGNTH","label":"Netcool\/System Service Monitor"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
30 December 2022

UID

ibm16840747

Page Feedback