Privilege Management for Unix & Linux 10.3.1 Release Notes
August 20, 2020
New Features and Enhancements:
Improvements to PBUL write queue performance.
Added support for RHEL 8.
Added support for Solaris 11.4.
Dropped support for 32-bit Linux.
Added support for Debian 9, Debian 10, and Ubuntu 18.04, 20.04 (LTS).
Added a keyword to enable or disable logcaching.
Updated pbinstall script to create a /lib64/libncurses.so.5 symlink on RHEL 8 and above versions.
Dropped support for unsupported vendor platforms: AIX 6.1, Linux 32-bit, RHEL/CentOS/Oracle Linux v5, RHEL Itanium, Debian prior to 9.12, and Ubuntu versions prior to 16.04.
Changed the context of PBUL binaries to bin_t in case SELinux is enforcing.
Split the logcache database into two databases, so that two different processes could operate on events and iologs separately without lock contention.
Improved message router performance with several internal changes that reduced unnecessary overhead.
Resolved issue in which the #mr-ioc process and other children failed to terminate when the #mr-svc parent watchdog process wanted to restart them.
Resolved issue in which write queue was slow processing when replies were received out of order.
Resolved issue in which networkencryption caused pbrun -h <client> to hang when issued from the policy server, multiple encryptions were listed, and the remote client’s encryption was not first in the list.
Setting the keywords masterprotocoltimeout, logserverprotocoltimeout, and syncprotocoltimeout to -1 implies no protocol timeout. Resolved issue in which pbinstall commented out these keywords when explicitly set to -1, causing them to default to a finite timeout value of 500.
Resolved issue in which the presence of a non-existent keyfile in the eventlogencryption list caused 3033 key file unreachable error in pblog regardless of whether the correct algorithm or key pair appeared at the head of the list.
Resolved issue in which the RNS post-install configuration script (pbrnscfg.sh) menu options were using the obsolete term Primary Policy Server, rather than the updated term Primary License Server.
Resolved an issue in which a PMUL config package upgrade could truncate the eventlog.
Resolved issue in which processing wq_**** files took too long or completely stopped.
Resolved issue in which there was a segmentation fault when there was an ACA rule in a policy that did not have the default ACA rule.
Resolved closeactionsplunk.pl errors in the Splunk integration when new non-exec related ACA data was in the iolog.
Resolved issue in which pblog segmentation faults occured when MySQL ODBC was configured for SSL libraries other than PBUL's. The solution is to set loadssllibs to yes.
Resolved issue in which certain ACA trapped functions upon error returned the correct errno but returned a value of 0 instead of -1.
Resolved issue in which pbinstall did not retain the value of settings keyword loadssllibs during an upgrade.
Resolved issue in which event log files were created with bad permissions.
Resolved issue in which calling pbdbutil --info --uuid on an installation directory from version 10.3.0 did not return the UUID of a local client host when /etc/pb.db from v9.3 already existed.
Resolved lock contention issue that pertained only to physical policy server machines.
Resolved issue with turning on SSL in mixed environments in which some machines had SSL running and others did not.
Resolved pblocald issue in which it terminated before it was able to execute and monitor a requested secured task on RHEL8 and derivatives.
Resolved Memory Corruption in logEventServer when configured to send events to AD Bridge.
Resolved issue in which debug logs were created with world-writable permissions.
Resolved issue in which pbksh and pbsh, when in native root mode, encountered a segmentation fault when attempting to log the event.
Resolved issue in which pbksh and pbsh no longer created a local eventlog in native root mode.
Resolved issue in which pbinstall commented out enforcehighsecurity and ssl in pb.settings (hence implying default value of yes) if they were explicitly set to no during install.
Resolved issue in package installer in which symbolic links to liblber-2.4.so.2, libldap-2.4.so.2, and others were missing or incorrect.
Resolved issue in which piping a command into pbrun --di caused it to hang.
Resolved issue in which using pbreplay -X or -O on an iolog file caused a segmentation violation when replaying the terminal control commands involving a resized screen.
BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering companies to secure and manage their entire universe of privileges. The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance.