Endpoint Privilege Management for Unix and Linux 23.1.1 Release Notes

July 27, 2023

 

All the issues in this release are related to PMUL ElasticSearch integration. If you are not using ElasticSearch, this release is not needed.

 

The tar files in this v23.1.1 update do not contain a full release and cannot be deployed using BeyondInsight for Unix & Linux. BeyondInsight for Unix & Linux does not support installation of maintenance updates.

Requirements:

Prerequisite

  • Installation of PMUL v23.1.0.
  • Install the release on the log server (or on the policy server if acting as the log server).
  • Use of ElasticSearch integration with PMUL.

Installation Instructions

On the log server (or policy server if acting as the log server) where v23.1.0 is installed, use untar to extract the appropriate tar file for the OS:

# zcat pmul_<Platform>_23.1.1-01-upgrade.tar.Z

Go to install directory:

# cd powerbroker/v23.1/pmul_<Platform>_23.1.1-01/install

Run:

./pbpatchinstall

For installation requirements and considerations, please see the Installation Guide.

For a list of supported platforms for the latest version of Endpoint Privilege Management for Unix & Linux, please see the Supported Platforms Guide.

Supported Platforms Guides for previous versions of Endpoint Privilege Management for Unix & Linux can be found in the Privilege Management for Unix & Linux Documentation Archive.

New Features and Enhancements:

This is a maintenance release. There are no new features to note.

Issues Resolved:

  • Some events occurring during rapid bursts of pbrun executions were never delivered to Elasticsearch. The root causes of this problem were:
    • An incoming event could be considered processed if it were successfully queued for only the log server event log. The event is now considered processed only if it can be placed on both the Elasticsearch and local event log queues.
    • pblogd would fail to create write queue files in some queue full situations. Resolved by ensuring that write queue files are written in all situations in which the queue is full.
  • The mr-siem message router subprocess, which consumed events from the Elasticsearch shared memory queue and sent them to Elasticsearch, had significant memory leaks. These were resolved by correctly freeing intermediate JSON objects built up to create documents sent to Elasticsearch.
  • An Elasticsearch document coalesced from Accept and Finish events, associated with a single pbrun invocation, could contain undefined as the exitstatus if Elasticsearch received the Finish event prior to receiving its Accept counterpart. Also, the event type for coalesced Accept and Finish events was set to Finish rather than Accept, unless Elasticsearch received the Finish event first. Both issues are resolved in this release.
  • The scheduled backup process mrsiemdq forwards backed-up events to Elasticsearch in cases when the message router fails to do so. Two consecutive runs of this mrsiemdq process could both try to access the backup database if the first run was still in progress at the time the second run was invoked. Resolved by adding a lock to ensure that only one invocation could run at a time.

Known Issues:

None.

Notes:

List of Binaries in this Release

This service pack replaces the following binary reporting version 23.1.1-01:

  • pbconfigd
  • pblighttpd-svc
  • pblogd
  • pbmasterd