Installation Instructions for Hot Fix F6R014

Linux for x64


Hot fix F6R014 addresses the issue(s) in SAS Fraud Management 6.1 as documented in the Issue(s) Addressed section of the hot fix download page:

https://tshf.sas.com/techsup/download/hotfix/HF2/F6R.html#F6R014


Important: SAS 9.4 M7 is required for this hot fix. If your servers need to be upgraded, you must contact your SAS Account Representative for a new software order. Do not proceed with this hot fix installation until a software order is obtained and the SAS software depot is downloaded and available to your servers.

If your servers are already at SAS 9.4 M7 and you have not previously installed the SAS Security Update 2023-09 or later, you must install it immediately after applying this hot fix.

Please read this entire document before beginning the hot fix installation.


F6R014 is a "container" hot fix that contains the following "member" hot fixes which will update the software components as needed.

I8K003  updates  SAS Fraud Management Common Macros 6.1
G6C007  updates  SAS Fraud Management Data Services 6.1
F8Y010  updates  SAS Fraud Management Decision Engine 6.1***
F6S013  updates  SAS Fraud Management Mid-Tier 6.1***
I8L004  updates  SAS Fraud Management Reporting History ETL Server Macros 6.1
I8M003  updates  SAS Fraud Management System of Record DB Maintenance Macros 6.1
F6T008  updates  SAS Fraud Management Transaction Extensions 6.1***
F8Z010  updates  SAS Fraud Transactional Analysis Engine 6.1

*** member hot fixes that have been updated since the previously released hot fix (F6R013)


See What is a container hot fix? in the Hot Fix FAQ for more information about container hot fixes.


HOT FIX COMPONENT HISTORY

Software Component Server F6R001 HF1 F6R002 HF2 F6R003 HF3 F6R004 HF4 F6R005 HF5 F6R006 HF6 F6R007 HF7 F6R008 HF8 F6R009 HF9 F6R010 HF10 F6R011 HF11 F6R012 HF12 F6R013 HF13 F6R014 HF14
SAS FM Common Macros 6.1 Batch Server (Unix) - - - I8K001 - I8K002 - - - I8K003 - - - -
SAS FM Data Services 6.1 Data Server (Unix) G6C001 - - G6C002 - G6C003 - G6C004 G6C005 G6C006 - G6C007 - -
SAS FM Decision Engine 6.1 Decision Server F8Y001 - - F8Y002 F8Y003 F8Y004 - F8Y005 F8Y006 F8Y007 F8Y008 F8Y009 - F8Y010
SAS FM Mid-Tier 6.1 Midtier F6S001 F6S002 F6S003 F6S004 F6S005 F6S006 F6S007 F6S008 F6S009 F6S010 F6S011 F6S012 - F6S013
SAS FM Reporting History ETL Server Macros 6.1 Batch Server (Unix) - - - I8L001 I8L002 I8L003 - - - - - I8L004 - -
SAS FM System of Record DB Maintenance Macros 6.1 Batch Server (Unix) - - - I8M001 - I8M002 - - - I8M003 - - - -
SAS FM Transaction Extensions 6.1 Decision Server (Unix), Rules Server (Unix) F6T001 - - F6T002 F6T003 F6T004 - F6T005 F6T006 - - F6T007 - F6T008
SAS Fraud Transactional Analysis Engine 6.1 Transaction Analysis Server F8Z001 - - F8Z002 F8Z003 F8Z004 - F8Z005 F8Z006 F8Z007 F8Z008 F8Z009 F8Z010 -


IMPORTANT NOTES

  1. This hot fix requires SAS 9.4 M7 and SAS Security Update 2023-09 or later.
  2. It is strongly recommended that you install hot fixes in a non-production environment and test *before* installing them in production.
  3. The POST-INSTALLATION INSTRUCTION sections are *not* optional. These steps must be reviewed and performed where applicable for all hot fix installations. Any questions on these steps should be directed to support before you begin the installation.


PRE-INSTALLATION INSTRUCTIONS

  1. Create a Deployment Registry report on each server:

    Before applying this hot fix, follow the instructions in SAS Note 35968 to generate a SAS Deployment Registry report on each server in your environment.

    Commands to create the report:
    1. cd <SASHome>/deploymntreg
    2. <JAVA_HOME>/bin/java -jar sas.tools.viewregistry.jar

    Two files are created: DeploymentRegistry.txt and DeploymentRegistry.html. Either of these files can be used to verify that the appropriate product releases are installed on your system. You can determine the current hot fix level by comparing the member hot fix numbers in the HOT FIX COMPONENT HISTORY chart above with the hot fix entries in the Deployment Registry report.

  2. Backups:  Full backups are required. The backups will be needed to roll-back this hot fix installation should an issue occur.

    Backup the following on each Server:

    1. <SASHOME> directory
    2. <CONFIGDIR> directory
    3. Database(s) that will be updated by this hot fix. Review the POST-INSTALLATION INSTRUCTIONS: DATA TIER section to determine if there are database updates.
    4. (Optional) If you have customized the oracle_table_opts.csv file or postgres_table_opts.csv file, you should make a local copy for reference. After the hot fix install completes, you can add back your customizations. The files are located in the <SASHOME>/SASFoundation/9.4/misc/fsmcm/data directory.

      Note: When you run the SAS Deployment Manager in a later step to install the hot fix, you must use the -alwaysoverwrite option to force edited files to be replaced with new files in <SASHome>.

    For a detailed list of updated files, see the hot fix manifest.  NOTE: The manifest is cumulative for all hot fixes for this release.

  3. Stop SAS Fraud Management Servers and Processes:

    1. Stop the OnDemand Decision Engine (ODE) server(s). Log on as the ODE user and run:
      $ cd <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin
      $ ./ose.sh stop
    2. Stop the Transactional Analysis Server (TAS). Log on as the TAS user and run:
      $ cd <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/bin
      $ ./tas.sh stop
    3. All batch jobs and processes running against the SAS FM databases should be stopped.
    4. All rule estimations should be stopped.
  4. Stop SAS Servers:

      Stop the SAS servers using the sas.servers script located in <CONFIGDIR>/Lev1 directory:
      $ ./sas.servers stop


SERVER INSTALLATION

  1. Important:  Install this hot fix using the same userid who performed the initial software installation.
  2. Install the hot fix using the SAS Deployment Manager (SDM):

    Hot Fix F6R014 must be installed on each machine where the updated components of the product, listed above, are installed.

    The hot fix will be applied using the SAS Deployment Manager (SDM). By default, the SDM will search in the <SASHOME>/InstallMisc/HotFixes/New directory for hot fixes to be applied, but will also prompt for a location if you have downloaded hot fixes to a different directory. Do NOT extract the contents of   F6R014pt.zip into the selected directory. The hot fix installation process will extract the contents as needed.

    After copying F6R014pt.zip, follow the instructions for applying hot fixes in the SAS Deployment Wizard and SAS Deployment Manager 9.4: User's Guide.

    For example:

    1. Set the DISPLAY environment variable, for example
      $ export DISPLAY=<displayname>:0
    2. From the SASDeploymentManager directory execute sasdm.sh

      $ cd <SASHOME>/SASDeploymentManager/9.4
      $ ./sasdm.sh

      Important: The SAS Deployment Manager will present a screen with two options: "Apply SAS hot fix" and "Configure SAS hot fix" On this screen, you must ensure that the "Configure SAS hot fix" option is *not* selected before continuing.

    Notes:

    The hot fix installation process generates a log whose name matches this pattern:

    <SASHOME>/InstallMisc/InstallLogs/IT_date-and-time-stamp.log
    An example file name is: IT_2021-05-28-11.00.31.log. Each attempt to apply a hot fix results in the creation of a new log file giving detailed information regarding the installation process.

    For each member hot fix, additional logs are written to the <SASHOME>/InstallMisc/InstallLogs directory. The logs whose names end with "_Install_postexec.log" identify the files that were added, backed up, changed and removed by the installation of that member hot fix.


POST-INSTALLATION INSTRUCTIONS: SERVER TIER

    This section describes custom steps that depend on the starting version of your system before this hot fix was installed. Locate your starting version in the first column of the table below and perform only those steps listed in the second column for that version.

    Starting Version Steps
    6.1M0 (No Hot Fix)
    or
    6.1M0 HF1
    or
    6.1M0 HF2
    or
    6.1M0 HF3

    Steps for upgrade from base 6.1M0, HF1, HF2, HF3 to HF14

    1. Update ODE Server Configuration Files

      IMPORTANT: If you have customized any of the files copied in this step, you must merge your updates into the new versions.

      On each ODE Server:

      1. Back up the actions.xml, database.xml, ose.xml, post-score-actions.xml files in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/etc directory.

      2. Copy or merge these files:
        • actions.xml
        • database.xml
        • ose.xml
        • post-score-actions.xml

        From: <SASHOME>/SASFraudManagementDecisionEngine/6.1/Config/etc
        To:   <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/etc

    2. Update ODE Server Script Files

      IMPORTANT: If you have customized any of the files copied in this step, you must merge your updates into the new versions.

      On each ODE Server:

      1. Back up the msgapi_pb2.py and ose.py files in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin directory.

      2. Copy or merge these files:
        • msgapi_pb2.py
        • ose.py

        From: <SASHOME>/SASFraudManagementDecisionEngine/6.1/Config/bin
        To:   <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin

    3. Update ODE Server Property File:

      On each ODE Server:

      1. Backup the ose.properties file in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/etc directory.
      2. Edit the ose.properties file to change all occurrences of:
         WHITE_LIST 
        To:
         ACCEPT_LIST 

    4. (PostgreSQL only) Update batch environment file

      1. Back up the sasfraud_env.sh file in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/batch/common/etc/ directory.
      2. Edit sasfraud_env.sh to make the following change:

        Locate the 6 lines similar to below. The path may be different in your file.

                  export PATH=/usr/pgsql-11/bin:$PATH
                  if [ "$MACHINE_TYPE" = "lax" ]; then
                     export LD_LIBRARY_PATH=/usr/pgsql-11/lib:$LD_LIBRARY_PATH
                  else
                     export LIBPATH=/usr/pgsql-11/lib:$LIBPATH
                  fi
                 
        Copy the 6 lines from your file and paste them after this section of code:
                  if [ $sordbtype = postgres ]
                  then
        
                    export SOR_PATH_PG="database=sor6 port=<your-db-port> server=\"<your-db-server>\""
                    export TDR_PATH_PG="database=tdr6 port=<your-db-port> server=\"<your-db-server>\""
                    export MEH_PATH_PG="database=meh6 port=<your-db-port> server=\"<your-db-server>\""
                 

    6.1M0 HF4
    or
    6.1M0 HF5
    Steps for upgrade from HF4, HF5 to HF14

    1. Update ODE Server Configuration Files

      IMPORTANT: If you have customized any of the files copied in this step, you must merge your updates into the new versions.

      On each ODE Server:

      1. Back up the ose.xml and post-score-actions.xml files in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/etc directory.

      2. Copy or merge these files:
        • ose.xml
        • post-score-actions.xml

        From: <SASHOME>/SASFraudManagementDecisionEngine/6.1/Config/etc
        To:   <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/etc

    2. Update ODE Server Script Files

      IMPORTANT: If you have customized any of the files copied in this step, you must merge your updates into the new versions.

      On each ODE Server:

      1. Back up the ose.py file in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin directory.

      2. Copy or merge this file:
        • ose.py

        From: <SASHOME>/SASFraudManagementDecisionEngine/6.1/Config/bin
        To:   <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin

    3. Update ODE Server Property File:

      On each ODE Server:

      1. Backup the ose.properties file in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/etc directory.
      2. Edit the ose.properties file to change all occurrences of:
         WHITE_LIST 
        To:
         ACCEPT_LIST 

    6.1M0 HF6
    or
    6.1M0 HF7
    or
    6.1M0 HF8
    or
    6.1M0 HF9
    or
    6.1M0 HF10
    or
    6.1M0 HF11
    Steps for upgrade from HF6, HF7, HF8, HF9, HF10, HF11 to HF14

    1. Update ODE Server Script Files

      IMPORTANT: If you have customized the file copied in this step, you must merge your updates into the new versions.

      On each ODE Server:

      1. Back up the ose.py file in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin directory.

      2. Copy or merge this file:
        • ose.py

        From: <SASHOME>/SASFraudManagementDecisionEngine/6.1/Config/bin
        To:   <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>/bin

    6.1M0 HF12
    or
    6.1M0 HF13
    Steps for upgrade from HF12, HF13 to HF14

    Please see next section for post-installation manual updates required for Trasaction Analysis Server (TAS) when upgrading from 6.1M0 HF12 or HF13 to 6.1M0 HF14.


POST-INSTALLATION INSTRUCTIONS: TRANSACTION ANALYSIS SERVER

If this step has been performed during a prior hot fix installation, it can be skipped.

On the Transaction Analysis Server (TAS), some JAR files need to be copied from the Elasticsearch 2.3.4 installation package to a new 'lib' directory that you create in the TAS configuration directory.
  1. Download and extract the Elasticsearch 2.3.4 installation TAR package.

    Note: If you already have Elasticsearch 2.3.4 installed on a server in your environment, you may copy the files from that installation instead.

  2. Log on to the TAS server as your SAS installation user.

  3. Create a new 'lib' directory in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/ directory.
    mkdir <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/lib
        
  4. Set permissions on the new 'lib' directory so that the TAS user can read the files in it.
    For example, if your SAS Installation user is 'sascfg', and your Unix group is 'sasfraud', and your TAS user is a member of that group, set these permissions:
    chown sascfg.sasfraud <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/lib
    chmod 775 <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/lib
      
  5. Copy all the JAR files:

    From: <temp-dir>/elasticsearch-2.3.4/lib
    To:    <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/lib


POST-INSTALLATION INSTRUCTIONS: DATA TIER

  1. Execute SAS Fraud Management DBMS Package to Update the Databases

    1. The following table describes the database changes for each hot fix. The DBMS script for each database will examine the current state of the database and apply the required changes for the all previous hot fixes and the current hot fix.

      Vendor Database Hot fix Updates
      PostgreSQL MEH HF1 Authorizations are added to the static partition tables.
      Oracle TDR HF1 Peformance improvements are made to the DECODE_BASE64_SIGNATURE function.
      Oracle SOR HF4 Delete fmx_me_phone entry, loaded by default that is a space.
      PostgreSQL SOR HF4 - Support for SAMS for PostgreSQL.
      - Delete fmx_me_phone entry, loaded by default that is a space.
      PostgreSQL TDR HF4 Support for SAMS for PostgreSQL.
      PostgreSQL
      DB2
      Oracle
      SOR HF6 Support for 6000 rule slots.
      PostgreSQL
      DB2
      Oracle
      TDR HF6 Support for 6000 rule slots.
      PostgreSQL
      DB2
      Oracle
      SOR HF8 - Add new properties to the FCM_PROPERTY table
      • lookup_list_invalid_character_messages
      • rule_test_day_duration
      • rule_test_transaction_limit
      • webapp.done.typing.interval
      • webapp.enable.autocompleter
      • webapp.show.rule.syntax.button
      - Update the ACTION_NAME and ACTION_DESC values for ACTION_ID=50143 in the FCM_ACTION table.
      - Update the FCM_FIELD_DEFINITION table to set size related information for the srp_rule_overtime field name.
      - Update the FCM_GSU_VW view.
      DB2 SOR HF8 - Update the FCM_FIELD_DEFINITION table to set DBMS_VARIABLE_TYPE value to DECIMAL(19,5) where it is BINARY_DOUBLE.
      PostgreSQL SOR HF9 - Update the FCM_LOOKUP_LIST_DEFINITION table to change the KEY_COLUMNS data type from VARCHAR(4000) to Text.
      DB2
      Oracle
      SOR HF9 - Update the FCM_LOOKUP_LIST_DEFINITION table to change the KEY_COLUMNS data type from VARCHAR(4000) to CLOB.
      PostgreSQL
      DB2
      Oracle
      SOR HF9 - Update the FCM_PRIVILEGE table to add "Approve and Promote Rules" and "Approve and Delete Rules" privileges.
      PostgreSQL
      DB2
      Oracle
      SOR HF10 - Add new properties to the FCM_PROPERTY table
      • estimation_prep_bypass_weak_dependencies
      • estimation_prep_bypass_strong_dependencies
      • estimation_enable_force_calculation
      PostgreSQL
      DB2
      Oracle
      SOR HF12 - Update the FCM_FIELD_DEFINITION table to correct the DBMS_VARIABLE_TYPE value for the FIELD_NAME = 'tbt_billing_ref_num'.
      DB2 SOR HF12 - Update the GET_RULE_SLOTS function to convert the input HEX string to uppercase.
    2. As the SAS installation user, log on to the server where the SAS Fraud Management Data Services component is installed.
    3. Change to the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/dbms/bin directory.
    4. (Optional) To preview the SQL for the changes that will be applied to each database, run the following commands:
      $ ./mehddl.sh preview
      $ ./sorddl.sh preview
      $ ./tdrddl.sh preview
    5. Run the database update scripts. Check each log for errors. By default, the logs are in <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/dbms/logs directory.
      $ ./mehddl.sh update
      $ ./sorddl.sh update
      $ ./tdrddl.sh update
      Notes:
      • You can run all three <db>ddl.sh scripts whether there are database changes or not. The DBMS package will determine what updates are needed and skip the rest.
      • If a script fails with a checksum error, clear the checksums for the failed database followed by the update command:
        $ ./mehddl.sh clearCheckSums
        $ ./mehddl.sh update

        $ ./sorddl.sh clearCheckSums
        $ ./sorddl.sh update

        $ ./tdrddl.sh clearCheckSums
        $ ./tdrddl.sh update
      • You can update the logging level and log file location the database properties files located in the <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/dbms/etc directory.


UPGRADE to SAS 9.4 M7

    If your servers are at SAS 9.4 M6, upgrade to SAS 9.4 M7 at this time. An upgrade with a current SAS software depot will include the latest SAS Security Updates that are also required for this hot fix.

    If your servers are already at SAS 9.4 M7, skip this step.


INSTALL SAS SECURITY UPDATES

    If the SAS Security Update 2023-09 or later has not been previously installed, it is required that you install it now. The SAS Security Update and install instructions can be found here: SAS Security Updates and Hot Fixes

    If you upgraded SAS 9.4 M6 to SAS 9.4 M7 in the previous step, skip this step. The upgrade process installs the latest SAS Security Update available.


POST-INSTALLATION INSTRUCTIONS: MID TIER

    Update the web applications deployed to your web application servers.

    See SAS 9.4 Intelligence Platform Middle-Tier Administration Guide for details on rebuilding and redeploying Web Applications.


RESTART SAS SERVERS

    Restart the SAS servers using the sas.servers script located in <CONFIGDIR>/Lev1 directory:
    $ ./sas.servers stop
    $ ./sas.servers start
    If 'sas.servers start' command takes a long time to complete, you may be experiencing the issue described in this SAS Note 69187.


START SAS Fraud Management

  1. Redeploy Rules Files in SAS Fraud Management Web Application:

    Log in to the web application as a user with the privilege to deploy rules on the Console tab. Deploy all the existing rules files.

    Note: After a hot fix install, all users may need to clear their web browser cache before running the web application.

  2. Start SAS Fraud Management Servers:

    1. Start the TAS server. Log on as the TAS user and run:
      $ cd <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/analysis/bin
      $ ./tas.sh start
    2. Confirm there are no errors in the log.

    3. Start the ODE server(s). Log on as the ODE user and run:
      $ cd <CONFIGDIR>/Lev1/Applications/SASFraudManagement/6.1/<Auth-Domain>/engine/Server<n>bin
      $ ./ose.sh start
    4. Confirm there are no errors in the log.

    5. Start any batch jobs that were stopped before the installation.
  3. Create a final Deployment Registry report on each server:

    Run a new SAS Deployment Registry report following the same steps as in the PRE-INSTALLATION INSTRUCTIONS. The new report files will overwrite the existing ones. To retain the old files, save them to a new location or rename them before running the commands.

    Please send a copy of the final DeploymentRegistry.txt file to SAS Fraud Management support.


ADDITIONAL INSTRUCTIONS: SAS Business Orchestration Services (BOSS) Servers

    If SAS Business Orchestration Services (BOSS) is used to send transactions to the SAS OnDemand Decision Engine, then three JAR files must match between the OnDemand Decision Engine and the BOSS installation.

    The three JAR files are:

    If these jars have been updated by this hot fix or any hot fix since your starting hot fix level, they must be copied into the 'lib' subdirectory of the BOSS installation directory. For additional details see SAS Note 68969.

    Important: Save a backup copy of the jars from the BOSS directory before replacing them.


This completes the installation of hot fix F6R014 on Linux for x64.


Copyright 2022 SAS Institute Inc. All Rights Reserved.