Hot fix S48012 addresses the issue(s) in SAS Web Server 9.4_M1 as documented
in the Issue(s) Addressed section of the hot fix download page:
http://ftp.sas.com/techsup/download/hotfix/HF2/S48.html#S48012
S48012 is a "container" hot fix that contains the following "member" hot fixes which will update the software components
as needed.
S44012 updates SAS Environment Manager 2.1_M1
N48011 updates SAS Web Server 9.4
Before applying this hot fix, follow the instructions in SAS Note 35968 to
generate a SAS Deployment Registry report, then verify that the appropriate product releases are installed on your system. The
release number information in the Registry report should match the 'member' release number information provided above for the
software components installed on each machine in your deployment.
The hot fix downloaded, S48012pt.zip, includes the updates required for all components listed above on all applicable operating systems. To apply this hot fix on multiple machines, you can either save S48012pt.zip on each machine or save it in a network location that is accessible to all machines.
Do NOT extract the contents of S48012pt.zip. The hot fix installation process will extract the contents as needed.
This hot fix requires that your software must already be configured prior to installation. If no configuration directory exists at the time of installation, security updates built into this hot fix will not be completed, leaving your software in a vulnerable state.
The hot fix will be applied using the SAS Deployment Manager. By default, the SAS Deployment Manager will search in the <SASHOME>/InstallMisc/HotFixes/New directory for hot fixes to be applied, but will also prompt for a location if you have downloaded hot fixes to a different directory.
After downloading S48012pt.zip, follow the instructions for applying hot fixes in the SAS Deployment Wizard and SAS Deployment Manager 9.4: User's Guide.
Please review the CONFIGURATION Important Note above concerning proper selection of the "Configure SAS Hot Fix" option in the SAS Deployment Manager.
The hot fix installation process generates the log file
<!SASHOME>/InstallMisc/InstallLogs/IT_date-and-time-stamp.logfor example, IT_2011-10-31-13.18.21.log. Each attempt to apply a hot fix results in the creation of a new log file giving detailed information regarding the installation process.
Postexec log files are created after the installation is completed and identifies the files that were added, backed up, changed and removed. These log files include the ‘member’ hot fix id in the name of the file and are also written to the <!SASHOME>/InstallMisc/InstallLogs directory. There is one postexec log for each ‘member’ hot fix applied (member hot fixes are listed at the top of these instructions).
IMPORTANT NOTE Regarding SSL/TLS:
If your SAS Web Server is configured for SSL/TLS, you will need to install the latest Java 7 Update. Please visit the Updates for Java 7 download page for the latest available updates.
sasws_jarfix-aix.sh <SASHome location>where <SASHome location> is the full path to SASHome
For example:
sasws_jarfix-aix.sh <SASHome location> <SAS Configuration location>Note: The tool can safely be run multiple times.
Change:CustomLog "|<SASHome>/SASWebServer/9.4/httpd-2.2/bin/rotatelogsto
<SASConfig>/LevX/Web/WebServer/logs/access.log 50M" commonCustomLog "|<SASHome>/SASWebServer/9.4/httpd-2.4/bin/rotatelogs
<SASConfig>/LevX/Web/WebServer/logs/access.log 50M" common
Replace the line
Listen 80with the following line:
Listen localhost:7980IMPORTANT NOTE: If you use a non-default port, please enter that port number instead of the one listed above
Locate the following lines for the certificate file and key file and enter the correct filenames:SSLCertificateFile "ssl/myhost.crt"
SSLCertificateKeyFile "ssl/myhost.key"
SSLCertificateChainFile "ssl/myhost.crt
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
Replace the lineHeader set Strict-Transport-Security "max-age=31536000"with the following line:#Header set Strict-Transport-Security "max-age=31536000"
After applying this hot fix, the Pivotal Web Server has been updated to version 6.2. In order for SAS Environment Manager to discover Pivotal Web Server 6.2, please complete the steps below to activate the new plugin.
Note: You must restart all servers and web applications prior to executing the steps below:
For more information on the proper order for starting servers, go to SAS® 9.4 Intelligence Platform: System Administration Guide, Fourth Edition and review the section entitled "Starting, Stopping and Checking the Status of Servers".
Note: If you cannot find the new Pivotal Web Server 6.2 resource in Resources -> Servers page after you clicked the Add Into Inventory link, login to the machine where the Pivotal Web Server 6.2 is installed, stop the Environment Manager Agent on this machine, re-name the data directory under <SASConfig>/LevX/Web/SASEnvironmentManager/agent-5.8.0-EE/ to data_backup, and then restart the Environment Manager Agent. Restarting the Agent must be done by using the hq-agent script with the ‘restart’ option. The new Pivotal Web Server 6.2 resource should appear on the Auto-Discovery section. Select and click the Add Into Inventory link to add this new resource into inventory.
FromSSLProtocol all -SSLv2 -SSLv3
To
SSLProtocol all
FromSSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM -SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128 -SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128 -GCM-SHA256:AES256-SHA256:AES128-SHA256
To
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
Remove the following two attributes inside <Connector> element in this server.xml:
ciphers="TLS_ECDHE_ECDSA_W..................."
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
IMPORTANT NOTES Regarding hot fix updates:
LoadModule sm_module "C:/Program Files (x86)/CA/webagent/bin/mod_sm24.dll"For UNIX deployments, the name of the library is libmod_sm24.so instead of mod_sm24.dll.
SmInitFile "C:/SAS/Config/Lev1/Web/WebServer/conf/WebAgent.conf"
CONFIGURING THIS HOT FIX ON A HORIZONTAL MID-TIER CLUSTER
For initial mid-tier cluster configuration, follow the information provide in SAS Note 59810
Additional manual steps are required to successfully configure these updates on a horizontal mid-tier cluster. See SAS Note SAS Note 60103 for further instructons.
This completes the installation of hot fix S48012 on 64-bit Enabled AIX.
Copyright 2018 SAS Institute Inc. All Rights Reserved.