SOFTPAQ NUMBER:17963 PART NUMBER: N/A FILE NAME: CompaqW2200-1.03-10.i386.rpm TITLE: System Software Upgrade Package for Compaq W2200 TaskSmart Servers VERSION: 1.03-10 LANGUAGE: English CATEGORY: Fix DIVISION: TaskSmart Appliances PRODUCTS AFFECTED: TaskSmart W2200 (All Models) OPERATING SYSTEM: Red Hat Linux 7.0 SYSTEM CONFIGURATION: All shipping configurations PREREQUISITES: Compaq TaskSmart W2200 Systems Software v1.01 OR v1.02 EFFECTIVE DATE: 10/05/01 ELECTRONIC DISTRIBUTION ALLOWED: Yes SUPERSEDES: N/A DESCRIPTION: - Kernel has been upgraded to 2.2.19. System is no longer vulnerable to the root exploit through the execve() system call. NFS system programs have been upgraded to support the new kernel. - SNMP Read-only Community String: If the SNMP Read-only Community String was set to the default setting of "public", the upgrade process changed it to "cpqPublic" for enhanced security. If the default setting had been changed from "public" before the upgrade, the custom string is retained. RAPIDLAUNCH USABILITY NOTE: UID light functionality is unaffected when using RapidLaunch v2.3 or higher. If using an older version of RapidLaunch the "SNMP Read" field must be changed to cpqPublic before the UID light will function properly. Simply click the "Authentication" field for the device and change the "SNMP Read" field to cpqPublic. - Apache Module "mod_status": The Apache module, mod_status, which presents an HTML page with the current server statistics is now disabled by default for enhanced security. The system administrator may choose to turn mod_status back on by enabling it in the Web Server Configuration Application. - Added ability to disallow incoming traffic to any system service IP port by Ethernet interface through the Web Server Configuration Application (* indicates new port selections in this release) Service / Port(s) HTTP / *80 HTTPS / *443 Anonymous FTP / 21 Telnet / 23 SSH / 22 SMTP / 25 POP3 / 110 IMAP / 143, 220, 993 SNMP / 161 Who/Login / *513 Auth - Ident / 113 ICMP (ping, timestamp) / *ICMP protocol NFS / *111, *113, *1024, *1025, 2049 Compaq Insight Web Management Agent / *2301 Compaq Configurator / 3201 WEB SERVER CONFIGURATION APPLICATION - System can now be upgraded by browsing and uploading the upgrade rpm from a local workstation. - When restoring a system, you may select to either perform a "Full Restore" or "Replicate Configuration". A full restore will restore all data to the system. A replicated configuration will allow you to set the Hostname, and IP addresses to unique values on the target system. - The Unit Identification Light LED may be enabled or disabled from the menu to help you identify a W2200 in a rack. This replaces the CD eject function. Service on IP port 3203, used for the CD eject function, has been removed. - Added ability to disallow incoming traffic on various additional ports and services (see Security Enhancements above). - Fixed security issue limiting virtual site administrators from looking at other sites. - Fixed disk quota initialization after a system restore. NETWORKING - Fixed ipchains issue limiting outbound traffic on various ports. Fixed ipchains "no defined interface" issue. MANAGEMENT - Updated Compaq Insight Manager agents to version 5.20. Updated Health driver to 2.2.0. HOW TO USE: 1) Download the SoftPaq to a directory on your hard drive and change to that directory. The file that is downloaded is a tgz file with a filename based on the SoftPaq Number. 2) From that drive and directory, type the following to extract the downloaded file: tar zxvf sp17963.tgz The RPM and README files will be created in the current directory. 3) After the RPM is extracted, you may delete the SoftPaq file downloaded in step one. 4) Refer to the README for installation instructions. 5) After the installation is completed, you may delete the files unpacked in step 2. Copyright 2001, Compaq Computer Corporation. All rights reserved. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.