Previous Topic: Windows Endpoint Upgrade ConsiderationsNext Topic: Server Component Upgrade Considerations


UNIX Endpoint Upgrade Considerations

This section describes items you should consider when upgrading CA ControlMinder on UNIX endpoints.

Default Installation Location

The default installation location has changed in r12.0 and is as follows:

/opt/CA/AccessControl

FIPS 140-2 Library Upgrade

This release of CA ControlMinder uses CAPKI 4.1.2 instead of ETPKI 3.2. The upgrade is automatic and keeps the ETPKI 3.2 libraries on your computer if they are used by other components. To determine whether other components are using ETPKI 3.2, CAPKI uses an internal reference count. When this count equals 0, ETPKI 3.2 uninstalls on upgrade.

Systemwide Audit Mode for UNIX Upgrades

The SYSTEM_AAUDIT_MODE property in the SEOS class specifies the default audit mode for users and enterprise users (systemwide audit mode). When you upgrade to CA ControlMinder r12.5 SP1 or later, CA ControlMinder sets the value of the SYSTEM_AAUDIT_MODE property to the value of the DefaultAudit configuration setting in the [newusr] section of the lang.ini file.

Note: The default value of both the SYSTEM_AAUDIT_MODE property and the DefaultAudit configuration setting is Failure LoginSuccess LoginFailure.

Authorization Recognizes Resource Group Ownership

CA ControlMinder takes into account resource group ownership when checking user authorization to a resource. This behavior was introduced in r12.0. In earlier releases, the authorization process considered only the resource's owner.

For example, you define a FILE resource with a default access of none and no owner that is a member to a GFILE resource with a named owner. In CA ControlMinder r12.0 and later, the named group owner has full access to the file. In earlier releases, nobody has access to the file.

syslog Messages That Have a Reduced Priority

The following syslog messages have been reduced to informational priority (INFO rather than ERROR):