SAP Security Notes: ABAP and Kernel Software Corrections
Hi all,
I have a quick question, hopefully it's just as quick an answer.
Under the Early Watch section in the title it states
Security-related SAP Notes cannot be checked because the results of the RSECNOTE tool are missing.
What does this actually mean and how do I make the results of RSECNOTE available to the early watch report?
It says this in all my systems, I can run the tool via ST13 or SE38 > RSECNOTE manually but surely it's must be referring to some automated results.
Thanks
Craig
Sorry but this note is not relevant, we are using ST-A/PI 01Q_700 SP2 (SAPKITAB7L).
It also refers to RSECNOTE not existing in the system. As I mentioned the tool exists and I can run this manually, but as noted the Early Watch report states
Security-related SAP Notes cannot be checked because the results of the RSECNOTE tool are missing.
Suggesting that somehow results of the tool are held somewhere and are read by the Early Watch report processing. So my question still stands, how are these results made available to the Early Watch report, what batch job needs to be running on a regular basis for this to work?
The very first sentence after the section says
You have marked 2 security-related SAP Notes as not to be considered.
So it must be reading this from somewhere!
Thanks
Craig
Similar Messages
-
Do SAP Security Notes contain hacker and/or virus defence?
Dear SCN fellows,
I am new to this community and generally new to asking for SAP help in discussions and blogs.
I need some advice on whether SAP Security Notes contain hacker and/or virus defences?
I am investigating a companies SAP Security settings against its policy and global market standards. I have identified that since our SAP rollout SAP Security notes patches have not been maintained. RSECNOTE provides a large list of missing security notes. I'm writing a report and what to confirm whether these notes offer any advice, support or notification of hacking or viruses. Similar to Internet security software I guess.
Can anyone advise if my thoughts and questioning is heading in the right direction or have I got the concept of SAP Security Notes completely wrong?
Thank you kindly.
PaulHi Paul,
I need some advice on whether SAP Security Notes contain hacker and/or virus defences?
SAP releases respective security notes as per the loophole identification. Once you run RSECNOTE you get the list of all applicable notes to your software release.
Applying these notes will help you to remove the vulnerability SAP identified, So yes it contains solution to remove vulnerability.
I'm writing a report and what to confirm whether these notes offer any advice, support or notification of hacking or viruses. Similar to Internet security software I guess.
Could you please elaborate it is not that clear to me.
BR,
Mangesh -
I Have a mid 2011 iMac with windows 8.1 on it and constantly get system thread exception not handled and kernel security check failur
I Have a mid 2011 iMac with windows 8.1 on it and constantly get system thread exception not handled and kernel security check failur
-
Last week we saw SAP releasing its SAP Security Notes as per its SAP Security Patch Day Practice .
One of thenotes released was related to a BUG FIX in a Kernel as per note 1487730
https://websmp130.sap-ag.de/sap/support/notes/1487330
Now the issue goes this way .
We are on Kernel 7.01 SP Level 79.
According to the NOTE we need to be atleast on SP Level 103 .
When I check out at Marketplace I can only Find SP Level 111 which is the latest and released on 14.10.2010 ie. 2 days after the NOTER was released .
Apprantely we follow a Thumbs Rule here to Implement the Kernel which is lower than the latest Kernel .
The issue is I cant find Kernel SP Level 103 .
Is it safe to go for SP Level 111 .
Our Database is ORACLE 10.2.0.4
OS PLatform :- Solaris Sparc 64- Bit NON UNICODE
Regards,
Ashish .A. Poojary
Edited by: Ashish Poojary on Oct 21, 2010 7:10 AMHi Ashish,
Generally the rule of N - 1 is followed for SAP Application patches and not for kernel.
You can go for latest kernel, it will not be any problem.
Thanks
Anil -
When I click PDF file, the file does not open and installation software for creative suite automatically begin to start. Even after re-installation of creative suite 5.5, only acrobat reader dose not work and the same phenomena occurs.
Did you ever install Acrobat? It is not installed automatically with CS, but requires an extra installation step.
-
The bluetooth driver is not good and dont work correctly.
the bluetooth driver is not good and dont work correctly.
my notebook is dv6 6160se and with win7 64bit.
and it cant be solved by windous update and driver search.
how can i use of all ability of my bluetooth?the bluetooth driver is not good and dont work correctly.
my notebook is dv6 6160se and with win7 64bit.
and it cant be solved by windous update and driver search.
how can i use of all ability of my bluetooth? -
Apply SAP Security Notes to all components?
Dear Forum,
Is it possible to take advantage of exploits in installed components although theyre not in use? I mean, when patching SAP Security Notes, does it make sence to patch components which are installed but not in use?
Rough example:
We have a system with 10 components (according to SPAM status) only 7 of these modules are actively used. Should all 10 receive applicable SAP Security Notes, or would it be enough to patch the ones in use?
I hope someone is able to elaborate on this
Thanks in advance guys,
Kind Regards,
SorenHI,
for example reading a file. Let's say there is a bug in a program which allows malicious user to read any file on the application server. Obviously, you want to patch this even that program is not used by normal users. Another example is missing authorization checks for table view. You can have assigned proper authorizations for S_TABU_DIS but if a malicious user can trick a program without authorization check to display data from any table then you have a problem. A real example could be an issues fixed in note 1558740. Even if you don't use IS-U those FMs are still in your system.
Don't forget that it's good to have multiple layers of protection. So you keep authorizations tight but still you patch all security issues.
Cheers -
ABAP and Kernel Patches for Upgrade and Conversion in 4.6C
Hi,
We are in a process of upgrade and unicode conversion for the source release 4.6C (Kernel 46D_EXT Patch 2225).
"Combined Upgrade&Unicode Conversion Guide" for "SAP Basis 4.6C u2192 SAP NetWeaver 7.0 application Server ABAP Unicode Including Enhancement Package 1 Support Package 01 - 06" , In Software Requirements step, it says
"3. Import 4.6D Kernel patch 2326 from SAP Service Marketplace according to SAP Note 19466"
We wanted to know whether "IT IS ABSOLUTELY NECCESSARY TO GO FOR THE KERNEL PATCH 2326". We dont have "EBCIDIC code pages" in our MDMP system.
We need to know becauase we are also doing OS migration from AIX to Sun and this step will add to our production downtime.
Please advice what are the other causes we should go for the kernel 2326.
RegardsHello Mr. Nils Buerckel,
Thanks for the reply.
We wanted to be very sure whether we should used Kernel 46D Kernel patch 2326 (As it is specifically mentioned in the SAP CU&UC guide and in SAP Note 867193, It is mentioned that "This patch contains enhancements that are required to execute the "INDX Analysis" scan)
OR
Can we go for the latest kernel patch avaialable at market place? And Will the latest kernel patch also contains the "enhancements that are required to execute the "INDX Analysis" ?
Please reply
Thanks -
Hi all,
When i started studying about for implementing each and every thing in EP/EP-related things it can be done in ABAP and JAVA as well.
I am really worried about this i am already an ABAP consultant and though i have knowledge of J2EE i prefer to follow ABAP version of EP i.e. Dynpro in ABAP and Adobe forms in ABAP..
But i heard that market is good only Java version of implementing the EP.
and SAP it self is suggesting to go for JAVA version.. in that case why has it created ABAP dynpro,ADOBE forms etc etc.
why there are 2 ways (JAVA and ABAP) is it to confuse?? please help .. even if i learn ABAP version of everything will that be useful or not?? As u r already into EP,you guys can tell me is there market for ABAP version of implementing EP related things!!
Please reply.
Thanks in advance.
==============
Srini...hi srinivas....
this is what i feel abt the question......
to answer ur question, one has to think in the perspective of SAP Labs.
there are two ways of doing what u have mentioned and its not to confuse.....
ABAP is the proprietary language of SAP and therefore u dont find as many developers or intellectual manpower in ABAP as u can find for JAVA.....
SAP is trying to focus and capture the medium and small scale markets and industries for which it requires lot of manpower.....
so JAVA is its choice.....
there can be a lot more reasons behind it.....but this is what i feel.....
Regards,
Sudheer -
EWA does not report security notes missing and java systems
Hello guys,
Our early watch report don't contain section 7.1 with security notes missing in the system.
We have solution manager 7.0 with ST-SER 700_2008_1 SP4.
What do we need to configure so that ewa reports security notes missing?
Another doubt, how can I get the list of security notes missing in java stack system like portal?
thanks.
regards,
Filipehello Filipe
Below is a line from the SAP note 888889.
"In the SAP EarlyWatch Alert report, the "Service Preparation Check" unit complains that Note 888889 is not implemented. As a result, the check for security-relevant notes can only be carried out partially in the "Security" section."
Looks like that could be the reason for that.
For JAVA stack there is no note concept.
Thanks & regards
bala -
Why I can not download and update software from App store?
When I want to install some software, only display"please wait",I cannot download and update anyone! Please,help me!!!!
Hi maplefox, it would be a great help to the communities if you were to include:
1: the equipment you're using and any software you're currently running
2; a brief synopsis of what apps or software you're trying to download.
At the bottom of any community members' replies it will have a brief list of the equipment they have and whatever software they're running.
Could you please be more concise with the details of what you are trying to do, and we are more than happy to help. Even more experienced members have problems from time to time.
It would also help if you could take a screenshot to illustrate what you are experiencing.
To do that, if you are using a keyboard, press 'Command', 'shift' and '4'. A 'crosshair' looking like a gunsight will appear on your screen. With your mouse, or trackpad, finger depressed, move the crosshair to the onscreen image, move the crosshair across (from the top left corner) and drag down (to the bottom right corner) until you've covered the area you want to show and just release your finger. the screen shot will appear on your screen. To show it as part of your query page, click on the camera icon and a window will appear asking you to choose an image or file. Click on the screen shot, and then click on 'Insert. Job done. -
On Mac OS X 10.6.6, MacBook Pro.
When I launch Firefox I get an Alert that says,
Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
If I click OK, it goes away and Firefox seems to work fine, but I don't like this situation. Anyone know what this is?
I've trashed the old Firefox (which left a few dynamic libs open and I had to restart to empty the trash) and I installed the latest Firefox (3.6.14), but the problem remains. I found a profile for Firefox in the /Library/Cache folder, but I don't know what to do with it. My disk has plenty of room.
Any help or pointers appreciatedThere are a few possible causes of that error, for details on fixing it see https://support.mozilla.com/kb/Could+not+initialize+the+browser+security+component
-
SAP does not start after Kernel Upgrade
Hi
We were carrying out the Kernel upgrade on our HPUX 11.23 and Oracle, R3 Quality System. From Kernel 196 to Kernel 221
After carrying taking a backup of the current exe folder we have copied the new exe ( after Uncar )
We restarted the system
We then started the Lsnrctl and it started successfully.
After login in as SIDadm and issuing the startsap command it gives the following error message in the startup log
Execute Pre-Startup Commands
(2987) Local: rm -f ms.sapEEQ_SCS01
(2990) Local: ln -s -f /usr/sap/EEQ/SYS/exe/runU/msg_server ms.sapEEQ_SCS01
(2993) Local: rm -f en.sapEEQ_SCS01
(2996) Local: ln -s -f /usr/sap/EEQ/SYS/exe/runU/enserver en.sapEEQ_SCS01
Starting Programs
sh: /usr/sap/EEQ/SYS/exe/runU/sapcontrol: not found.
(3002) Starting: local ms.sapEEQ_SCS01 pf=/usr/sap/EEQ/SYS/profile/EEQ_SCS01_eqc
r3
(3003) Starting: local en.sapEEQ_SCS01 pf=/usr/sap/EEQ/SYS/profile/EEQ_SCS01_eqc
r3
(2976) Waiting for Child Processes to terminate.
(2976) **** 2008/04/17 22:18:28 Child 3002 terminated with Status 150 . ****
(2976) **** 2008/04/17 22:18:28 Child 3003 terminated with Status 150 . ****
(2976) **** No more Child Processes to wait for.
(2976) Parent Shutdown at 2008/04/17 22:18:28
Execute Post-Shutdown Commands
sh: /usr/sap/EEQ/SYS/exe/runU/sapcontrol: not found.
(2976) Exiting with Return-Code 3.
Startup of Instance failed (No more child processes)
After this we have restored the backup....after restart etc...it still gives the same error
Can anyone exeperienced such a problem. Would appricate if you could share on how you resolved the same.
Regards,
Milind KaroorHi Milind!
Just make sure that you have uncarred both OS dependent and independent files
And also make sure that you copy to the existing folder of RUN (make sure your folder name is RUN)after taking a backup.
As You copy it asks to overwrite, then you overwrite the existing ones.
By doing this some of the files which will not be present in the new Kernel will be present., sometimes this may be also one of the reason
As i have faced the same problem
Thanks,
KIRAN
Edited by: kiran d on Apr 18, 2008 12:54 PM -
[SOLVED] Device not found and kernel panic
Hi,
I'm having an issue with the kernel. I get this weird error while booting:
Booting the kernel.
:: running early hook [udev]
:: running hook [udev]
:: Triggering uevents...
ERROR: device '' not found. Skipping fsck.
ERROR: Unable to find root device ''.
You are being dropped to a recovery shell
Type 'exit' to try and continue booting
sh: can't access tty: job control turned off
[rootfs /]# _
I don't have the slightest idea what to type in that shell, so I exit (^D) and get an error with its shell, another one and finally a kernel panic. Do I have to report the other two error as well? I think this might be related to a recent change in my syslinux.cfg. I wanted to add hibernation cabability to my arch, so I added "resume=/dev/sda2" (my swap) to kernel options. It should not yield such a result though. As a matter of fact, I get it even if I remove that parameter at runtime. For now, I managed to boot with Fallback Initramfs.
Here is syslinux.cfg, as well:
# Config file for Syslinux -
# /boot/syslinux/syslinux.cfg
# Comboot modules:
# * menu.c32 - provides a text menu
# * vesamenu.c32 - provides a graphical menu
# * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders
# * hdt.c32 - hardware detection tool
# * reboot.c32 - reboots the system
# * poweroff.com - shutdown the system
# To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux.
# If /usr and /boot are on the same file system, symlink the files instead
# of copying them.
# If you do not use a menu, a 'boot:' prompt will be shown and the system
# will boot automatically after 5 seconds.
# Please review the wiki: https://wiki.archlinux.org/index.php/Syslinux
# The wiki provides further configuration examples
DEFAULT arch
PROMPT 1 # Set to 1 if you always want to display the boot: prompt
TIMEOUT 50
# You can create syslinux keymaps with the keytab-lilo tool
#KBDMAP de.ktl
# Menu Configuration
# Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux
UI menu.c32
#UI vesamenu.c32
# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
MENU TITLE Arch Linux
#MENU BACKGROUND splash.png
MENU COLOR border 30;44 #40ffffff #a0000000 std
MENU COLOR title 1;36;44 #9033ccff #a0000000 std
MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all
MENU COLOR unsel 37;44 #50ffffff #a0000000 std
MENU COLOR help 37;40 #c0ffffff #a0000000 std
MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std
MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std
MENU COLOR msg07 37;40 #90ffffff #a0000000 std
MENU COLOR tabmsg 31;40 #30ffffff #00000000 std
# boot sections follow
# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
# (0) Arch Linux
LABEL arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
APPEND root=/dev/disk/by-uuid/dc891acc-9ff7-4d95-bba4-bc2e502301e7 ro
APPEND resume=/dev/sda2
INITRD ../initramfs-linux.img
# (1) Arch Linux Fallback
LABEL archfallback
MENU LABEL Arch Linux Fallback
LINUX ../vmlinuz-linux
APPEND root=/dev/disk/by-uuid/dc891acc-9ff7-4d95-bba4-bc2e502301e7 ro
INITRD ../initramfs-linux-fallback.img
# (2) Windows
#LABEL windows
#COM32 chain.c32
#APPEND hd0 0
LABEL hdt
MENU LABEL HDT (Hardware Detection Tool)
COM32 hdt.c32
LABEL reboot
MENU LABEL Reboot
COM32 reboot.c32
LABEL off
MENU LABEL Power Off
COMBOOT poweroff.com
Any ideas?
Thank you,
rubik
Last edited by rubik (2012-07-22 10:03:59)Also, don't use "root=/dev/disk/by-uuid/...", that's just wrong. Udev kicks in after the bootloader phase.
https://wiki.archlinux.org/index.php/Sy … nux_Config
Here's mine:
LABEL arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
APPEND root=UUID=978e3e81-8048-4ae1-8a06-aa727458e8ff ro quiet vga=current
INITRD ../initramfs-linux.img
And don't forget to mark it as solved. -
SAP Security audit log and Profile Parameter rsau/enable
Does the Profile Parameter rsau/enable have to ="1" for the audit log to be active or is this parameter set to purely allow the maintainance of static profiles. I have been reading into SAP's documentation and they only refer to this parameter in the "Maintaining Static Profiles" section. Therefore I would like to know if the audit log can record when the parameter rsau/enable = "0"?
Many thanksHi
I have it running on my NW2004s sneak peak system, whit a dynamic filter and the rsau/enable = 0. So Yes - it's possible to record in the secure audit log with rsau/enable = "0", if your using the dynamic filters
Regards
Morten Nielsen
Maybe you are looking for
-
Can not login to Oracle Application Express after upgrade to 3.2
I installed oracle database express and then I upgrade APEX to 3.2 on it. I got the login page but I can not login by using any account, like SYS, SYSTEM. From the document, internal ADMIN account should exist but I did not see it from dba_users tabl
-
Hello ABAPers, I am looking for some technical information relating to workflows in DP Approval route.It is looking interesting as I am Functional consultant and looking for inputs from Technical team.I thought of sharing this interesting this error
-
OS UDM with instace level logic
I am working upon a logic which is written in perl script. This particular logic trigger's an event after checking for each database instance when running from a cron. Now that i am using same script to trigger alert with in OEM. As i see with in SQL
-
I am running a pretty simple dowload to excel page. However, I would like each record to go to a different tab. I am pulling kids information with a record of their advancements. Its a lot of information..so I would like for each kid to go to a dif
-
How to use adobe flash player on mc