search cancel

Create a custom patch to remove log4j-1.2.17.jar from PAMSC endpoints

book

Article ID: 240035

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Client needs a patch process to remove  /opt/CA/AccessControl/lbin/java/arcot/log4j-1.2.17.jar file but we cannot provide from development 

Environment

Release : 14.1

Component : PAMSC Endpoint 

Resolution

Create a  patcher.ini file as seen below. Copy this file to a machine running a PAMSC and run

uxpatcher -c patcher

 

##############################################################################################

; -------------------------------------------------------------------------------
; Copyright (c) 2022 CA. All rights reserved.
; This software and all information contained therein is confidential and
; proprietary and shall not be duplicated, used, disclosed or disseminated in any
; way except as authorized by the applicable license agreement, without the
; express written permission of CA. All authorized reproductions must be 
; marked with this language.  
;   
; TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS  
; SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING  
; WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY,  
; FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.  IN NO EVENT  
; WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS
; OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS MATERIAL,
; INCLUDING WITHOUT LIMITATION, LOST PROFITS, BUSINESS
; INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY
; ADVISED OF SUCH LOSS OR DAMAGE.
; --------------------------------------------------------------------------------
; CA Privileged Access Manager Server Control Maintenance Utility
; CA Privileged Access Manager Server Control v14.10-40
;
; VeRsIoN: 14.10-xx (xx) Compiled On: Custom
; --------------------------------------------------------------------------------
; This file contains the tokens used to patch CA Privileged Access Manager Server Control (AC) and 
; CA UNAB Unix Authentication Broker (UNAB).
; The file is divided into sections. Each section starts with a line which contains 
; a one word section name in square brackets. A section contains the tokens used by
; CA Privileged Access Manager Server Control Maintenance Utility. 
; All lines in the file that begin with a semicolon (;) are comments.
; %AC_DIR%        - directory where AC is installed
; %ACSHARED_DIR%  - directory where AccessControl Shared is installed
; %ACSRV_DIR%     - directory where AC server is installed
; %JBOSS_DIR%     - directory where JBOSS is installed
; %UNAB_DIR%      - directory where UNAB is installed


[General]
; --------------------------------------------------------------------------------
; General patch information
; --------------------------------------------------------------------------------

; Specifies patch name
; Gets inserted in the build
Level = DE100001

; Specifies patch description. Description should be one line no more than 256 
; character length.
Description = Custom Patch to remove unused Arcot folder

; Specifies product name
; Options are: AC, ACSHARED, ACSRV or UNAB
; Product name ACSRV supposed to be used when patch includes
; JBOSS files, Message Queue (tibco) files or any of AC server files
; (for example webservice) but not including AC client files.
Product = AC

; Specifies patch version number.
; Gets inserted in the build
Version = 14.10.xx.xx

; Specifies this patch dependence from other CA patches.
; Currently not implemented, reserved for future use.
Dependence = none

; Specifies if host should be rebooted after patching.
; Options are: yes, no
; Default value: yes
Restart = no

; Specifies if minor versions disparity is ignored for MandatoryFiles.
; Options are: yes, no
; Default value in this branch: no
Compatibility = no


; --------------------------------------------------------------------------------
; Section specifies requirements to the host where patch will be applied
; --------------------------------------------------------------------------------
[Host]

; Specifies OS name as it is defined in variable OSTAR in script getvar.sh
; Options are: _AIX, _HPUX11, _HPUX11_IA64, _SOLARIS, _SOLARIS_X86, _LINUX,
; _LINUX_X64, _LINUX390, _LINUX390_64 or all. Token value could contain one
; or more values separated by comma.
; Gets inserted in the build
OSName = _LINUX_X64

; Specifies OS vendor as it is defined in variable OSNAME in script getvar.sh.
; Options are: AIX, _HPUX, REDHAT, SUSE or all.
; Default value: all
; Currently not implemented, reserved for future use.
OSVendor = all

; Specifies OS major version as it is defined in variable OSMAJ in script getvar.sh.
; Options are: certain OS version or all.
; Default value: all
; Currently not implemented, reserved for future use.
OSVerMaj = all 

; Specifies OS minor version as it is defined in variable OSMIN in script getvar.sh.
; Options are: certain OS version or all.
; Default value: all
; Currently not implemented, reserved for future use.
OSVerMin = all 

; Specifies dependence from OS patches
; Options are: list of certain OS patches or no.
; Default value: none
; Currently not implemented, reserved for future use.
Dependence = none

; --------------------------------------------------------------------------------
; Prerun section specifies a list of commands that should be executed before file
; copying starts.  Each command should be defined in a separate line.  The left-
; hand side is a label, which can be an arbitrary, but unique among other labels
; within the section, string.  The right-hand side should contain a precise command 
; with all necessary arguments.  All pre-run commands will be executed in the order 
; they are listed.
; Example: flush_to_disk = /bin/sync
; --------------------------------------------------------------------------------
[PreRun]

; --------------------------------------------------------------------------------
; MandatoryFiles section specifies a list of files that should be replaced in manda-
; tory fashion.  If a particular file does not exist, the patcher will place it, anyway.
; The left-hand side of each line specifies the path of a file within the patch tarball,  
; e.g., with a subdirectory containing it if necessary.  The right-hand side specifies one
; or more files that are to be replaced.
; --------------------------------------------------------------------------------
[MandatoryFiles]


; --------------------------------------------------------------------------------
; OptionalFiles section specifies a list of files that will be replaced only in case 
; they already exist on the file system.
; --------------------------------------------------------------------------------
[OptionalFiles]

; --------------------------------------------------------------------------------
; Postrun section specifies a list of commands that should be executed after all
; files are copied.  Each command should be defined in a separate line.  The left-
; hand side is a label, which can be an arbitrary, but unique among other labels
; within the section, string.  The right-hand side should contain a precise command
; with all necessary arguments.  All post-run commands will be executed in the order
; they are listed.
; --------------------------------------------------------------------------------
[PostRun]
RM_Arcot = /bin/rm -r %AC_DIR%/lbin/java/arcot

 

##############################################################################################