It is with great pleasure that I announce that Server Configuration Monitor (SCM) 2019.4 is now generally available for download via the Customer Portal. Our dedicated and hard working engineers have delivered Linux support and other great features.
- Monitor Linux hardware, software and files - Monitor changes to server hardware and software and select specific files you want to watch for changes.
- Execute Linux scripts (bash, python or others) - Build and deploy Linux scripts and monitor the output for changes.
- Out of the box Linux profiles - Ready to use Linux profile for monitoring hardware, software, packages, network configuration, security and more.
- Test Profile Elements before deploying them to your servers - Easily test your elements before deploying them. See the output of your scripts, the files that will be returned, or the registry settings you will capture.
- Structural Diff preview - For structured content line XML and JSON, see the changes that matter (the values), while completely ignoring changes to the structure (spaces, returns, order, etc.)
- Assign/Unassign SCM profiles in Manage Nodes - Quickly assign and unassign SCM profiles from the Manage Nodes view.
If you've seen enough and are ready to upgrade, we won't make you scroll to the bottom - here are all the links you need!
- Download SCM 2019.4 from the Customer Portal
- Release notes
- System requirements
- Administrators guide
- Getting started guide
A few things to remember before you start your upgrade:
- All your Orion modules will upgrade at the same time, so make sure you check out the Orion Platform 2019.4 release notes
- Every release is a fully tested and supported version of the product and you can upgrade current production servers, while retaining your complete configuration and history.
- Note this is the first release using the new SCM version format that adheres to the version format of the Orion Platform.
- SCM 2019.4 is the release after SCM 1.2, and is compatible with Orion Platform 2019.4
Monitor Linux For Configuration Changes
SCM already has great change monitoring of Windows servers and applications, and now you have the same visibility for Linux - monitor hardware, software, files and script outputs. And changes on your Linux servers show up right next to Windows:
OOTB Linux Profiles
What should I monitor? That's always a hard question to answer. SCM makes it easier by including four OOTB Linux profiles to focus on changes that impact the performance, availability, and security of your Linux servers and applications:
- Linux Software: Monitors the software listed in your Node's Asset Inventory.
- Link Hardware: Monitors the hardware listed in your Node's Asset Inventory.
- Linux Essentials: Monitors the essentials of your Linux system, including file system configuration, hardware, network settings, OS and application software, and startup configuration. Elements include:
Monitor all the configuration files that apt uses as its sources. (/etc/apt/**/*)
Monitor the fstab configuration file. (/etc/fstab)
Monitor all of the configuration scripts used to control services. (/etc/init.d/**/*)
Monitor the configuration files for the init subsystem used to startup services. (/etc/init/**/*)
Monitor the configuration file for the initialization system. (/etc/inittab)
Monitor all the configuration files that are used by modprobe to manage the loading of modules during the system boot. (/etc/modprobe.d/**/*)
Monitor the list of modules to load at boot time. (/etc/modules)
Monitor the list of modules to load at boot time. (/etc/modules-load.d/*)
Monitor the configuration file that sysctl uses to change kernel parameters at runtime. (/etc/sysctl.conf)
Monitor the configuration files that sysctl uses to change kernel parameters at runtime. (/etc/sysctl.d/*.conf)
Monitor the file that yum uses for global configuration. (/etc/yum.conf)
Monitor the files that define the extra repositories yum can use. (/etc/yum.repos.d/*)
Monitor the files that store extra yum configurations. (/etc/yum/**/*)
Track changes to your file system block devices (via lsblk).
Monitor a detailed list of system hardware information for changes. List includes cpu (lscpu), general hardware (lshw), PCI bus (lspci), USB (lsusb) and SCSI (lsscsi).
Track the system's nodename, kernel-version, and kernel-release for changes.
Monitor for changes to the ports the system is listening on (excludes UDP).
Track changes to your file system mounts.
Monitor for changes in your network configuration, including the systems DNS name and aliases, network interfaces, hosts file, resolve.conf file and the nsswitch.conf file.
Track all installed packages for changes (both rpm and dpkg).
Monitor the services that are enabled on the system for changes.
- Linux Security and Permissions: Monitors security, groups and user permissions. Elements include:
- Monitor the group configuration file, which defines the groups which users belong. (/etc/group)
- Monitor the configuration file that are used as defaults by user and group utilities. (/etc/login.defs)
- Monitor the configuration file used by PAM to define user access to server resources and applications. (/etc/pam.conf)
- Monitor the configuration files used by PAM to define user access to server resources and applications. (/etc/pam.d/*)
- Monitor the file that contains the attributes of all users or accounts on the system. (/etc/passwd)
- Monitor the configuration files that controls the resources available to user processes, often used by PAM modules. (/etc/security/**/*.conf)
- Monitor the configuration files that control the behavior of Security Enhanced Linux. (/etc/selinux/*)
- List of files that are world writeable.
Test Profile Elements Before Assigning Them
If you've built your own profiles, you've had to deploy them before seeing what's returned. Not anymore - you can test elements right inside the product and rapidly iterate until you have them configured just right... then it's time to push out the new configuration and start monitoring. The new testing feature covers all element types - files, registry, and script outputs, and it even handles when an element returns multiple items.
Let's run a quick test of finding all the "conf" files in /etc/init. From the Server Configuration Monitor Settings > Manage Profiles, check a Profile and click Edit or View Details - I am choosing Linux Essentials. Then choose the * /etc/init/**/ element and click Edit or View Details at the top of the element list.
At the bottom of the Configuration Element Details, click Test. If you haven't chosen a Node previously, SCM will prompt you. Remember to pick a Node that matches the element type - running a Linux element on a Windows node generally won't work.
The result? I can see the three conf files found on the left, and the content for each file on the right. If these are the files you are looking for, you're done!
If I want to try it on another node, I simply click the node on the left and select a different node and see the results again.
Structural Diff Preview
For XML and JSON files, SCM will automatically use a structural diff when display the changes from one file version to another. This makes it easy for you to see the values that change regardless of structure changes (spacing, indenting, returns, etc). Below, SCM highlights just the changed values instead of the entire line and other noise... but you can flip back to regular diff if you prefer.
Content Comparison Improvements
When comparing two versions of files, SCM now has several improvements: Simplified breadcrumbs with links, less vertical white space so you can see more changes on the screen, and a rollover for the element to tell you more information on what you are looking at:
Assign/Unassign SCM Profiles in Manage Nodes
You asked to assign and unassign nodes to policies from the Manage Nodes page, and now you can!
If you haven't checked them out yet, here's a complete list of what changed in SCM 2019.4.
If you don't see the features you've been waiting for, check out the What We're Working on for SCM post for a list of features our dedicated team of configuration nerds and code jockeys are already researching. If you don't see everything you've been wishing for, add it to the Server Configuration Monitor (SCM) Feature Requests.