B Documentation Updates #
This chapter lists content changes for this document.
This manual was updated on the following dates:
Section B.1, “October 2018 (Maintenance Release for SUSE Linux Enterprise Server 12 SP3)”
Section B.2, “September 2017 (Initial Release of SUSE Linux Enterprise Server 12 SP3)”
Section B.3, “November 2016 (Initial Release of SUSE Linux Enterprise Server 12 SP2)”
Section B.4, “March 2016 (Documentation Maintenance Update for SUSE Linux Enterprise Server 12 SP1)”
Section B.5, “December 2015 (Initial Release of SUSE Linux Enterprise Server 12 SP1)”
Section B.6, “February 2015 (Documentation Maintenance Update)”
Section B.7, “October 2014 (Initial Release of SUSE Linux Enterprise Server 12)”
B.1 October 2018 (Maintenance Release for SUSE Linux Enterprise Server 12 SP3) #
- General Changes to the Documentation
Improved consistency of Docker terminology throughout the documentation. This includes renaming a guide to Docker Open Source Engine Guide.
- Chapter 2, Authentication with PAM
Added warning to keep
pam_systemd.so
in the PAM configuration. See Section 2.6, “Manually Configuring PAM” (https://bugzilla.suse.com/show_bug.cgi?id=1068426).Added warning to prevent users from locking themselves out when configuring Kerberos. See Section 6.5.9, “Enabling PAM Support for Kerberos” (https://bugzilla.suse.com/show_bug.cgi?id=1010391).
- Chapter 15, Masquerading and Firewalls
Removed section Basic Configuration from Section 15.4.1, “Configuring the Firewall with YaST” (https://bugzilla.suse.com/show_bug.cgi?id=1073377).
- Part IV, “Confining Privileges with AppArmor”
- Appendix A, Achieving PCI DSS Compliance
Added new PCI DSS appendix (Fate #314831).
- Bugfixes
Removed section Basic Configuration from Section 15.4.1, “Configuring the Firewall with YaST” (https://bugzilla.suse.com/show_bug.cgi?id=1073377).
Updated Section 25.6, “Deleting an AppArmor Profile” (https://bugzilla.suse.com/show_bug.cgi?id=1070674).
Add warning to keep
pam_systemd.so
in the PAM configuration. See Section 2.6, “Manually Configuring PAM” (https://bugzilla.suse.com/show_bug.cgi?id=1068426).Added Section 25.5, “Unloading Unknown AppArmor Profiles” (https://bugzilla.suse.com/show_bug.cgi?id=1029696).
Add warning to prevent users from locking themselves out when configuring Kerberos. See Section 6.5.9, “Enabling PAM Support for Kerberos” (https://bugzilla.suse.com/show_bug.cgi?id=1010391).
B.2 September 2017 (Initial Release of SUSE Linux Enterprise Server 12 SP3) #
- General
Numerous small fixes and additions to the documentation, based on technical feedback.
Removed all references to the
faillog
package, which is no longer shipped (https://bugzilla.suse.com/show_bug.cgi?id=710788).
- Part I, “Authentication”
Added documentation on using the YaST Chapter 5, LDAP—A Directory Service and Chapter 6, Network Authentication with Kerberos (http://bugzilla.suse.com/show_bug.cgi?id=1034818).
module toAdded note about deprecation of Unix Attributes plug-in in Microsoft Windows* Server 2016 in Chapter 7, Active Directory Support (Doc Comment #33098).
- Chapter 14, SSH: Secure Network Operations
Added a tip on viewing
sshd
log files to Section 14.4, “The SSH Daemon (sshd
)”.
- Chapter 15, Masquerading and Firewalls
In Section 15.3, “Firewalling Basics”, updated a link to a HOWTO (https://bugzilla.suse.com/show_bug.cgi?id=1053601).
B.3 November 2016 (Initial Release of SUSE Linux Enterprise Server 12 SP2) #
- General
The e-mail address for documentation feedback has changed to
doc-team@suse.com
.The documentation for Docker Open Source Engine has been enhanced and renamed to Docker Guide.
- Chapter 4, Setting Up Authentication Servers and Clients Using YaST
In Section 4.2, “Configuring an Authentication Client with YaST”, the command is called
sss_cache
(https://bugzilla.suse.com/show_bug.cgi?id=993377).
- Chapter 7, Active Directory Support
Added information about the new YaST module Section 7.3, “Configuring a Linux Client for Active Directory” (Fate# 320407).
to
- Chapter 14, SSH: Secure Network Operations
New section Section 14.4.2, “Rotating Host Keys” (Fate #318427).
- Chapter 16, Configuring a VPN Server
openVPN is now set up via wicked, adjusted Section 16.2.1, “Configuring the VPN Server” accordingly (Fate #317974).
Added Section 16.4, “Setting Up a VPN Server or Client Using YaST” (Fate #320616).
B.4 March 2016 (Documentation Maintenance Update for SUSE Linux Enterprise Server 12 SP1) #
- Chapter 6, Network Authentication with Kerberos
Fixed wrong service name (
sldapd
toslapd
) (https://bugzilla.suse.com/show_bug.cgi?id=963047).- Chapter 16, Configuring a VPN Server
Use larger keys (min. 2048bit) instead of 1024 (https://bugzilla.suse.com/show_bug.cgi?id=959634).
B.5 December 2015 (Initial Release of SUSE Linux Enterprise Server 12 SP1) #
- General
SMT Guide is now part of the documentation for SUSE Linux Enterprise Server.
Add-ons provided by SUSE have been renamed as modules and extensions. The manuals have been updated to reflect this change.
Numerous small fixes and additions to the documentation, based on technical feedback.
The registration service has been changed from Novell Customer Center to SUSE Customer Center.
In YaST, you will now reach https://bugzilla.suse.com/show_bug.cgi?id=867809).
via the group. is gone (
- Chapter 4, Setting Up Authentication Servers and Clients Using YaST
Updated the chapter to reflect new GUI improvements for Kerberos/LDAP client (Fate #316349).
- Chapter 8, Configuring Security Settings with YaST
Updated chapter because of
systemd
-related changes (Fate #318425).- Chapter 15, Masquerading and Firewalls
- Chapter 31, Configuring SELinux
Removed references to the source policy files in Section 31.6.6, “Working with SELinux Modules” (not available).
Minimum policy is now part of the distribution in Section 31.4, “SELinux Policy”.
Removed http://software.opensuse.org as a preferred policy download server, and added https://build.opensuse.org instead in Section 31.4, “SELinux Policy”.
- Bugfixes
Removed obsolete
acpid.service
(https://bugzilla.suse.com/show_bug.cgi?id=918655).Removed
/etc/sysconfig/auditd
from Section 32.2, “Configuring the Audit Daemon”—this configuration file has been removed without replacement (https://bugzilla.suse.com/show_bug.cgi?id=918655).Extend Firewall Documentation to Describe How to Open a Port (https://bugzilla.suse.com/show_bug.cgi?id=914076).
B.6 February 2015 (Documentation Maintenance Update) #
- Bugfixes
Small fix for Section 5.5, “Manually Configuring an LDAP Server”:
SLES 12 Documentation is missing “Configuring an LDAP Server with YaST” (https://bugzilla.suse.com/show_bug.cgi?id=911409).
Numerous small fixes for Chapter 16, Configuring a VPN Server:
B.7 October 2014 (Initial Release of SUSE Linux Enterprise Server 12) #
- General
Removed all KDE documentation and references because KDE is no longer shipped.
Removed all references to SuSEconfig, which is no longer supported (Fate #100011).
Move from System V init to systemd (Fate #310421). Updated affected parts of the documentation.
YaST Runlevel Editor has changed to Services Manager (Fate #312568). Updated affected parts of the documentation.
Removed all references to ISDN support, as ISDN support has been removed (Fate #314594).
Removed all references to the YaST DSL module as it is no longer shipped (Fate #316264).
Removed all references to the YaST Modem module as it is no longer shipped (Fate #316264).
Btrfs has become the default file system for the root partition (Fate #315901). Updated affected parts of the documentation.
The
dmesg
now provides human-readable time stamps inctime()
-like format (Fate #316056). Updated affected parts of the documentation.syslog and syslog-ng have been replaced by rsyslog (Fate #316175). Updated affected parts of the documentation.
MariaDB is now shipped as the relational database instead of MySQL (Fate #313595). Updated affected parts of the documentation.
SUSE-related products are no longer available from http://download.novell.com but from http://download.suse.com. Adjusted links accordingly.
Novell Customer Center has been replaced with SUSE Customer Center. Updated affected parts of the documentation.
/var/run
is mounted as tmpfs (Fate #303793). Updated affected parts of the documentation.The following architectures are no longer supported: IA64 and x86. Updated affected parts of the documentation.
The traditional method for setting up the network with
ifconfig
has been replaced bywicked
. Updated affected parts of the documentation.A lot of networking commands are deprecated and have been replaced by newer commands (usually
ip
). Updated affected parts of the documentation.arp
:ip neighbor
ifconfig
:ip addr
,ip link
iptunnel
:ip tunnel
iwconfig
:iw
nameif
:ip link
,ifrename
netstat
:ss
,ip route
,ip -s link
,ip maddr
route
:ip route
Numerous small fixes and additions to the documentation, based on technical feedback.
- Chapter 2, Authentication with PAM
The
pam_pwcheck
module has been replaced withpam_cracklib
andpam_pwhistory
. Updated chapter to reflect this change.- Chapter 4, Setting Up Authentication Servers and Clients Using YaST
Added a chapter about the new YaST authentication module for Kerberos and LDAP (Fate #316349). The chapter consists of two parts: Section 4.2, “Configuring an Authentication Client with YaST” and Section 4.2, “Configuring an Authentication Client with YaST” (Fate #308902).
- Chapter 5, LDAP—A Directory Service
Updated chapter to reflect the changes in YaST regarding authentication setup (Fate #316349).
- Chapter 6, Network Authentication with Kerberos
Updated chapter to reflect the changes in YaST regarding authentication setup (Fate #316349).
- Chapter 9, Authorization with Polkit
Updated chapter to reflect major software updates.
- Chapter 14, SSH: Secure Network Operations
Mentioned that SSH on SUSE Linux Enterprise Server uses cryptographic hardware acceleration if available (Fate #308239).
New section Section 14.3.2, “Setting Permissions for File Uploads” (Fate #312774).
- Chapter 17, Managing X.509 Certification
The YaST CA module now allows to export key and certificate into different files. See Section 17.2.5, “Changing Default Values” (Fate #305490).
- Part IV, “Confining Privileges with AppArmor”
Added short description of supported AppArmor profile flags in Section 22.6.1, “Profile Flags”.
Thoroughly explained the syntax and subtle differences in meaning for AppArmor include statements in Section 22.3, “Include Statements”.
Introduced extended ways to map a profile: Added Section 22.6.3, “Pattern Matching”, Section 22.6.4, “Namespaces” and updated Section 22.6.6, “Alias Rules”.
Added description for new optional
allow
andfile
keywords for AppArmor profiles in Section 22.7.7, “Optionalallow
andfile
Rules”.Added description for new
safe
andunsafe
keywords for AppArmor profiles to Section 22.8.10, “safe
andunsafe
Keywords”.New
PUx/pux
andCUx/cux
profile transitions added in Section 22.8.8, “Fallback Modes for Profile Transitions”.Added new section Section 22.6.3, “Pattern Matching”.
Restructured and completely rewrote Chapter 26, Profiling Your Web Applications Using ChangeHat.
Removed old content describing the YaST method.
Introduced a command line example on creating a hat for the Adminer application.
- Part VI, “The Linux Audit Framework”
Numerous small fixes and additions, based on technical feedback.
- Obsolete Content
Section Adding a Profile Using the Wizard has been removed from Chapter 24, Building and Managing Profiles with YaST (Fate #308684).
Section Updating Profiles from Log Entries has been removed from Chapter 24, Building and Managing Profiles with YaST (Fate #308683).
Chapter Using the Fingerprint Reader has been removed from Part I, “Authentication” (Fate #313128).
- Bugfixes
Updated the AppArmor documentation to version 2.8 AppArmor (http://bugzilla.suse.com/show_bug.cgi?id=722915).