Tag: security

Meltdown and Spectre Vulnerabilities

Summary

Epicor Eclipse is aware of the Meltdown-Spector  vulnerabilities affecting many modern microprocessors from Intel, AMD, POWER and ARM chips that could allow hackers to access a computer’s memory and steal passwords, encryption keys and other private information from open applications.

Because it’s a vulnerability in the CPU hardware implementations, not a bug in the Eclipse application program, there is no “patch” from Eclipse.

We recommend that customers to check with their hardware and Operating System (OS) vendors for applicable patches as the solution for Meltdown and Spectre.

Epicor’s Response

  • Apply the firmware update via BIOS update
  • Apply the operating system (RHEL, Windows and AIX) patch
  • Apply hypervisor patches where applicable

Recommended Customer Actions

We recommend that customers to open a service request with Eclipse Systems support team and deploy patches on their platform and underlying infrastructure on a mutually agreed schedule.

Frequently Asked Questions

Q: How do I patch my system?
A:Install Red Hat updates.
A:Install Dell Firmware Update.

Q: Will these fixes slow down my server?
A:  Yes, there is performance impact caused by additional overhead required for security hardening, but the actual performance degradation that customers see may vary considerably based on the nature of their workload, hardware configuration and system constraints.

Q: Can I disable these fixes?
A: Yes, you can disable the kernel patches if you fell confident that your systems are well protected by other means. Please see this article from Red Hat for a step by step instructions.

References:

How do I remove a Linux Eterm user via the GUI?

Warning: As always, please exercise caution when performing system maintenance, especially when initiating processes that can potentially delete data.

To remove a Linux Eterm user using the GUI:

  • System -> Administration -> Users and Groups
  • Select the user from the list
  • Select the Delete button
  • Verify that the dialog box says “I won’t delete username’s home directory (‘/u2/eclipse’)” before selecting Yes to proceed

Warning: if prompted to remove the shared home directory as shown in the dialog box below, uncheck the box before clicking Yes. Failure to do so will result in the removal of the entire Eclipse database directory (/u2/eclipse).

For your convenience, here is a screencast that covers the entire process for locking or removing a user:

If you prefer to use the command line, please see this page for instructions.

How do I remove a Linux Eterm user via the command line?

Warning: As always, please exercise caution and follow best practices when performing system maintenance, especially when initiating processes that can potentially delete data.

Easy Procedure: Remove a User (Recommended)

  • Log into your server as root
  • Remove the user (where username is the user you wish to remove):
userdel username

If you prefer the graphical interface, you may perform the same function via the GUI.

Advanced Procedure: Remove a User and Home Directory

The above command does not remove the user’s home directory, because it often contains important database files. If you would like to remove both a user and their home directory, you must first verify that your users are not configured to use the database directory as their home directory:

  • Log into the server as root
  • Verify the user’s home directory (where username is the user whose home directory you are checking):
echo ~username
  • If the output displays /u2/eclipse or anything other than /home/usernamedo not continue. This user’s home directory is the shared database directory. You must use the procedure above to remove only the user. Contact Eclipse Support with any questions.
  • If the output displays /home/username, you may proceed with the procedure and remove the user and their home directory:
userdel -r username