B Documentation Updates #
This chapter lists content changes for this document.
This manual was updated on the following dates:
- Section B.1, “October 2018 (Maintenance Release for SUSE Linux Enterprise Server 12 SP3)” 
- Section B.2, “September 2017 (Initial Release of SUSE Linux Enterprise Server 12 SP3)” 
- Section B.3, “November 2016 (Initial Release of SUSE Linux Enterprise Server 12 SP2)” 
- Section B.4, “March 2016 (Documentation Maintenance Update for SUSE Linux Enterprise Server 12 SP1)” 
- Section B.5, “December 2015 (Initial Release of SUSE Linux Enterprise Server 12 SP1)” 
- Section B.6, “February 2015 (Documentation Maintenance Update)” 
- Section B.7, “October 2014 (Initial Release of SUSE Linux Enterprise Server 12)” 
B.1 October 2018 (Maintenance Release for SUSE Linux Enterprise Server 12 SP3) #
- General Changes to the Documentation
- Improved consistency of Docker terminology throughout the documentation. This includes renaming a guide to Docker Open Source Engine Guide. 
 
- Chapter 2, Authentication with PAM
- Added warning to keep - pam_systemd.soin the PAM configuration. See Section 2.6, “Manually Configuring PAM” (https://bugzilla.suse.com/show_bug.cgi?id=1068426).
- Added warning to prevent users from locking themselves out when configuring Kerberos. See Section 6.5.9, “Enabling PAM Support for Kerberos” (https://bugzilla.suse.com/show_bug.cgi?id=1010391). 
 
- Chapter 15, Masquerading and Firewalls
- Removed section Basic Configuration from Section 15.4.1, “Configuring the Firewall with YaST” (https://bugzilla.suse.com/show_bug.cgi?id=1073377). 
 
- Part IV, “Confining Privileges with AppArmor”
- Appendix A, Achieving PCI DSS Compliance
- Added new PCI DSS appendix (Fate #314831). 
 
- Bugfixes
- Removed section Basic Configuration from Section 15.4.1, “Configuring the Firewall with YaST” (https://bugzilla.suse.com/show_bug.cgi?id=1073377). 
- Updated Section 25.6, “Deleting an AppArmor Profile” (https://bugzilla.suse.com/show_bug.cgi?id=1070674). 
- Add warning to keep - pam_systemd.soin the PAM configuration. See Section 2.6, “Manually Configuring PAM” (https://bugzilla.suse.com/show_bug.cgi?id=1068426).
- Added Section 25.5, “Unloading Unknown AppArmor Profiles” (https://bugzilla.suse.com/show_bug.cgi?id=1029696). 
- Add warning to prevent users from locking themselves out when configuring Kerberos. See Section 6.5.9, “Enabling PAM Support for Kerberos” (https://bugzilla.suse.com/show_bug.cgi?id=1010391). 
 
B.2 September 2017 (Initial Release of SUSE Linux Enterprise Server 12 SP3) #
- General
- Numerous small fixes and additions to the documentation, based on technical feedback. 
- Removed all references to the - faillogpackage, which is no longer shipped (https://bugzilla.suse.com/show_bug.cgi?id=710788).
 
- Part I, “Authentication”
- Added documentation on using the YaST module to Chapter 5, LDAP—A Directory Service and Chapter 6, Network Authentication with Kerberos (http://bugzilla.suse.com/show_bug.cgi?id=1034818). 
- Added note about deprecation of Unix Attributes plug-in in Microsoft Windows* Server 2016 in Chapter 7, Active Directory Support (Doc Comment #33098). 
 
- Chapter 14, SSH: Secure Network Operations
- Added a tip on viewing - sshdlog files to Section 14.4, “The SSH Daemon (- sshd)”.
 
- Chapter 15, Masquerading and Firewalls
- In Section 15.3, “Firewalling Basics”, updated a link to a HOWTO (https://bugzilla.suse.com/show_bug.cgi?id=1053601). 
 
B.3 November 2016 (Initial Release of SUSE Linux Enterprise Server 12 SP2) #
- General
- The e-mail address for documentation feedback has changed to - doc-team@suse.com.
- The documentation for Docker Open Source Engine has been enhanced and renamed to Docker Guide. 
 
- Chapter 4, Setting Up Authentication Servers and Clients Using YaST
- In Section 4.2, “Configuring an Authentication Client with YaST”, the command is called - sss_cache(https://bugzilla.suse.com/show_bug.cgi?id=993377).
 
- Chapter 7, Active Directory Support
- Added information about the new YaST module to Section 7.3, “Configuring a Linux Client for Active Directory” (Fate# 320407). 
 
- Chapter 14, SSH: Secure Network Operations
- New section Section 14.4.2, “Rotating Host Keys” (Fate #318427). 
 
- Chapter 16, Configuring a VPN Server
- openVPN is now set up via wicked, adjusted Section 16.2.1, “Configuring the VPN Server” accordingly (Fate #317974). 
- Added Section 16.4, “Setting Up a VPN Server or Client Using YaST” (Fate #320616). 
 
B.4 March 2016 (Documentation Maintenance Update for SUSE Linux Enterprise Server 12 SP1) #
- Chapter 6, Network Authentication with Kerberos
- Fixed wrong service name ( - sldapdto- slapd) (https://bugzilla.suse.com/show_bug.cgi?id=963047).
- Chapter 16, Configuring a VPN Server
- Use larger keys (min. 2048bit) instead of 1024 (https://bugzilla.suse.com/show_bug.cgi?id=959634). 
B.5 December 2015 (Initial Release of SUSE Linux Enterprise Server 12 SP1) #
- General
- Book “Subscription Management Tool for SLES 12 SP4” is now part of the documentation for SUSE Linux Enterprise Server. 
- Add-ons provided by SUSE have been renamed as modules and extensions. The manuals have been updated to reflect this change. 
- Numerous small fixes and additions to the documentation, based on technical feedback. 
- The registration service has been changed from Novell Customer Center to SUSE Customer Center. 
- In YaST, you will now reach via the group. is gone (https://bugzilla.suse.com/show_bug.cgi?id=867809). 
 
- Chapter 4, Setting Up Authentication Servers and Clients Using YaST
- Updated the chapter to reflect new GUI improvements for Kerberos/LDAP client (Fate #316349). 
- Chapter 8, Configuring Security Settings with YaST
- Updated chapter because of - systemd-related changes (Fate #318425).
- Chapter 15, Masquerading and Firewalls
- Chapter 31, Configuring SELinux
- Removed references to the source policy files in Section 31.6.6, “Working with SELinux Modules” (not available). 
- Minimum policy is now part of the distribution in Section 31.4, “SELinux Policy”. 
- Removed http://software.opensuse.org as a preferred policy download server, and added https://build.opensuse.org instead in Section 31.4, “SELinux Policy”. 
 
- Bugfixes
- Removed obsolete - acpid.service(https://bugzilla.suse.com/show_bug.cgi?id=918655).
- Removed - /etc/sysconfig/auditdfrom Section 32.2, “Configuring the Audit Daemon”—this configuration file has been removed without replacement (https://bugzilla.suse.com/show_bug.cgi?id=918655).
- Extend Firewall Documentation to Describe How to Open a Port (https://bugzilla.suse.com/show_bug.cgi?id=914076). 
 
B.6 February 2015 (Documentation Maintenance Update) #
- Bugfixes
- Small fix for Section 5.5, “Manually Configuring an LDAP Server”: - SLES 12 Documentation is missing “Configuring an LDAP Server with YaST” (https://bugzilla.suse.com/show_bug.cgi?id=911409). 
 
- Numerous small fixes for Chapter 16, Configuring a VPN Server: 
 
B.7 October 2014 (Initial Release of SUSE Linux Enterprise Server 12) #
- General
- Removed all KDE documentation and references because KDE is no longer shipped. 
- Removed all references to SuSEconfig, which is no longer supported (Fate #100011). 
- Move from System V init to systemd (Fate #310421). Updated affected parts of the documentation. 
- YaST Runlevel Editor has changed to Services Manager (Fate #312568). Updated affected parts of the documentation. 
- Removed all references to ISDN support, as ISDN support has been removed (Fate #314594). 
- Removed all references to the YaST DSL module as it is no longer shipped (Fate #316264). 
- Removed all references to the YaST Modem module as it is no longer shipped (Fate #316264). 
- Btrfs has become the default file system for the root partition (Fate #315901). Updated affected parts of the documentation. 
- The - dmesgnow provides human-readable time stamps in- ctime()-like format (Fate #316056). Updated affected parts of the documentation.
- syslog and syslog-ng have been replaced by rsyslog (Fate #316175). Updated affected parts of the documentation. 
- MariaDB is now shipped as the relational database instead of MySQL (Fate #313595). Updated affected parts of the documentation. 
- SUSE-related products are no longer available from http://download.novell.com but from http://download.suse.com. Adjusted links accordingly. 
- Novell Customer Center has been replaced with SUSE Customer Center. Updated affected parts of the documentation. 
- /var/runis mounted as tmpfs (Fate #303793). Updated affected parts of the documentation.
- The following architectures are no longer supported: IA64 and x86. Updated affected parts of the documentation. 
- The traditional method for setting up the network with - ifconfighas been replaced by- wicked. Updated affected parts of the documentation.
- A lot of networking commands are deprecated and have been replaced by newer commands (usually - ip). Updated affected parts of the documentation.- arp:- ip neighbor- ifconfig:- ip addr,- ip link- iptunnel:- ip tunnel- iwconfig:- iw- nameif:- ip link,- ifrename- netstat:- ss,- ip route,- ip -s link,- ip maddr- route:- ip route
- Numerous small fixes and additions to the documentation, based on technical feedback. 
 
- Chapter 2, Authentication with PAM
- The - pam_pwcheckmodule has been replaced with- pam_crackliband- pam_pwhistory. Updated chapter to reflect this change.
- Chapter 4, Setting Up Authentication Servers and Clients Using YaST
- Added a chapter about the new YaST authentication module for Kerberos and LDAP (Fate #316349). The chapter consists of two parts: Section 4.2, “Configuring an Authentication Client with YaST” and Section 4.2, “Configuring an Authentication Client with YaST” (Fate #308902). 
- Chapter 5, LDAP—A Directory Service
- Updated chapter to reflect the changes in YaST regarding authentication setup (Fate #316349). 
- Chapter 6, Network Authentication with Kerberos
- Updated chapter to reflect the changes in YaST regarding authentication setup (Fate #316349). 
- Chapter 9, Authorization with Polkit
- Updated chapter to reflect major software updates. 
- Chapter 14, SSH: Secure Network Operations
- Mentioned that SSH on SUSE Linux Enterprise Server uses cryptographic hardware acceleration if available (Fate #308239). 
- New section Section 14.3.2, “Setting Permissions for File Uploads” (Fate #312774). 
 
- Chapter 17, Managing X.509 Certification
- The YaST CA module now allows to export key and certificate into different files. See Section 17.2.5, “Changing Default Values” (Fate #305490). 
- Part IV, “Confining Privileges with AppArmor”
- Added short description of supported AppArmor profile flags in Section 22.6.1, “Profile Flags”. 
- Thoroughly explained the syntax and subtle differences in meaning for AppArmor include statements in Section 22.3, “Include Statements”. 
- Introduced extended ways to map a profile: Added Section 22.6.3, “Pattern Matching”, Section 22.6.4, “Namespaces” and updated Section 22.6.6, “Alias Rules”. 
- Added description for new optional - allowand- filekeywords for AppArmor profiles in Section 22.7.7, “Optional- allowand- fileRules”.
- Added description for new - safeand- unsafekeywords for AppArmor profiles to Section 22.8.10, “- safeand- unsafeKeywords”.
- New - PUx/puxand- CUx/cuxprofile transitions added in Section 22.8.8, “Fallback Modes for Profile Transitions”.
- Added new section Section 22.6.3, “Pattern Matching”. 
- Restructured and completely rewrote Chapter 26, Profiling Your Web Applications Using ChangeHat. 
- Removed old content describing the YaST method. 
- Introduced a command line example on creating a hat for the Adminer application. 
 
- Part VI, “The Linux Audit Framework”
- Numerous small fixes and additions, based on technical feedback. 
- Obsolete Content
- Section Adding a Profile Using the Wizard has been removed from Chapter 24, Building and Managing Profiles with YaST (Fate #308684). 
- Section Updating Profiles from Log Entries has been removed from Chapter 24, Building and Managing Profiles with YaST (Fate #308683). 
- Chapter Using the Fingerprint Reader has been removed from Part I, “Authentication” (Fate #313128). 
 
- Bugfixes
- Updated the AppArmor documentation to version 2.8 AppArmor (http://bugzilla.suse.com/show_bug.cgi?id=722915).