Using SAP RSECNOTE tool to display information for ABAP and Java Stack

SAPABAPSAP Basis

In SAP system, you can use tools like RSECNOTE and SAP EarlyWatch Alert which can be to find out the patches and verify their implementation status. You can access RSECNOTE by executing Transaction code: SA38 or ST13.


RSECNOTE tool in SAP system is used to determine which important security notes or hot notes are missing in a system.

You can refer more details about this tool in SAP OSS Note 888889. You can access this tool by calling T-Code: ST13 and entering RSECNOTE and then press F8 button.

888889 - Automatic checks for security notes using RSECNOTE (outdated)

You use transaction ST13 to start the tool RSECNOTE. In transaction ST13, select the tool and start it by choosing "Execute" or F8.

Comment: As of SAP_BASIS Release 620 Support Package 55, SAP_BASIS Release 640 Support Package 13, SAP_BASIS Release 700 and subsequent releases, you can also start the tool as the report RSECNOTE by using transaction SA38, for example.

As a result of the tool RSECNOTE, notes that contain security corrections and notes that are relevant for your system due to the existing software components (taking the releases and the Support Packages into account) are displayed.

The report shows the following three sections:

  • "Missing recommendations"

This section shows the required security-relevant SAP Notes and HotNews. HotNews are flagged with a red traffic light and notes are flagged with a yellow traffic light.

  • "Manually confirmed recommendations"

Report messages can also be confirmed manually. This should only happen in exceptional cases that require it.

For example: You cannot implement a specific note using transaction SNOTE because you manually changed the affected program beforehand. In this case, implement the corrections manually and confirm the message.

  • "Successfully implemented recommendations"

This section shows the security-relevant notes and HotNews that are required for the system and that are implemented successfully.

A note or a HotNews is no longer required if your system release or Support Package level already contains the correction. After the system is upgraded or Support Packages are imported, a note that was implemented earlier may no longer be listed.

List of security-relevant notes that are checked

The tool RSECNOTE checks security-relevant notes or HotNews that are entered as related notes in this present note.

For Note 1298433 "Security note: Bypassing security in reginfo & secinfo", however, the system checks only that at least the required kernel patch is installed. It does not check whether the gateway has also been safeguarded.

An overview of other security-relevant notes or HotNews is provided on the SAP Service Marketplace under the quick link /SECURITYNOTES (https://service.sap.com/securitynotes).

Updating recommendations

The quantity of checked notes or HotNews is managed online by SAP. During a check, a system loads the list automatically using the service connection to SAPNet once a day. You can also use the tool RSECNOTE to update the list manually (menu path: List -> Refresh from SAPNet).

If the system to be checked does not have an online connection to SAPNet, then you can also use a transport to import the current recommendations from another system that has a connection to SAPNet. To do this, create a "Transport of Copies" and enter the object key R3TR TABU /SSF/PTAB. Enter ND* as the table key. This means that all recommendations are selected, including the recommendations for the tools RTCCTOOL and RSECNOTE. Make sure that you have specified a table key. Start the tool RTCCTOOL or RSECNOTE before you export the transport request, to update the recommendations.

Attached to this note is the file

Transport_Files_<date>.zip, which contains the recommendations for the tool RSECNOTE for the specified date. Use the transport files contained in it if you do not have any systems that have an online connection to SAPNet.

EarlyWatch Alert report

The SAP EarlyWatch Alert report also provides a summary of the results of the tool RSECNOTE. For further information on the SAP EarlyWatch Alert report, see Note 863362.

Note Assistant

You can use the Note Assistant (transaction SNOTE) to implement the correction instructions. You can find additional information about the Note Assistant on SAP Service Marketplace under the quick link /NOTE-ASSISTANT (https://service.sap.com/note-assistant).

raja
Published on 25-Dec-2017 22:50:44
Advertisements