Title.

AutoUpdate 58 Release notes

Introduction

This Assuria Bulletin announces the availability of AutoUpdate 58, which introduces new features and updates to Assuria Auditor Console and agents. 

The features have been added as a result of user requests and are:

• New Agent Management Graphs
• Unix Default Password Settings
• Agent Return Communications Diagnostic
• SSHD Configuration Settings
• Updated AIX Check
• Updated Solaris 10 Policy
• Updated Red Hat Enterprise 3 and 4 Policy

This AutoUpdate is fully compatible with the Assuria Auditor and ISS System Scanner range of products, and is managed by the Assuria Auditor Console (formerly ISS System Scanner Console).

New Agent Management Graphs

Agent management has been enhanced by the addition of four graphs which can be viewed on either the enterprise or class level instead of the current Pie Chart. 

The new graphs available are:

• 10 Most Vulnerable Agents
• Vulnerablities per Operating System
• Agent Population by Class
• Agent AutoUpdate Levels

Double-clicking on a selected bar will reveal the data that makes up the chart. 

These new graphs can be enabled / disabled using the 'Show Graphs' checkbox accessed via the Maintenance->Options dialog box.  If the pie chart is currently being displayed then the new charts will be automatically available

Unix Default Password Settings

For Solaris 8,9,10 and HPUX 11 some new checks, which examine default password settings and policy, are released.

 These checks compare values from the system default files (or, if defined therein, built-in default values) against user-defined values.

The latter can be set (or predefined values viewed) using the new Global Policy Variable Configuration facility released in AutoUpdate 56 (see the description therefore).

The variable names for the new checks are all prefixed with defpwd. These new checks are included in the policies sys-defs, Initial-3, Maintenance-4, Initial-All and Maintenance-All

Agent Return Communications Diagnostic

This new diagnostic facility is available from a new button named Response which is located on the main Agent information screen on the Console, next to the Poll button.

This diagnostic will contact the Agent and retrieve the settings used by the Agent to communicate back to the Console. It will also test the Console port and report the connection status as either OK or BAD.

This diagnostic should only be run if a problem exists such that the Console is sending to (e.g. Polling) an Agent successfully but no policy or AutoUpdate result files are being returned.

 If the results file is not returned and no report is generated due to Agent to Console communications failure, a job will still be listed as RUNNING for that Agent.

To generate the report, on the Console, select Session -> Update Task Status. Then remove the FAILED task using View -> Running Tasks.

SSHD Configuration Settings

The mechanism for locating the configuration file and checking the runtime parameters used by SSHD has been improved. If the revised mechanism still cannot find the configuration file, for example if it is in an unusual location, then the user can provide the full hierarchic name to the Agent. This is achieved by adding two lines to the file /etc/env_config, as follows

• Copy the current etc/env_config file (e.g. to etc/env_config.SAVE)
• Edit the etc/env_config file and append the lines
• SM_FILE_SSHD_CONFIG=<Full Path and Filename>
• export SM_FILE_SSHD_CONFIG

Stop and restart the Agent

Updated AIX Check

tdfc-service-database - This check has been disabled for AIX 5.3 due to the large number of services now included in the services file. Even checking directly against the current IANA defined table over 150 vulnerabilities were found due to non-compliance of service names.

Updated Solaris 10 Policy

SANS-Top-20 - Amended to use the correct method of data input for Solaris 10

Updated Red Hat Enterprise 3 and 4 Policy

SANS-Top-20 - Amended to use the correct method of data input for Red Hat Enterprise 3 and 4

The full manifest of new and changed files for this update can be viewed here

Console updates

Updated Database Files

    o Update_DBS/ss42db_Data.MDF

    o Update_DBS/ss42db_Log.LDF

Updated Files

    o bin/tcl/config.tbc

    o bin/tcl/csvexp.tbc       

    o bin/tcl/csvgendb.tbc   

    o bin/tcl/hosts.tbc         

    o bin/tcl/indexresults.tbc

    o bin/tcl/rep_utils.tbc     

    o bin/tcl/db.tbc   

    o bin/tcl/treeutils.tbc     

    o bin/tcl/help.tbc 

    o etc/masteragentvariables.ini   

New Files

    o etc/console_rules/usr_return-comms 

    o etc/console_rulesets/usr_return-comms       

Updated On-Line Help Files

    o help/Policy Navigator/HP-UX 11.chm

    o help/Policy Navigator/Solaris 8.chm

    o help/Policy Navigator/Solaris 9.chm

    o help/Policy Navigator/Solaris 10.chm

XPU version file

    o Update_DBS/xpu_version       

Agent updates

Updates are included for the following agents:

    o HPUX  (Version 11.00, 11.11, 11.23) (PA-RISC)

    o IBM AIX 4.3.3 or later

    o RHEL Red Hat Enterprise Linux 3 (x86), 4 (x86) and 4 (x64)

    o Sun Solaris on SPARC (Versions 8 and 9)

    o Sun Solaris on SPARC (Version 10)

HPUX  (Version 11.00, 11.11, 11.23) (PA-RISC)

    o New Checks

     - oo-defpwd-history

     - oo-defpwd-maxdays

     - oo-defpwd-mindays

     - oo-defpwd-mindigit

     - oo-defpwd-minlower

     - oo-defpwd-minspecial

     - oo-defpwd-minupper

     - oo-defpwd-passlength

     - oo-defpwd-warndays

    o Updated Files

     - bin/procs/tools.tcl

    o Updated Policies

     - Initial-3

     - Maintenance-4

     - sys-defs

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_58.zip

      - lib/xpud3_58.sgn

IBM AIX 4.3.3 or later

    o Updated Checks

     - tdfc-service-database

    o Updated Files

     - bin/procs/tools.tcl

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_58.zip

      - lib/xpud3_58.sgn

RHEL Red Hat Enterprise Linux 3 (x86), 4 (x86) and 4 (x64)

    o Updated Files

     - bin/procs/tools.tcl

    o Updated Policies

     - SANS_Top_20

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_58.zip

      - lib/xpud3_58.sgn

SPARC (Versions 8 and 9)

    o New Checks

     - oo-defpwd-maxweeks

     - oo-defpwd-minweeks

     - oo-defpwd-passlength

     - oo-defpwd-warnweeks

    o Updated Files

     - bin/procs/tools.tcl

    o Updated Policies

     - Initial-3

     - Maintenance-4

     - sys-defs

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_58.zip

      - lib/xpud3_58.sgn

SPARC (Version 10)

    o New Checks

     - oo-defpwd-dictiondbdir

     - oo-defpwd-dictionlist

     - oo-defpwd-history

     - oo-defpwd-maxrepeats

     - oo-defpwd-maxweeks

     - oo-defpwd-minalpha

     - oo-defpwd-mindiff

     - oo-defpwd-mindigit

     - oo-defpwd-minlower

     - oo-defpwd-minnonalpha

     - oo-defpwd-minspecial

     - oo-defpwd-minupper

     - oo-defpwd-minweeks

     - oo-defpwd-namecheck

     - oo-defpwd-passlength

     - oo-defpwd-warnweeks

     - oo-defpwd-whitespace

    o Updated Files

     - bin/procs/tools.tcl

    o Updated Policies

     - Initial-3

     - Maintenance-4

     - SANS_Top_20

     - sys-defs

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_58.zip

      - lib/xpud3_58.sgn