HomeProductsSupportServicesTrainingPartnersCompanyContact     


assuriaONLINE Customer and Partner resources Logon / register
     

Subscribe via RSS

RSS 2.0

 assuria bulletin                                                               

 

 
 Title:                         Assuria Auditor AutoUpdate #74

 Number:                   65          Date:  19th February 2008
 

Title.

Assuria Auditor AutoUpdate #74

 

Introduction

 

Assuria Auditor AutoUpdate #74 is an enhancement update. It contains updates to the Assuria Auditor console and agents, for improved functionality. The update is compatible with, and suitable for application to, both Assuria Auditor and ISS System Scanner agents.

 

Change Detection and baselines

 

 

Assuria Auditor has powerful Change Detection features used by many users.  These features are available in a number of Policies and Console functions. 

 

To improve the usability of these features Assuria is consolidating the Change Detection features into a single set of Policies and Console interface.

 

AutoUpdate #74 introduces the first step towards the new consolidated Change Detection features, new and renamed Policies and improved Console display.

 

Assuria Auditor baselines allow the user to store information about each host system at a known configuration (baseline) and then to compare the current configuration against the known configuration with any differences being reported.

 

Areas covered by Assuria Auditor baselines include:

 

  • Files

  • Registry

  • Users

  • Groups

  • Services

  • File Associations

  • Shares

  • Trusted Hosts

 

and on the new Windows 2008 Server agent 3 new baselines are introduced.

  • Brokers

  • Roles

  • Features

 

Note: A BETA release of the new agent is available for running on the BETA release of W2K8 Server.  Assuria are waiting for the GA release of W2K8 Server from Microsoft to complete final testing before making the GA release of the W2K8 agent.

 

 

 

 

 

 

 

Change Detection features in Assuria Auditor include Baselines, Inventory policies and Informational policies.

 

 

 

Baseline Enhancements

 

The Assuria Auditor Console baseline screens have been enhanced to provide users with more and improved information.  All baselines are available to view via the Console.

 

Assuria Auditor’s Change Detection feature is intended to enable users to identify changes on their systems.  The areas covered at this release are:

 

System Objects included are:

 

 

 

System Objects

 

Description

 

UNIX / LINUX

 

Windows 2000 / Windows 2003 Server

 

 

Windows 2008 Server

 

 

File

 

Files selected to be monitored.

 

 

YES

 

YES

 

YES

 

Registry

 

Registry keys selected to be monitored.

 

 

X

 

YES

 

YES

 

File Associations

 

 

File Associations setup.

 

X

 

YES

 

YES

 

Users

 

Users on the system.

 

 

YES

 

YES

 

YES

 

 

 

Group

 

 

 

 

Groups on the system.

 

 

 

 

YES

 

 

 

YES

 

 

 

YES

 

Services

 

Services installed.

 

 

X

 

YES

 

YES

 

Shares

 

File / Folder Drive Shares setup.

 

 

X

 

YES

 

YES

 

Packages

 

Software packages installed.

 

 

YES

 

YES

 

YES

 

Trusted Hosts

 

Trusted Hosts configured.

 

 

YES

 

X

 

X

 

Features

 

Windows 2008 Server features installed.

 

 

X

 

X

 

YES

 

Roles

 

Windows 2008 Server Roles setup.

 

 

X

 

X

 

YES

 

Brokers

 

Windows 2008 Server Brokers established.

 

 

X

 

X

 

YES

 

Example screen – Windows Services

 

Windows 2000 and Windows 2003 package baselines

This updates adds the package baseline to Windows agents.  The Baseline can be used to track any changes to the installed applications packages on a Windows server.

 

Using Baselines

 

 

Check and report

New policies have been created for each individual baseline or old policies have been renamed.  The old policies are still available. 

 

To Check and report any changes to the baseline the policies available are:

 

     - CheckAllBaselines

 

To check individual baselines the policies below are available:

     - CheckFileBaseline

     - CheckFileLogBaseline

     - CheckRegistryBaseline

     - CheckGroupBaseline

     - CheckUserBaseline

     - CheckPackageBaseline

     - CheckServiceBaseline

     - CheckShareBaseline

     - CheckTrustedHostsBaseline

     - CheckAssociationBaseline

     - CheckFeatureBaseline

     - CheckRoleBaseline

     - CheckBrokerBaseline

 

 

Re-set / Update Baseline

 

Once checked users may wish to re-set the baselines, this can be for all baselines using the:

-         UpdateAllBaselines

 

To Re-set / Update or create an individual baseline:

 

     - UpdateGroupBaseline

     - UpdateUserBaseline

     - UpdatePackageBaseline

     - UpdateServiceBaseline

     - UpdateShareBaseline

     - UpdateTrustedHostsBaseline

     - UpdateAssociationBaseline

     - UpdateFeatureBaseline

     - UpdateRoleBaseline

     - UpdateBrokerBaseline

 

The policies read the information available from the operating systems.

 

File and Registry baselines

For File and Registry baselines the objects to be baselined are selected via an Assuria Auditor Console function.  The Baseline can be created via the Console or by running the policies below:

     - CreateFileBaseline

     - CreateRegistryBaseline

 

File and Registry baseline can be updated via the Console or by running the policies below:

     - UpdateFileBaseline

     - UpdateRegistryBaseline

 

Applicable platforms

These new policies have been released on the agents listed below:

  • IBM AIX

  • HP HP-UX 11 (PA-RISC)

  • HP HP-UX 11 (IA-64)

  • Microsoft Windows 2000 (Server and Professional)

  • Microsoft Windows Server 2003

  • Novell SUSE Enterprise Linux 9 (x86)

  • Novell SUSE Enterprise Linux 10 (x86)

  • Red Hat Enterprise Linux 3 and later (x86 and x64)

  • Sun Solaris 8 (SPARC)

  • Sun Solaris 9 (SPARC)

  • Sun Solaris 10 (SPARC)

  • Windows 2000 Professional

  • Windows 2000 Server

  • Windows 2003 Server

 

Textual Manifest

 

The full manifest of new and changed files for this update can be viewed below

 

Console update

    o Updated Executable Files

 

     - bin/tcl/baseline.tbc

     - bin/tcl/cvss.tbc

     - bin/tcl/csvexcp.tbc

     - bin/tcl/db.tbc

     - bin/tcl/help.tbc

     - bin/tcl/host.tbc

     - bin/tcl/htmlexcp.tbc

     - bin/tcl/IndexedResults.tbc

     - bin/tcl/rep_utils.tbc

     - bin/tcl/startup.tbc

     - bin/tcl/RuleEditor.tbc

     - bin/tcl/RuleSetEditor.tbc

     - bin/tcl/treeutils.tbc

 

Agent updates

 

Updates are included for the following agents:

 

    o IBM AIX

    o HP HP-UX 11 (PA-RISC)

    o HP HP-UX 11 (IA-64)

    o Novell SUSE Enterprise Linux 9 (x86)

    o Novell SUSE Enterprise Linux 10 (x86)

    o Red Hat Enterprise Linux 3 and later (x86 and x64)

    o Sun Solaris 8 (SPARC)

    o Sun Solaris 9 (SPARC)

    o Sun Solaris 10 (SPARC)

    o Microsoft Windows 2000 (Server and Professional)

    o Microsoft Windows Server 2003

         

IBM AIX

    o Updated Checks

     - package-added

 

    o New Policies

     - CheckAllBaselines

     - CheckFileBaseline

     - CheckGroupBaseline

     - CheckPackageBaseline

     - CheckTrustedHostsBaseline

     - CheckUserBaseline

 

    o AutoUpdate Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_74.zip

      - lib/xpud3_74.sgn

      - etc/update.ini

 

HP HP-UX 11
(PA-RISC)

o Updated Checks

     - package-added

 

    o New Policies

     - CheckAllBaselines

     - CheckFileBaseline

     - CheckFilesLogBaseline

     - CheckGroupBaseline

     - CheckPackageBaseline

     - CheckTrustedHostsBaseline

     - CheckUserBaseline

 

    o AutoUpdate Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_74.zip

      - lib/xpud3_74.sgn

      - etc/update.ini

 

HP HP-UX 11
(IA-64)

o Updated Checks

     - package-added

 

    o New Policies

     - CheckAllBaselines

     - CheckFileBaseline

     - CheckFilesLogBaseline

     - CheckGroupBaseline

     - CheckPackageBaseline

     - CheckTrustedHostsBaseline

     - CheckUserBaseline

 

    o AutoUpdate Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_74.zip

      - lib/xpud3_74.sgn

      - etc/update.ini

 

Microsoft Windows 2000

    o New Checks

     - package-added

     - package-changed

     - package-deleted

     - updatePackageBaseline

 

    o New Policies

     - CheckAllBaselines

     - CheckAssociationBaseline

     - CheckFileBaseline

     - CheckGroupBaseline

     - CheckPackageBaseline

     - CheckRegistryBaseline

     - CheckServiceBaseline

     - CheckShareBaseline

     - CheckUserBaseline

     - UpdatePackageBasline

 

    o Updated Files

     - bin/procs/proc_packages.tcl

 

    o AutoUpdate Files

     - rulesets/unarchivePolicy

     - signatures/rulesets/unarchivePolicy.sgn

     - lib/xpud3_74.zip

     - lib/xpud3_74.sgn

     - etc/update.ini

Microsoft Windows Server 2003 (x86)

    o New Checks

     - package-added

     - package-changed

     - package-deleted

     - updatePackageBaseline

 

    o New Policies

     - CheckAllBaselines

     - CheckAssociationBaseline

     - CheckFileBaseline

     - CheckGroupBaseline

     - CheckPackageBaseline

     - CheckRegistryBaseline

     - CheckServiceBaseline

     - CheckShareBaseline

     - CheckUserBaseline

     - UpdatePackageBasline