Title.

Assuria Auditor AutoUpdate 75 released

Introduction

This update contains security content and updated product features. It contains updated console content, new and updated checks and policies, and updated patch databases, policy navigators and console database content. The update is compatible with, and suitable for application to all Assuria Auditor agents.

Antivirus Update Checks

New checks to detect installed antivirus products which have not been updated recently are included in this update. These checks are available for the following antivirus products:

• AVG7 on Microsoft Windows 2000 (Server and Professional)

• AVG7 on Microsoft Windows Server 2003

• Trend Micro Antivirus on Microsoft Windows 2000 (Server and Professional)

• Trend Micro Antivirus on Microsoft Windows Server 2003

Possible false positives on Red Hat Enterprise Linux

Some customers may encounter false positives on some checks on the Red Hat Enterprise Linux agent, where the currently installed version of some RPM packages are being compared against the versions recommended in Red Hat Security Advisories. The false positives are caused by inconsistent recommendations issued for Red Hat Enterprise Linux (RHEL) and Red Hat Application Stack (AppStack); in some cases the Auditor checks are using the later versions recommended for AppStack rather than the earlier versions recommended for RHEL.

Assuria is currently investigating how to solve this, without disadvantaging customers who may have AppStack installed, and may therefore regard a recommendation against the RHEL advisory as a false negative. We anticipate this may involve separate policies for RHEL and AppStack users, to be shipped in a future AU. In order to help us scope this problem, we would appreciate it if any customer using Auditor in an AppStack environment would contact us at info@assuria.com.

Security Content Updates

Security content based on newly published vendor security bulletins (or similar) is included for the agents listed below:

• IBM AIX 4.3.3, 5.0, 5.1, 5.2

• HP HP-UX 11 (PA-RISC)

• HP HP-UX 11 (IA-64)

• Microsoft Windows 2000 (Server and Professional)

• Microsoft Windows Server 2003

• Novell SUSE Enterprise Linux 9 (x86)

• Novell SUSE Enterprise Linux 10 (x86)

• Red Hat Enterprise Linux 3 and later (x86 and x64)

• Sun Solaris 8 (SPARC)

• Sun Solaris 9 (SPARC)

• Sun Solaris 10 (SPARC)

Manifest

The full manifest of new and changed files for this update can be viewed below.

Console update

    o Database update

      - For new checks as above

    o Policy Navigators for

      - IBM AIX 4.3, 5.0, 5.1, 5.2

      - HP HP-UX 11 (PA-RISC)

      - HP HP-UX 11 (IA-64)

      - Microsoft Windows 2000 (Server and Professional)

      - Microsoft Windows Server 2003

      - Novell SUSE Enterprise Linux 9 (x86)

      - Novell SUSE Enterprise Linux 10 (x86)

      - Red Hat Enterprise Linux 3 and later (x86 and x64)

      - Sun Solaris 8

      - Sun Solaris 9

      - Sun Solaris 10 (SPARC)

    o Other files updated

      - bin/tcl/emailresults.tbc

      - bin/tcl/help.tbc

      - bin/tcl/main.tbc

      - bin/tcl/startup.tbc

      - etc/masteragentvariables.ini

      - help/ContactAssuria.chm

      - help/SupportInfo.chm

Agent updates

Updates are included for the following agents:

    o IBM AIX 4.3, 5.0, 5.1, 5.2

    o HP HP-UX 11 (PA-RISC)

    o HP HP-UX 11 (IA-64)

    o Microsoft Windows 2000 (Server and Professional)

    o Microsoft Windows Server 2003

    o Novell SUSE Enterprise Linux 9 (x86)

    o Novell SUSE Enterprise Linux 10 (x86)

    o Red Hat Enterprise Linux 3 and later (x86 and x64)

    o Sun Solaris 8 (SPARC)

    o Sun Solaris 9 (SPARC)

    o Sun Solaris 10 (SPARC)

IBM AIX 4.3, 5.0, 5.1, 5.2

    o New Checks

      - aix-IY96095-fix

      - aix-IY96101-fix

      - aix-IY97257-fix

      - aix-IY98506-fix

      - aix-IZ00510-fix

      - aix-IZ10244-fix

    o Updated Policies

      - aix-fixes

      - Initial-1

      - Initial-All

      - Maintenance-1

      - Maintenance-All

    o Updated Executable Files

      - bin/procs/tools.tcl

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

HP HP-UX 11 (PA-RISC)

    o Updated Patch Database

      - bin/patch_HP-UX.data

      - bin/patch_HP-UX.ref

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

HP HP-UX 11 (IA-64)

    o Updated Patch Database

      - bin/patch_HP-UX.data

      - bin/patch_HP-UX.ref

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Microsoft Windows 2000

    o New Checks

      - antivirus-avg7

      - antivirus-trend

      - win-ms08kb942831-update

      - win-ms08kb944533-update

      - win-ms08kb946538-update

      - win-ms08kb947890-update

    o Updated Policies

      - antivirus

      - Initial-1

      - Initial-All

      - Maintenance-1

      - Maintenance-All

    o Updated User Configuration Files

      - AntiVirusKeys

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Microsoft Windows Server 2003 (x86)

    o New Checks

      - antivirus-avg7

      - antivirus-trend

      - win-ms08kb942830-update

      - win-ms08kb942831-update

      - win-ms08kb944533-update

      - win-ms08kb946026-update

      - win-ms08kb946538-update

      - win-ms08kb947890-update

    o Updated Policies

      - antivirus

      - Initial-1

      - Initial-All

      - Maintenance-1

      - Maintenance-All

    o Updated User Configuration Files

      - AntiVirusKeys

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Novell SUSE Enterprise Linux 9 (x86)

    o New Checks

      - SuSE-SA-2006-045

      - SuSE-SA-2006-046

      - SuSE-SA-2006-047

      - SuSE-SA-2006-048

      - SuSE-SA-2006-049

      - SuSE-SA-2006-051

      - SuSE-SA-2006-054

      - SuSE-SA-2006-056

      - SuSE-SA-2006-057

      - SuSE-SA-2006-058

      - SuSE-SA-2006-059

      - SuSE-SA-2006-060

      - SuSE-SA-2006-062

      - SuSE-SA-2006-063

      - SuSE-SA-2006-065

      - SuSE-SA-2008-002

      - SuSE-SA-2008-003

      - SuSE-SA-2008-004

      - SuSE-SA-2008-005

      - SuSE-SA-2008-006

    o Updated Policies

      - Initial-1

      - Initial-All

      - Maintenance-1

      - Maintenance-All

      - ssa

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Novell SUSE Enterprise Linux 10 (x86)

    o New Checks

      - SuSE-SA-2006-045

      - SuSE-SA-2006-046

      - SuSE-SA-2006-047

      - SuSE-SA-2006-048

      - SuSE-SA-2006-049

      - SuSE-SA-2006-051

      - SuSE-SA-2006-054

      - SuSE-SA-2006-056

      - SuSE-SA-2006-057

      - SuSE-SA-2006-058

      - SuSE-SA-2006-059

      - SuSE-SA-2006-060

      - SuSE-SA-2006-062

      - SuSE-SA-2006-063

      - SuSE-SA-2006-065

      - SuSE-SA-2008-002

      - SuSE-SA-2008-003

      - SuSE-SA-2008-004

      - SuSE-SA-2008-005

      - SuSE-SA-2008-006

    o Updated Policies

      - Initial-1

      - Initial-All

      - Maintenance-1

      - Maintenance-All

      - ssa

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Red Hat Enterprise Linux 3 and later (x86 and x64)

    o New Checks

      - RHSA-2008-0002

      - RHSA-2008-0003

      - RHSA-2008-0005

      - RHSA-2008-0006

      - RHSA-2008-0007

      - RHSA-2008-0008

      - RHSA-2008-0009

      - RHSA-2008-0029

      - RHSA-2008-0030

      - RHSA-2008-0031

      - RHSA-2008-0032

      - RHSA-2008-0038

      - RHSA-2008-0039

      - RHSA-2008-0040

      - RHSA-2008-0055

      - RHSA-2008-0058

      - RHSA-2008-0059

      - RHSA-2008-0064

      - RHSA-2008-0089

      - RHSA-2008-0090

      - RHSA-2008-0103

      - RHSA-2008-0104

      - RHSA-2008-0105

    o Updated Policies

      - Initial-1

      - Initial-All

      - Maintenance-1

      - Maintenance-All

      - RHSA

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Sun Solaris 8 (SPARC)

    o Updated Patch Database

      - bin/patch_Solaris.data

      - bin/patch_Solaris.ref

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Sun Solaris 9 (SPARC)

    o Updated Patch Database

      - bin/patch_Solaris.data

      - bin/patch_Solaris.ref

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini

Sun Solaris 10 (SPARC)

    o Updated Patch Database

      - bin/patch_Solaris.data

      - bin/patch_Solaris.ref

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_75.zip

      - lib/xpud3_75.sgn

      - etc/update.ini