Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph.
866.431.8972 Toll Free
Who’s Watching your Network?
Network Security Specialists
Symtrex Inc. is pleased to announce the release of Snare Server Version 6.3.4.
Snare Server Version 6.3.4
New Features
The behaviour of the Snare Server reflector has been modified so that data coming in via syslog, and being reflected via syslog, will be sent through to the target server unchanged, without additional syslog headers.
Added iotop and sysstat packages into the installation package selection for customers to use as required via the command line console.
Bug Fixes:
The LDAP API references an LDAP object by its distinguished name (DN). Updated DN validation checker to support valid dash characters within the DN value.
Resolved issue where the Objective List wasn't being generated correctly due to unexpected character encoding of the raw data.
The validation phase of the samba password configuration process was overly restrictive, and would not set the password correctly.
Updated User and Group information retrieval code to support different authentication types, to resolve an issue with some legacy Linux Agent versions that returned Authentication Failed messages when a password was set.
Implemented checks within the Agent User and Group data retrieval functionality to help support loading data from busy or overloaded Snare Agents. This resolves an intermittent issue which occurred in older versions of the server that prevented the server from retrieving user group data on each request.
Removed the (broken) Google Talk and Twitter RealTime Alerting options, and cleaned up configuration item to remove the confusion regarding where to configure Email Alerts.
Fixed an issue with the 15 minute pattern map for the Total Events status page that prevented viewing the events list when clicking on a specific Agent under a specific Event Type.
Implemented support for parsing ContentKeeper log data via syslog into the correct log table.
Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free
Network Security Specialists
Updated core system packages with latest security and bug fixes.
Miscellaneous
Updated vulnerability scanner plugins.
Updated Snare Geographic IP Address database.
Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily.
Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free 416.769.4477
www.symtrex.com
Who’s Watching your Network?
Network Security Specialists Snare Server Version 6.3.3
Bug Fixes:
Implemented enhanced memory management features within the Snare Database, to prevent reports from not running correctly in some situations when a lot of event data is being processed by a single report. These features are automatic and shouldn’t affect the performance of the database queries. It some cases, objectives may even take less time to be generated.
Resolved the issue with the Retrieve Users and Group data from Active Directory not retrieving the full information in some instances.
Added missing functionality to support MAC Address TOKEN lookup into GenericLog queries. It can be enabled for GenericLog queries by using the 'MACADDRESS' TOKEN on a MAC Address field.
Resolved issue with the Snare Reflector, which prevented the first reflector configuration entry from being removed.
Fixed the LDAP DN validation process to allow dashes within the DN field, as they were beingincorrectly blocked from use.
Security Updates:
Prevented the Windows AD password from being written to the snare.log as part of debugging information. The string '<password>' will now be displayed instead of the password
Updated core system packages with latest security and bug fixes.
Miscellaneous
Updated vulnerability scanner plugings
Updated Snare Geographic IP Address database.
Updated ClamAV virus definitions for customers with servers that cannot access the internet to download their own updates easily.
Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free
Network Security Specialists New Features:
Added support for the upcoming V4.0.0 releases of the Snare Enterprise Agents for Linux and Solaris. Added a new objective for Windows USB events into the default objectives installed as part of a fresh install of the Snare Server
Bug Fixes:
Resolved issue with the Snare SNMPTrap Collector preventing it from working with some devices. In v6.3.1, the Snare SNMPTrap collector could process snmptrap data tagged as PUBLIC. Unfortunately some devices included double-quotes around the string ("public"), which was causing the underlying SNMPTrap receiver to ignore those specific events. This fix disables tag checking completely, and allows Snare to accept SNMPTrap data with any tags.
Fixed the issue with the per-agent timezone selection, which prevented users from specifying different timezones for different agents within their fleet.
Fixed issue which allowed a TOKEN to be removed accidently while updating it through the configuration dialog. The deletion button has been switched to checkbox, to prevent accidental selection and submission of the form.
Resolved issue for new installations v6.3.0+ where the System Statistics page wasn't showing the full information by default.
Resolved issue affecting recent fresh installations of the Snare Server where the User Group metadata database was being incorrectly initiated. This has been fixed in in the ISO installation image, and the v6.3.2+ update(s) will correctly initiate the database if it is found to be affected.
Security Updates:
Updated core system packages with latest security and bug fixes.
Miscellaneous
Updated vulnerability scanner plugings
Updated Snare Geographic IP Address database.
Updated ClamAV virus definitions for customers with servers that cannot access the internet to download their own updates easily.
Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free
416.769.4477
Who’s Watching your Network?
Network Security Specialists Snare Server Version 6.3.1
Bug Fixes
Updated the default firewall configuration to use UDP instead of TCP for SNMP. Resolved issue that broke FTOKEN support for some queries.
Resolved the sanitization check that lead to not being able to select the < and <= functions within the Snare Server match interface.
Security Updates
Updated core system packages with latest security and bug fixes.
NFS services, made available as an option on Snare Server v6.2, can now be completely disabled on the Snare Server, through the installation and configuration wizard.
Miscellaneous
Updated vulnerability scanner plugins.
Updated Snare Geographic IP Address database.
Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily.
Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free
Network Security Specialists New Features
Support was added into the collection system for the AppleBSM audit events provided by the new Snare Agent for OSX (to be released in the near future).
An option was added to the Configuration Wizard to allow customers to disable the daily Pre-Cache functionality, if instructed by a Snare Support Representative. This option disables the daily pre-cache functionality of the internal Snare Database, which can, in rare instances, use more resources during the caching process than are actually saved during the report generation process when caching is enabled. With larger and larger drives being used for the storage of log data, the 'percentage free space' warning and problem threshold settings on the Snare Server Health Checker, have been migrated to a 'gigabytes free' model. As part of the server update process, your previous settings will be automatically converted to the new format.
Bug Fixes
Resolved display issue which prevented the Progress bar from progressing in Google Chrome. Resolved a configuration issue with the OpenVAS vulnerability scanner.
In some circumstances, data validation routines will use an extended path, when saving default values back to the Snare configuration database in the event of a input validation failure, which means that data
validation and correction routines will be called for each and every objective initialisation until the invalid data is updated. This fix trims the path, so that default data can overwrite the invalid data, leading to a tiny speedup in objective instantiation in situations where invalid data has been entered.
Resolved issue that affected some older installations which involved old package updates being applied during the newer updates. The result of which was incorrectly configured packages preventing some system functionality from working. Safeguards have been put into place to ensure this does not occur in the future, and an upgrade to v6.3.0 should resolve any existing issues some customers are experiencing due to this issue.
Added support into the Agent Management Console for Legacy Agent configurations which allowed empty passwords.
Resolved issue that caused the 'Remove Data' objective from reporting a completed data removal process in some situations.
Resolved bug that prevented the Port and Vulnerability Scanner from correctly displaying response of completed scan.
Who’s Watching your Network?
Security UpdatesUpdated core system packages with latest security and bug fixes. Completed security audit and applied updates as required.
Implemented centralised checking and sanitisation of input across all user interface components, in order to further reduce the risk of cross site scripting, database injection, and related attempts at corrupting the Snare Server interface.
Implemented CSRF Tokens to eliminate potential avenues for attack against the Snare Server UI. Security options have been migrated to a separate category in the Snare Server wizard.
The ability to block external sites from being displayed in a clickable format (eg: the link to the Snare Server documentation, hosted on the InterSect Alliance web server) has been added.
Paths for hard coded temporary files have been modified to use unique randomly generated filenames, where possible.
Paths for files that store process ID information have been migrated to /var/run to follow unix best practice.
Miscellaneous
Updated vulnerability scanner plugins.
Updated Snare Geographic IP Address database.
Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily.
Updated copyright date stamp on the splash screen to reflect the current year (2014).
Detailed Notes:
1. Applying the Update to a Snare Server v6.
This update can be applied to an existing Snare Server v6, by downloading the Snare Update file from your client area and using the update wizard, found at:
System > Administrative Tools > Snare Server Update
If you have trouble applying this update, please speak to your Snare Support Representative. 2. Update file size issue.
Due to a file-size restriction issue, it is not possible to directly upgrade to v6.3.0 on an existing Snare Server that is still on version 6.0.0. Instead, the special PreUpdate provided in your client area must be applied first, and then the v6.3.0 update can be used.
3. Base Ubuntu OS Information
Snare Server v6.3.0 is based on a stripped down, and hardened version of Ubuntu 10.04.4 LTS. The 32-bit and 64 -bit releases have the same (or equivalent) packages installed with the exception of the Linux Kernel.
32-bit has Ubuntu Kernel 2.6.32-24.43-generic-pae, which is based off the 2.6.32.15+drm33.5 mainline Linux Kernel version
64-bit has Ubuntu Kernel 3.0.0-32.51~lucid1-server, which is based off the 3.0.69 mainline Linux Kernel version.