• No results found

How To Fix A Snare Server On A Linux Server On An Ubuntu (Amd64) (Amd86) (For Ubuntu) (Orchestra) (Uniden) (Powerpoint) (Networking

N/A
N/A
Protected

Academic year: 2021

Share "How To Fix A Snare Server On A Linux Server On An Ubuntu (Amd64) (Amd86) (For Ubuntu) (Orchestra) (Uniden) (Powerpoint) (Networking"

Copied!
8
0
0

Loading.... (view fulltext now)

Full text

(1)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph.

866.431.8972 Toll Free

Who’s Watching your Network?

Network Security Specialists

Symtrex Inc. is pleased to announce the release of Snare Server Version 6.3.5.

Snare Server Version 6.3.5 Bug Fixes:

The Agent configuration retrieval functionality within the Agent Management Console (AMC) has been changed slightly, to limit the number of concurrent connections to a sane maximum. As a result of this change, the AMC will no longer (in very extreme cases) flood the server with numerous processes and use all available resources, instead it will process Agents at a slower, but safer rate.

Security Updates

The bash system package has been updated to include the security patches which resolve the recently discovered Shellshock vulnerability (CVE20146271, CVE20147169, CVE20147187, CVE20147186). Although the Snare Server web server is not running a vulnerable server configuration, other components (such as SSH) may have opened up the possibility for abuse, and this update ensures that the server is no longer vulnerable to this issue. An ssh connection to a Snare Server will still require the authentication to be valid for the connecting user in attempting the exploit. Given a Snare Server command line access is usually restricted to the admin users only this issue would be a low risk activity. If customers have other users that have command line access to their Snare Servers then the likelihood of an attack is much greater. As per normal security practices all admin console access (web and SSH) to the Snare Server should be restricted to only users who require access as part of their job function.

Miscellaneous

Updated vulnerability scanner plugins.

Updated Snare Geographic IP Address database.

Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily.

(2)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph.

866.431.8972 Toll Free

Who’s Watching your Network?

Network Security Specialists

Symtrex Inc. is pleased to announce the release of Snare Server Version 6.3.4.

Snare Server Version 6.3.4 New Features

The behaviour of the Snare Server reflector has been modified so that data coming in via syslog, and being reflected via syslog, will be sent through to the target server unchanged, without additional syslog headers.

Added iotop and sysstat packages into the installation package selection for customers to use as required via the command line console.

Bug Fixes:

The LDAP API references an LDAP object by its distinguished name (DN). Updated DN validation checker to support valid dash characters within the DN value.

Resolved issue where the Objective List wasn't being generated correctly due to unexpected character encoding of the raw data.

The validation phase of the samba password configuration process was overly restrictive, and would not set the password correctly.

Updated User and Group information retrieval code to support different authentication types, to resolve an issue with some legacy Linux Agent versions that returned Authentication Failed messages when a password was set.

Implemented checks within the Agent User and Group data retrieval functionality to help support loading data from busy or overloaded Snare Agents. This resolves an intermittent issue which occurred in older versions of the server that prevented the server from retrieving user group data on each request.

Removed the (broken) Google Talk and Twitter RealTime Alerting options, and cleaned up configuration item to remove the confusion regarding where to configure Email Alerts.

Fixed an issue with the 15 minute pattern map for the Total Events status page that prevented viewing the events list when clicking on a specific Agent under a specific Event Type.

Implemented support for parsing ContentKeeper log data via syslog into the correct log table.

(3)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free 416.769.4477 www.symtrex.com

[email protected]

Who’s Watching your Network?

Network Security Specialists Security Updates

Updated core system packages with latest security and bug fixes.

Miscellaneous

Updated vulnerability scanner plugins.

Updated Snare Geographic IP Address database.

(4)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free 416.769.4477

www.symtrex.com

Who’s Watching your Network?

Network Security Specialists Snare Server Version 6.3.3

Bug Fixes:

Implemented enhanced memory management features within the Snare Database, to prevent reports from not running correctly in some situations when a lot of event data is being processed by a single report. These features are automatic and shouldn’t affect the performance of the database queries. It some cases, objectives may even take less time to be generated.

Resolved the issue with the Retrieve Users and Group data from Active Directory not retrieving the full information in some instances.

Added missing functionality to support MAC Address TOKEN lookup into GenericLog queries. It can be enabled for GenericLog queries by using the 'MACADDRESS' TOKEN on a MAC Address field.

Resolved issue with the Snare Reflector, which prevented the first reflector configuration entry from being removed.

Fixed the LDAP DN validation process to allow dashes within the DN field, as they were beingincorrectly blocked from use.

Security Updates:

Prevented the Windows AD password from being written to the snare.log as part of debugging information. The string '<password>' will now be displayed instead of the password

Updated core system packages with latest security and bug fixes.

Miscellaneous

Updated vulnerability scanner plugings

Updated Snare Geographic IP Address database.

(5)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free 416.769.4477 www.symtrex.com

[email protected]

Who’s Watching your Network?

Network Security Specialists Snare Server Version 6.3.2

New Features:

Added support for the upcoming V4.0.0 releases of the Snare Enterprise Agents for Linux and Solaris. Added a new objective for Windows USB events into the default objectives installed as part of a fresh install of the Snare Server

Bug Fixes:

Resolved issue with the Snare SNMPTrap Collector preventing it from working with some devices. In v6.3.1, the Snare SNMPTrap collector could process snmptrap data tagged as PUBLIC. Unfortunately some devices included double-quotes around the string ("public"), which was causing the underlying SNMPTrap receiver to ignore those specific events. This fix disables tag checking completely, and allows Snare to accept SNMPTrap data with any tags.

Fixed the issue with the per-agent timezone selection, which prevented users from specifying different timezones for different agents within their fleet.

Fixed issue which allowed a TOKEN to be removed accidently while updating it through the configuration dialog. The deletion button has been switched to checkbox, to prevent accidental selection and submission of the form.

Resolved issue for new installations v6.3.0+ where the System Statistics page wasn't showing the full information by default.

Resolved issue affecting recent fresh installations of the Snare Server where the User Group metadata database was being incorrectly initiated. This has been fixed in in the ISO installation image, and the v6.3.2+ update(s) will correctly initiate the database if it is found to be affected.

Security Updates:

Updated core system packages with latest security and bug fixes.

Miscellaneous

Updated vulnerability scanner plugings

Updated Snare Geographic IP Address database.

(6)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free

416.769.4477

Who’s Watching your Network?

Network Security Specialists Snare Server Version 6.3.1

Bug Fixes

Updated the default firewall configuration to use UDP instead of TCP for SNMP. Resolved issue that broke FTOKEN support for some queries.

Resolved the sanitization check that lead to not being able to select the < and <= functions within the Snare Server match interface.

Security Updates

Updated core system packages with latest security and bug fixes.

NFS services, made available as an option on Snare Server v6.2, can now be completely disabled on the Snare Server, through the installation and configuration wizard.

Miscellaneous

Updated vulnerability scanner plugins.

Updated Snare Geographic IP Address database.

(7)

Contact Us: Symtrex Inc. 264 Jane Street Toronto, Ontario Canada, M6S 3Z2 416.769.3000 ph. 866.431.8972 Toll Free 416.769.4477 www.symtrex.com

[email protected]

Who’s Watching your Network?

Network Security Specialists Snare Server Version 6.3.0

New Features

Support was added into the collection system for the AppleBSM audit events provided by the new Snare Agent for OSX (to be released in the near future).

An option was added to the Configuration Wizard to allow customers to disable the daily Pre-Cache functionality, if instructed by a Snare Support Representative. This option disables the daily pre-cache functionality of the internal Snare Database, which can, in rare instances, use more resources during the caching process than are actually saved during the report generation process when caching is enabled. With larger and larger drives being used for the storage of log data, the 'percentage free space' warning and problem threshold settings on the Snare Server Health Checker, have been migrated to a 'gigabytes free' model. As part of the server update process, your previous settings will be automatically converted to the new format.

Bug Fixes

Resolved display issue which prevented the Progress bar from progressing in Google Chrome. Resolved a configuration issue with the OpenVAS vulnerability scanner.

In some circumstances, data validation routines will use an extended path, when saving default values back to the Snare configuration database in the event of a input validation failure, which means that data

validation and correction routines will be called for each and every objective initialisation until the invalid data is updated. This fix trims the path, so that default data can overwrite the invalid data, leading to a tiny speedup in objective instantiation in situations where invalid data has been entered.

Resolved issue that affected some older installations which involved old package updates being applied during the newer updates. The result of which was incorrectly configured packages preventing some system functionality from working. Safeguards have been put into place to ensure this does not occur in the future, and an upgrade to v6.3.0 should resolve any existing issues some customers are experiencing due to this issue.

Added support into the Agent Management Console for Legacy Agent configurations which allowed empty passwords.

Resolved issue that caused the 'Remove Data' objective from reporting a completed data removal process in some situations.

(8)

Who’s Watching your Network?

Security Updates

Updated core system packages with latest security and bug fixes. Completed security audit and applied updates as required.

Implemented centralised checking and sanitisation of input across all user interface components, in order to further reduce the risk of cross site scripting, database injection, and related attempts at corrupting the Snare Server interface.

Implemented CSRF Tokens to eliminate potential avenues for attack against the Snare Server UI. Security options have been migrated to a separate category in the Snare Server wizard.

The ability to block external sites from being displayed in a clickable format (eg: the link to the Snare Server documentation, hosted on the InterSect Alliance web server) has been added.

Paths for hard coded temporary files have been modified to use unique randomly generated filenames, where possible.

Paths for files that store process ID information have been migrated to /var/run to follow unix best practice.

Miscellaneous

Updated vulnerability scanner plugins.

Updated Snare Geographic IP Address database.

Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily.

Updated copyright date stamp on the splash screen to reflect the current year (2014).

Detailed Notes:

1. Applying the Update to a Snare Server v6.

This update can be applied to an existing Snare Server v6, by downloading the Snare Update file from your client area and using the update wizard, found at:

System > Administrative Tools > Snare Server Update

If you have trouble applying this update, please speak to your Snare Support Representative.

2. Update file size issue.

Due to a file-size restriction issue, it is not possible to directly upgrade to v6.3.0 on an existing Snare Server that is still on version 6.0.0. Instead, the special PreUpdate provided in your client area must be applied first, and then the v6.3.0 update can be used.

3. Base Ubuntu OS Information

Snare Server v6.3.0 is based on a stripped down, and hardened version of Ubuntu 10.04.4 LTS. The 32-bit and 64 -bit releases have the same (or equivalent) packages installed with the exception of the Linux Kernel.

32-bit has Ubuntu Kernel 2.6.32-24.43-generic-pae, which is based off the 2.6.32.15+drm33.5

mainline Linux Kernel version

64-bit has Ubuntu Kernel 3.0.0-32.51~lucid1-server, which is based off the 3.0.69 mainline Linux

Kernel version.

References

Related documents

The CAD Import &amp; Mill Essentials Toolpaths Training Tutorial is intended for anyone looking to understand the ins and outs of Mastercam Mill Essentials toolpaths,

In some implementations, the selected IoT devices and/or the actions to be performed can be determined based at least in part on contextual data (e.g., location of user, day of

HOUSEHOLD LEADERS TRAINING HOUSEHOLD LEADERS TRAINING TALK No. Our task Our task is to is to take care of take care of God's people, those God's people, those entrusted to

The TDSP Program Development Objective (PDO) is to “increase RGC’s efficiency in formulating and implementing effective trade policies”.. On the trade policy front, major

The possible existence of a certificate corresponding to a misplaced private key elevated the risk of an impersonation attack; greater vulnerability, greater impact — much

Outbreaks of influenza in health care facilities have been attributed to unvaccinated HCWs. The outbreaks contribute to patient complications or death and increased economic costs

If  you  would  like  us  to  review  the  site  with  you,  you  should  arrange  to  make  an  appointment 

effects of real food expenditures at home and away from home on three different weight- level categories, namely, obesity rates, over- weight rates, and sum of both obesity