|
Title. |
Assuria
Auditor AutoUpdate 77 released
|
|
Introduction |
This update contains security content and updated product features. It
contains updated console content, new and updated checks and policies,
and updated patch databases, policy navigators and console database
content. The update is compatible with, and suitable for application to
all Assuria Auditor agents.
|
|
Contents |
This AutoUpdate includes:
-
SANS Top 20 Update
-
New Antivirus checks
-
Support for Windows 2008 Server agent
-
Introduces Inventory baseline (SLES 10)
-
Security Content Update
|
|
SANS Institute Top
20 Security Risks
2007
|
The
SANS Institute Top 20 has been re-implemented as an additional standard
rather than as a separate policy. The SANS Top 20 Policy is withdrawn
and replaced by a database mapping of Assuria Auditor checks to SANS Top
20 items. This change will allow the reporting by selection of SANS Top
20 as an additional standard.
|
|
Antivirus Update Checks
|
New
checks to detect installed antivirus products which have not been
updated recently are included in this update. These checks are available
for the following antivirus products:
-
McAfee on Microsoft Windows 2000
(Server and Professional)
-
McAfee on Microsoft Windows Server
2003
-
Symantec on Microsoft Windows 2000
(Server and Professional)
-
Symantec on Microsoft Windows Server
2003
|
|
Support for Microsoft
Windows Server 2008 agent
|
This update introduces
Console support for the new Microsoft Windows Server 2008 agent. The
agent itself will be subject to a separate release in the very near
future. |
|
Inventory baseline. |
Assuria
Auditor AutoUpdate #75 introduced revised baseline features to the
Assuria Auditor Console.
The new
baselines build on the current system information and baseline features
that includes Files and Registry on windows systems, users, groups,
services, shares and associations.
At this
AutoUpdate the Inventory Baseline is introduced for SLES 10 (x86). All
supported platforms will be included with future AutoUpdates adding this
feature to agents.
|
|
Assuria
Auditor Baselines
|
The table
below shows the Assuria Auditor baselines available for each system
type.
|
|
System Objects
|
Description |
UNIX / LINUX |
Windows 2000 / 2003 Server |
Windows 2008 Server
|
|
File |
Files
selected to be monitored. |
YES |
YES |
YES |
|
Registry |
Registry
keys selected to be monitored. |
- |
YES |
YES |
|
File
Associations |
File
Associations setup. |
- |
YES |
YES |
|
Users |
Users on the
system. |
YES |
YES |
YES |
|
Group |
Groups on
the system. |
YES |
YES |
YES |
|
Services |
Services
installed. |
- |
YES |
YES |
|
Shares |
File /
Folder Drive Shares setup. |
- |
YES |
YES |
|
Packages |
Software
packages installed. |
YES |
YES |
YES |
|
Trusted
Hosts |
Trusted
Hosts configured. |
YES |
- |
- |
|
Features |
Windows 2008
Server features installed. |
- |
- |
YES |
|
Roles |
Windows 2008
Server Roles setup. |
- |
- |
YES |
|
Brokers |
Windows 2008
Server Brokers established. |
- |
- |
YES |
|
CPU |
CPU(s)
installed. |
SLES 10 |
Future AU |
Future AU |
|
Discs |
Discs
installed. |
SLES 10 |
Future AU |
Future AU |
|
Model |
Model of the
target system. |
SLES 10 |
Future AU |
Future AU |
|
Adapters
|
Communications adapters installed.
|
SLES 10 |
Future AU |
Future AU
|
|
Security Content Updates |
Security content based on newly published vendor security bulletins (or
similar) is included for the agents listed below:
-
IBM AIX 4.3.3,
5.0, 5.1, 5.2
-
HP HP-UX 11
(PA-RISC)
-
HP HP-UX 11
(IA-64)
-
Microsoft
Windows 2000 (Server and Professional)
-
Microsoft
Windows Server 2003
-
Novell SUSE
Enterprise Linux 9 (x86)
-
Novell SUSE
Enterprise Linux 10 (x86)
-
Red Hat
Enterprise Linux 3 and later (x86 and x64)
-
Sun Solaris 8 (SPARC)
-
Sun Solaris 9 (SPARC)
-
Sun Solaris 10 (SPARC)
|
|
Console
update |
o
Database update
- For
new checks as above
- For
new Microsoft Windows Server 2008 agent
o
Policy Navigators for
- IBM
AIX 4.3, 5.0, 5.1, 5.2
- HP
HP-UX 11 (PA-RISC)
- HP
HP-UX 11 (IA-64)
-
Microsoft Windows 2000 (Server and Professional)
-
Microsoft Windows Server 2003
-
Novell SUSE Enterprise Linux 9 (x86)
-
Novell SUSE Enterprise Linux 10 (x86)
- Red
Hat Enterprise Linux 3 and later (x86 and x64)
- Sun
Solaris 8
- Sun
Solaris 9
- Sun
Solaris 10 (SPARC)
o Other
files updated
-
bin/tcl/baseline.tbc
-
bin/tcl/config.tbc
-
bin/tcl/cystal.tbc
-
bin/tcl/cvsexpt.tbc
-
bin/tcl/db.tbc
-
bin/tcl/hostset.tbc
-
bin/tcl/htmlexcp.tbc
-
bin/tcl/IndexResults.tbc
-
bin/tcl/rep_utils.tbc
-
bin/tcl/report.tbc
-
bin/tcl/RuleEditor.tbc
-
bin/tcl/RulesetEditor.tbc
-
bin/tcl/treeutils.tbc
-
etc/masteragentvariables.ini
-
lib/DBimport/dbresimport.tcl
|
|
Agent
updates
|
Updates are
included for the following agents:
o IBM
AIX 4.3, 5.0, 5.1, 5.2
o HP
HP-UX 11 (PA-RISC)
o HP
HP-UX 11 (IA-64)
o
Microsoft Windows 2000 (Server and Professional)
o
Microsoft Windows Server 2003
o
Novell SUSE Enterprise Linux 9 (x86)
o
Novell SUSE Enterprise Linux 10 (x86)
o Red
Hat Enterprise Linux 3 and later (x86 and x64)
o Sun
Solaris 8 (SPARC)
o Sun
Solaris 9 (SPARC)
o Sun
Solaris 10 (SPARC)
|
|
IBM AIX
4.3, 5.0, 5.1, 5.2 |
o New
Checks
-
aix-20080205-OpenSSH-trusted-cookie-fix
-
aix-IY97257-fix
-
aix-IY98331-fix
-
aix-IY98340-fix
-
aix-IY98448-fix
-
aix-IY98450-fix
-
aix-IY99517-fix
-
aix-IY99537-fix
-
aix-IZ00559-fix
-
aix-IZ04133-fix
-
aix-IZ06260-fix
-
aix-IZ06261-fix
-
aix-IZ06488-fix
-
aix-IZ06489-fix
-
aix-IZ06620-fix
-
aix-IZ06621-fix
-
aix-IZ10841-fix
-
aix-IZ10842-fix
-
aix-IZ10844-fix
o
Updated Policies
-
aix-fixes
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
HP HP-UX 11
(PA-RISC) |
o
Updated Patch Database
-
bin/patch_HP-UX.data
-
bin/patch_HP-UX.ref
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
HP HP-UX 11
(IA-64) |
o
Updated Patch Database
-
bin/patch_HP-UX.data
-
bin/patch_HP-UX.ref
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Microsoft
Windows 2000 |
o New
Checks
-
antivirus-mcafee
-
antivirus-symantec
o
Updated Checks
-
adobe-reader-apsb07-01-update
-
antivirus-avg7
-
antivirus-trend
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
-
antivirus
-
versionChecks
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Microsoft
Windows Server 2003 (x86) |
o New
Checks
-
adobe-reader-apsb07-18-update
-
antivirus-mcafee
-
antivirus-symantec
o
Updated Checks
-
adobe-reader-apsb07-01-update
-
antivirus-avg7
-
antivirus-trend
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
-
antivirus
-
versionChecks
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Novell SUSE
Enterprise Linux 9 (x86) |
o New
Checks
-
SuSE-SA-2008-008
-
SuSE-SA-2008-010
-
SuSE-SA-2008-012
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
- ssa
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Novell SUSE
Enterprise Linux 10 (x86) |
o New
Checks
-
inventory-added
-
inventory-changed
-
inventory-deleted
-
SuSE-SA-2008-008
-
SuSE-SA-2008-010
-
SuSE-SA-2008-012
-
updateInventoryBaseline
o New
Files
-
bin/procs/proc_inventory.tcl
o New
Polices
-
CheckInventoryBaseline
-
UpdateInventoryBaseline
o
Updated Files
-
bin/checker
-
bin/procs/tools.tcl
o
Updated Policies
-
CheckAllBaseline
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
- ssa
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Red Hat
Enterprise Linux 3 and later (x86 and x64) |
o New
Checks
-
RHSA-2008-0105
-
RHSA-2008-0110
-
RHSA-2008-0123
-
RHSA-2008-0129
-
RHSA-2008-0131
-
RHSA-2008-0132
-
RHSA-2008-0134
-
RHSA-2008-0135
-
RHSA-2008-0136
-
RHSA-2008-0144
-
RHSA-2008-0146
-
RHSA-2008-0153
-
RHSA-2008-0154
-
RHSA-2008-0155
-
RHSA-2008-0156
-
RHSA-2008-0157
-
RHSA-2008-0159
-
RHSA-2008-0161
-
RHSA-2008-0177
-
RHSA-2008-0178
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
-
RHSA
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Sun Solaris
8 (SPARC) |
o
Updated Patch Database
-
bin/patch_Solaris.data
-
bin/patch_Solaris.ref
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
-
SOX-A1
-
security-patches
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Sun Solaris
9 (SPARC) |
o
Updated Patch Database
-
bin/patch_Solaris.data
-
bin/patch_Solaris.ref
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
-
SOX-A1
-
security-patches
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
|
Sun Solaris
10 (SPARC) |
o
Updated Patch Database
-
bin/patch_Solaris.data
-
bin/patch_Solaris.ref
o
Updated Policies
-
Initial-1
-
Initial-All
-
Maintenance-1
-
Maintenance-All
-
SOX-A1
-
security-patches
o
X-Press Update Files
-
rulesets/unarchivePolicy
-
signatures/rulesets/unarchivePolicy.sgn
-
lib/xpud3_77.zip
-
lib/xpud3_77.sgn
-
etc/update.ini
|
