Software-update: Symantec Data Center Security 6.9

Broadcom heeft een update uitgebracht van haar Symantec Data Center Security. Hiermee kun je servers en services monitoren, beveiligen en beschermen. Ondersteuning voor virtualisatieplatforms van VMware, Hyper-V, KVM en Xen is aanwezig, net als ondersteuning van de Linux-, AIX-, HP UX-, Solaris- en Windows-platforms, AWS- en OpenStack-clouds, en docker-containers. Het versienummer voor deze uitgave is vastgezet op 6.9 en kent de volgende veranderingen:

What's new in 6.9

Symantec 6.9 Data Center Security: Server and Data Center Security: Server Advanced includes the following new enhancements and product improvements:

New platform support in 6.9

Platform support for the Data Center Security: Server Advanced 6.9 agent

Platform	Support for IDS	Support for IPS	Antimalware support
RHEL 8.1	✓	✓	✓
RHEL 8.2	✓	✓	✓
RHEL 8.3	✓	✓	✓
RHEL 7.9	✓	✓	✓
SLES 15 SP2	✓	✓	✓
Ubuntu 20.04 LTS	✓	✓	✓
Solaris 11.4 Sparc and X86	✓	✓ (sru18 and above)
Windows 10	✓	✓
RTFIM for NFS Client on AIX

Enhancements in 6.9

The following table provides the list of enhancements in the 6.9 version of Data Center Security: Server Advanced:

Feature	Description
Update the details of multiple assets	You can update the Details for multiple assets. Select multiple assets and press the edit icon to change a subset of detail fields for all assets.
Upgrade your Linux agents from the repository	You can upgrade all of your Linux agents from the repository. You can upgrade your Linux agents on-demand or automatically. Access the Assets page and select Unix to view your Linux agents. Choose a single Linux agent or multiple Linux agents. Press the Upgrade Now button to upgrade your Linux agents on-demand. You can upgrade all Linux agents within a Security Group. Your Linux agent upgrades can be automatically scheduled. You enable the automatic upgrade of your Linux agents from the Unix SDCSS diagnostics policy.
Purge your offline agents	You can purge Data Center Security: Server Advanced agents that are offline for more than a defined number of days. When you purge a Data Center Security: Server Advanced agent, all records of the agent are purged from database. You can enable purging of offline agents from settings page.
Improved editing of file and email content within an alert	Content editing of file and email alerts is now made more user friendly. Additional text searches are added to find specific variables. Examples of variables that you can add include {HOSTNAME}, {NtLog_EventID}, {RESOURCE_NAME} and many more. This lets you customize the messages of your alert actions.
Repeated login failure tracking	You can monitor both individual and repeated login failures and generate events for each. Support for tracking of repeated login failures is added to the Unix_Baseline_Detection policy. A single event is generated when repeated FTP, Telnet, SU, SSH or local login failures occur.
Update the repository URL for each of your Linux agents	You can update the repository URL and the repository name for your Linux agents from the the UNIX_SDCSS_Agent_Diagnostics policy. You can define the following conditions to update the repository file of your Linux agents The repository file of your Linux agent is updated only if it matches a specific agent version. The repository file of your Linux agent is updated if the asset is running a specific version of Amazon Linux, RHEL, SUSE or Ubuntu.
Added a policy option to create rules for private networks.	A private network range is added to all base prevention policies for Windows and Unix and is available when you create a network rule.
Added an option to specify IPV4 or IPV6 in a Windows Policy when creating a network rule.	The Any IPv4 and IPv6 list list is added to Windows prevention policies and is available when you create a network rule.
Command history monitoring for all Unix users	When using the baseline detection policies, you can monitor bash history of all users on Unix systems. Additionally, use of single wildcard ( * ) can be used for directory path in text log monitoring on Windows and Unix.
Tomcat and AdoptOpenJDK (Java Development Kit) updates	With the release of version 6.9, Data Center Security: Server and Data Center Security: Server Advanced uses Tomcat version 9 and AdoptOpenJDK 11.

Resolved issues of the Management Server and UMC

Issue	Resolution description
Unable to move assets to security groups.	Moving assets to another security group fails if your UMC display name includes an apostrophe ('). This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
An alert filter does not return alerts when the event username in the filter is blank.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
The REST API for policies and configurations shows the incorrect path in the result.	If an asset is moved after a policy or configuration is applied to the asset, Rest API calls that fetch applied policies and configuration information returned the incorrect path for policies or configuration fields . This issue is resolved in the release of Data Center Security: Security Advanced 6.9.

Resolved issues of the agent

Issue	Resolution description
IDS fails to start in certain scenarios where syslog daemon takes longer than expected to start.	The sisidsdaemon.service fails to start because a timeout was exceeded as the syslog daemon startup was taking longer than expected. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
The Data Center Security: Security Advanced agent is unable to extract LiveUpdate content after it is downloaded.	LiveUpdate content was failing to extract on Data Center Security: Security Advanced 6.8 MP2 Windows agent systems. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Server running Oracle Enterprise Linux version 6 crashes after a base prevention policy with no modifications (prevention disabled) is applied. On A server running Oracle Enterprise Linux version 6, with a specific kernel, crashes in certain conditions.	On systems running Oracle Enterprise Linux 6 with kernel 3.8.13-118.48.1, a kernel panic occurs because memory allocation was failing during a policy application. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Real-Time File Integrity Monitoring for NFS Clients was disabled by default on Linux systems.	With the release of DCS 6.9, Real-Time File Integrity Monitoring for NFS Clients is enabled by default on all AIX and Linux systems.
Data Center Security: Security Advanced agents running on Windows 2008 servers (non R2) are not reporting correct platform information to the Management Server.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
On AIX systems running the 6.7 MP1 Data Center Security: Security Advanced agent, frequent crashes of the sisidsdaemon are observed.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
The Data Center Security: Security Advanced agent installation partially completes when the installation is attempted during boot before the user login.	Rebooting the system after a Data Center Security: Security Advanced agent uninstall, followed by an agent installation during boot before the user login, results in a partial installation of the the agent. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Server crashes when dump analysis requests are run.	Windows system crashes under heavy network loads were observed. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
SISIPSFIM crashes AIX Server.	AIX systems crashes were observed due to Vnode caching mechanism. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Some system crashes observed on systems running the Windows agent.	System crash on Windows machines were observed when the application uses DISPATCH level. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
In certain conditions, the Data Center Security: Security Advanced agent is not able to receive policies.	This issue occurred because the sisips.nfsd service was started after the sisipsdaemon on Linux systems. With the release of Data Center Security: Security Advanced 6.9, sisips.nfsd starts before the sisips daemon.
With a prevention policy applied, POSC events are not generated for some system calls for systems running Solaris 11.	POSC events are now generated and system calls are getting blocked when it is not allowed from applied prevention policies on systems running Solaris 11. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Data Center Security: Server Advanced agent installation continues when fallback definition file is missing.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9. During an installation of the Data Center Security: Server Advanced agent where the -installFallback switch is used and the fallback definition is missing, an error message is displayed indicating a missing parameter and the installation is aborted. This resolution is added to the release of Data Center Security: Security Advanced 6.9
If the Stargate engine is not initialized, the application of Anti-Malware daemon (AMD) configuration does not work.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Prevention watch events are not sent to the Management server.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
Incorrect windows operating system detail is shown under the Properties > Details >Product Version section within the SISIPSService applicaiton.	This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
PNET event will log IPv6 address when IPv6 is disabled on Data Center Security: Security Advanced agent systems..	With the release of Data Center Security: Security Advanced 6.9, the network traffic of IPv4 in IPv6 format are logged as IPv6 in PNET events.
After upgrading from 6.7.0.1060, the username associated with network events are different.	Incorrect users are mapped for network activities where users are being impersonated. This results in the matching of incorrect network rules. This issue is resolved in the release of Data Center Security: Security Advanced 6.9.
The Data Center Security: Security Advanced agent fails to install on Linux systems when deployed by a service.	Deployment of the Data Center Security: Security Advanced agent through a service was failing on Linux system where SELinux context type is “unconfined_service_t”. With the release of Data Center Security: Security Advanced, supported SELinux context types by Data Center Security: Security Advanced are “unconfined_service_t” and “unconfined_t”
On Linux agents, crash was observed in sisamddeamon.	In the release of Data Center Security: Security Advanced 6.9, exclude file list logging was changed from Info to trace to reduce size of logging and disk space consumption. This also improved sisamddaemon performance.
Crash observed on Linux systems while allocating memory.	In the release of Data Center Security: Security Advanced 6.9, this issue is resolved by fixing a memory leak.