Security Content Update Release Notes for CCS 11.0: 2012 …€¦ · The following standard is...

Security Content UpdateRelease Notes for CCS 11.0

2012-3 Update

Security Content Update 2012-3 Release Notes

Legal NoticeCopyright © 2012 Symantec Corporation.

All rights reserved.

Symantec and the Symantec Logo are trademarks or registered trademarks of SymantecCorporation or its affiliates in theU.S. and other countries. Other namesmaybe trademarksof their respective owners.

The Licensed Software andDocumentation are deemed to be commercial computer softwareas defined in FAR12.212 and subject to restricted rights as defined in FARSection 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software andDocumentation by theU.S.Government shall be solely in accordance with the terms of this Agreement.

Chapter 1 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Post-install Configuration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 2 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Enhancements in SCU 2012-3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7New checks .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9New standards ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9New additions in predefined platforms .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 3 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Resolved Issues ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 4 Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Known Issues ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 5 Files Added or Updated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Files added or updated for Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Files added or updated for UNIX .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Files added or updated for VMware .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Contents

Contents4

Getting Started

This chapter includes the following topics:

■ Post-install Configuration

Post-install ConfigurationBefore you begin using the Security content update 2012-3 you may need to dothe following:

■ Updating the VMware ESXi Machine assets for the VMware platformRefer to the sectionUpgradingVMwaredatacollectionforSCU2012-3 in theSecurity Content Update Getting Started Guide

■ Upgrade the CCS assets for Apache Tomcat StandardRefer to the section Upgrading the CCS assets for Apache Tomcat Standardin the Security Content Update Getting Started Guide

1Chapter

Getting StartedPost-install Configuration

6

Enhancements


■ Enhancements in SCU 2012-3

■ New checks

■ New standards

■ New additions in predefined platforms

Enhancements in SCU 2012-3TheSecurity ContentUpdate (SCU) 2012-3 contains the following enhancements:

■ New standardsSee “New standards” on page 9.

■ New checksSee “New checks” on page 9.

■ Target types, asset groups, entities, and fields for the predefined platforms.See “New additions in predefined platforms” on page 10.

■ VMware Platform2012-3 Update now enhances the CCS Manager with built-in capabilities tocollect data from VMware assets.A new perdefined VMware platform is now added to enable collection of datafor VMware ESX/ESXi through vCenter.

Note: The settings page for VMware Information Server will not be availableafter upgrading to SCU.

2Chapter

Refer to the Upgrading VMware data collection for SCU 2012-3 section in theSecurity Content Update Getting Started Guide

■ Windows PlatformThe following standard is updated for Windows platform:

■ CIS Windows Server 2003 Legacy Security Settings for Domain MemberServers v2.0

■ PolicyThe following policy content is added to CCS in 2012-3 Update:

■ MAS IBTRMV3 - Monetary Authority of Singapore Internet Banking andTechnology Risk Management Guidelines.

■ FEDRAMP - Federal Risk and Authorization Management Program

■ ESM release information

■ New platform support

■ SQL Server 2012

■ The 2012-3 Update adds the following new standards:

■ CIS_for_Sybase_v1.1.0

■ CIS Security Benchmark for AIX v5.3 and 6.1

■ Check for missing or installed Windows patches on your Windows assetsTheCreate orEditQuerywizard lets you select theWindows -PatchAssessmententity, to create a query to check for missing or installed Windows patches onyour Windows assets. While selecting a scope to patch, you can specifyadditional scope for patch assessment in the Additional Settings box. Alongwith the version numbers, you can also match the checksum of the files toverify installed or missing patches. You can check for all patches for allproducts, or specific patches for one or more bulletins.

Note: This enhancement is available only after you install the Product Update2012-1 or later on CCS 11.0.

■ Web console - PoliciesCCS 11.0 now allows you to raise an exception for policies that are acceptedby enabling a key in web.config file.To enable the ‘Request Exception’ option for accepted policies do the following:

■ Take a backup of web.config file located at the folder,<InstallDir>\CCS\Reporting and Analytics\WebPortal

EnhancementsEnhancements in SCU 2012-3

8

■ Under <appSettings> inweb.config file, add the following key and save thechanges. <add key="EnablePolicyExceptionOnAcceptedPolicy"value="true"/> for enabling the ‘Request Exception’optiononuser acceptedpolicies.

Note: If you set the value of the key as “false” or do not specify any value, thenthe ‘Request Exception’ option does not get enabled on user accepted policies.

New checksSCU 2012-3 adds new checks to the following standards:

Windows platform

■ The following check is updated for the standard, US Federal Desktop CoreConfiguration Standard (FDCC) V1.0.1 for Windows Vista:

■ Is Service Pack 2 or later applied?

UNIX Platform

■ The following checks are updated for the standard, Security Essentials forAIX5.x and 6.1:

■ Is Service Pack 6100-07-03 or later applied on AIX 6.1 machines?

■ Renamed from 'LatestMaintenance LevelApplied?' to 'Ismaintenance level5100-09 applied on AIX 5.1 machines?'

SQL Platform

■ The following check is updated for the standard, Security Essentials forMicrosoft SQL Server 2008:

■ Is service pack 3 or higher applied on SQL Server 2008 and service pack 1or higher applied on SQL Server 2008 R2?

■ The following check is updated for the standard, CIS Security ConfigurationBenchmark for Microsoft SQL Server 2005 v1.1.1:

■ Is service pack 4 or higher applied on SQL Server 2005?

New standardsSCU 2012-3 adds the following new standards:

■ Security Essentials for Apache Tomcat Server 5.5/6.0

9EnhancementsNew checks

■ VMware Hardening Guidelines for vCenter Servers

■ CIS Security Benchmark for VMware ESX 4.1 v1.0.0This standard is applicable toUNIX ESXmachines 4.1. This standard contains78 checks.

■ Advanced Checks on UNIX platform

Note: If you have existing Windows Machine assets, Symantec recommends thatyou execute the Asset Import Job with theUpdate rule for assets evaluation. Onlythen the Windows Machine assets get updated for the field property, VMwarevCenter Server Version, for 2012-3 Update.

New additions in predefined platformsSCU 2012-3 updates the following predefined platforms:

■ WindowsThe additions for the Windows predefined platform are as follows:

This update adds the following new targettype for the platform:

■ Windows computers with ApacheTomcat Server Installed

■ VMware vCenter 4.0, 4.1, and 5.0Servers

Target types

EnhancementsNew additions in predefined platforms

10

This update adds the following new fieldsin the Machines datasource for theplatform:

■ Is Apache Tomcat Server installed

This update adds the following optionalfield to the Windows machines asset:

■ Is Apache Tomcat Server installed

This field returnsYES if apache tomcatserver is installed as a service orrunning by executing startup.bat fileotherwise returns NO

This update adds the following new fieldsin the Machines datasource for theplatform:

■ VMware vCenter Server Version

This update adds the following optionalfield to the Windows machines asset:

■ VMware vCenter Server Version

This field reports the version ofVMware vCenter Server.

Fields

This update adds the following assetgroups for the platform:

■ Apache Tomcat Server

Windows Machine - Is Apache TomcatServer installed Equal To (=) True

■ VMware vCenter 4.0 Servers

Windows Machine - VMware vCenterServerVersionEqual To (=) '4.0.0.7797'


Windows Machine - VMware vCenterServer Version Equal To (=) '4.1.0.12319’


Windows Machine - VMware vCenterServer Version Equal To (=) '5.0.0.16964 '

Asset Groups

This update adds the following newdatasource for the platform:

■ Apache Tomcat Server

■ VMware vCenter Server Settings

Data Sources

■ UNIX

11EnhancementsNew additions in predefined platforms

The additions for the UNIX predefined platform are as follows:


■ Solaris 11 Machines

Target types

This update adds the following new fieldsin the UNIX Machines datasource for theplatform:

■ SSL Private Key file

■ SSL Certificate file

Fields

■ Microsoft SQLAddition for the Microsoft SQL predefined platform is as follows:


■ SQL Server 2012 Instances

Target types

EnhancementsNew additions in predefined platforms

12

Resolved Issues


■ Resolved Issues

Resolved IssuesThe 2012-3 Update resolves the following issues:

■ QueriesThe following issues are resolved for this module:

■ Executing data collection queries on the Linux Server assets caused thesystem to reboot. This issue was observed when the open system call wasexecuted on the file /dev/watchdog.2012-3 Update resolves this issue.

■ Queries executed on the Content field of the Files datasource failed torespond when it was scoped to /dev and /proc directory.2012-3 Update resolves this issue by blocking the content field for thefollowing cases:

■ dev is mounted at default /dev location.

■ proc is mounted at default /proc location.

■ Proc is mounted at custom location other than /proc.

This solutionworks for the proc file systemswhich are present in /etc/mtabfile. If proc file systems are present on the targets that are not present inthe /etc/mtab, thendata for the content field is fetched for suchdirectoriesif requested.

■ Checks for Symantec home directory were retrieving incorrect results.Home directory query scoped to a user having “/” as a home directory wasreporting extra records.

3Chapter

2012-3 Update resolves this issue and no extra records are reported.

■ StandardsThe following issues are resolved for this module:

■ Checks executed on Crontab were incorrectly fetching results for /dev and/dev/null also.2012-3 Update fixes this issue and now results for /dev and /dev/null arenot fetched.

■ Standard "CobiT 4.1 - CIS Benchmark v1.1.2 for Red Hat Enterprise Linux5.0 and 5.1" Check"Are there no . or group/world-writable directories inroots $PATH? results to unknown.2012-3 Update fixes this issue. Now accurate results are fetched for the"Are there no . or group/world-writable directories in roots $PATH?" check.

■ For all serverswhichhaveSEP12.1 installed, the check "Is Liveupdate/virusdefinition 5 days or less"within standard "security Essentials for SymantecEndpoint Protection" will get "Not Applicable" result.SCU 2012-3 resolves this issue.

■ The check “Is the Syslog daemon accepting messages from other systemson the network?” for the standard " CIS Security Benchmark for HP-UXv.1.3.1" displayed incorrect results.The2012-3Update resolves the issue andnowaccurate results are returned.

■ Evaluation results for the check "Do unowned files exist on the system?"displayed an error and failed to return any value.2012-3 Update resolves this issue.

■ The check "Are dot files in user homedirectoriesworldwritable?" returnedpartially incorrect results. This issue was observed when the check wasexecuted on the home directories.The 2012-3Update resolves the issue. Now accurate results are fetched forthe "Are dot files in user home directories world writable?" check.

■ Running a Collection-Evaluation-Reporting job with the standard, "CISbenchmark v1.1.2 for RedHat Enterprise Linux 5.0 and 5.1" on agent-lessRHEL5.x asset resulted in the following error:Error Special Value encountered in FILE.CONTENT field” for the section11.2 checks:No duplicate uids exist in /etc/passwdNo duplicate username exist in /etc/passwd.2012-3 Update resolves this issue and accurate results are reported.

■ Queries executed on the standard "CIS Security Benchmark for HP-UX v1.3.1" displayed incorrect results.

Resolved IssuesResolved Issues

14

2012-3 Update resolves this issue and accurate results are now fetched onthe HP-UX 11.23 target computers.

15Resolved IssuesResolved Issues

Resolved IssuesResolved Issues

16

Known Issues


■ Known Issues

Known IssuesThe following known issues are observed in the 2012-3 Update:

■ After upgrading to 2012-3 Update, the settings page for Information Serverregistration of VMware is displayed, however the VMware data collection isnot done using the Information Server.

■ When you install SCU on a stand-alone CCS Manager, the following messageappears in the Warning panel:Delete ESM standard platform container from the Directory Server.You can ignore the warning and click Next to proceed to the Finish panel.

■ After upgrading to 2012-3 Update the following QuickFix updates will notwork as expected:

■ QF 10005An Active Directory user who is not a domain administrator but has readaccess over theRootDSE objects of ActiveDirectory, cannowbe configuredto successfully create the domain cache.

■ QF 10006Data collection is now possible from the target computers in Non-trustedDomains.

4Chapter

Known IssuesKnown Issues

18

Files Added or Updated


■ Files added or updated for Windows

■ Files added or updated for UNIX

■ Files added or updated for VMware

Files added or updated for WindowsThe following files are updated for 2012-3:

Note: The version number for all the files is <11.0.546.10100>

5Chapter

Windows.Schema.dll

Symantec.CSM.Wnt.UIControls.dll

VMware.Schema.dll

WntScopes.dll

Symantec.CSM.CredentialMgmt.PlatformCredentials.dll

Symantec.CSM.Content.Localization.Resources.dll

Symantec.CSM.WindowsPlatformContent.WindowsFilePermissions.dll

Symantec.CSM.VMwarePlatformContent.VMwareESXi4x.dll

Unix.Schema.dll

Symantec.CSM.UnixPlatformContent.VMEsx3x.dll

UnixScopes.dll

Symantec.CSM.UnixPlatformContent.RHELv1.0.5.dll

VMwareScopes.dll

Symantec.CSM.Control.JobError.MessageSource.dll

Symantec.CSM.WindowsPlatformContent.WindowsSettings.dll

Symantec.CSM.Resources.ESMSUResources.dll

Symantec.CSM.UnixPlatformContent.AIXv1.0.1.dll

AgentCleanUp.exe

CCSDissolvingAgentStub.exe

CCSDissolvingAgentStubx64.exe

PAUtility.exe

PWCleanUp.exe

PWHashDump.exe

PWHashDumpX64.exe

ADObjectResolver.dll

ADPermissions.dll

AuditSubCategoryDC.dll

BVNTError.dll

BVNTObjects.dll

BVNTPostFilterEnumerators.dll

BVNTProcess.dll

BVNTQuery.dll

Files Added or UpdatedFiles added or updated for Windows

20

BVNTSysObjs.dll

BVVNTScopes.dll

CommonExceptions.dll

DumpSAM.dll

DumpSAMX64.dll

Logging.dll

NTADProcess.dll

NTAnalysis.dll

NTBackEndSnapin.dll

NTCommonUtils.dll

NTFunctions.dll

NTLegacy.dll

NTScopeRefinery.dll

NTTIVExtensions.dll

PortObjectDC.dll

QESharedObjs.dll

RegistrySecurityDC.dll

SecurityAdvisor.dll

SharePointDC.dll

SharePointDCx64.dll

SharePointServer2k7.dll

SharePointServer2k7x64.dll

TextFileContentDC.dll

WinFileHandlers.dll

XMLFileContentDC.dll

Files added or updated for UNIXThe following files are updated in SCU 2012-3:

Note: The version number for all the files is <11.0.546.10100>

21Files Added or UpdatedFiles added or updated for UNIX

UNIXTIVSnapin.dll

BVUnixUsersDataSource.dll

BVUnixSystemDataSource.dll

BVUnixFilesystemDataSource.dll

BVUnixGroupsDataSource.dll

BVUnixMachineDatasource.dll

BvUnixFilesDataSource.dll

BVUnixACLSecurityDatasource.dll

BvCUWinRDCCoreLib.dll

BvCURDCCoreLib.dll

BvUnixServicesDataSource.dll

BVUnixProdInfoDataSource.dll

BVUnixDataSourceImpl.dll

BvUnixPackagesDataSource.dll

BVUnixAPARDataSource.dll

BVUnixFileSync.dll

Files added or updated for VMwareThe following files are added or updated in SCU 2012-3:

Note: The version number for the files is <11.0.546.10100>

VMwareRDCCoreLib.dll

VMwareWinRDCCoreLib.dll

VMwareMachineDatasource.dll

VMWARETIVSnapin.dll

VMwareNetworkDataSource.dll

FieldMetaData.mdb

Vmware.assettypedefaultvalues.xml

VMwarevCenterServer.Common.EntitySchema.xml

VMware.schema.dll

Files Added or UpdatedFiles added or updated for VMware

22

Security Content Update Release Notes for CCS 11.0: 2012 …€¦ · The following standard is...

Documents

Transcript of Security Content Update Release Notes for CCS 11.0: 2012 …€¦ · The following standard is...