Versions Compared

Old Version 1

changes.mady.by.user Gerard Tuguigui

Saved on

compared with

New Version 2

changes.mady.by.user Gerard Tuguigui

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip

Snare Linux Agent RHEL 6 64-bit v5.1.0 was released on 6th June 2018.

New Features

  • New Encrypted Remote Configuration Management
    • The agent now supports HTTPS using TLS for remote configuration management either on a standalone basis or via the Snare Server Agent Management Console (AMC) that provides a central point of management of agent configuration across all Snare Enterprise Agents. The agents use a self signed generated certificate for the initial install but this certificate can be replaced to use an existing one from the certificate store by the customer if required.

...

  • Other Operational Changes
    • One click to apply configuration. After saving your individual settings per page, just click Apply Audit Configuration & Restart Service button to apply the new configuration to the agent.  
    • Implemented PCRE Regular Expression filtering for Event Objectives.
    • Uses the same mechanics for Dynamic DNS Checking for destination lookups.
    • Improved error checking in the UI.
    • Improved session handling along with the new HTTPS features
    • Enhanced debug log options when run in command line debug mode (/usr/sbin/SnareDispatchHelper -c -d9) and when using the Heartbeat option. 
    • The agent validates its configuration fully, and revert to defaults if invalid settings are found in the snare.conf file.
    • Improved multi threading and UI speed improvements so the agent can operate faster on large highly loaded systems.
    • Various security improvements and hardening including: Address Space Layout Randomization (ASLR), Stack buffer overrun detection and Heap Corruption detection
    • Added functionality to the RPM package and the agent on initial load to detect instances where SELinux is set to enforcing and warn the user that the agent may not behave correctly.
    • Objective filters can now support negative values. This is useful when you are only interested in events from system calls with specific return values. For example, an objective to collect unauthorised file accesses for all users and root could set the Audit Filter term to "exit=-EPERM,auid>=500,auid!=4294967295".
    • Support added for RedHat's Kickstart system to allow installation before the audit.rules file is generated.

Known Issues

  • If SAM is used for centralized license management, the Snare Enterprise Agent for Linux RedHat version 7 will display as 'Unknown' in the Agents list in the SAM UI.  This will be resolved in SAM v1.1.1. 
  • The agent report sent date/time rather than event date/time in the Latest Events page.  This will be resolved in the next release of the Linux agent.