Symantec Enterprise Security Manager™ Security Update 30 ...€¦ · 5/3/2008 · The following are new in SU 30: Support for Red Hat Enterprise Linux ES 5 (x86, Opteron, EM64T,

Symantec Enterprise Security Manager™ Security Update 30 Release Notes

Symantec ESM 5.5, 6.0, 6.1.1, and 6.5.x

For Windows, UNIX, and Linux modules

2

Symantec Enterprise Security Manager™ Security Update 30 Release Notes

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Legal NoticeCopyright ©2007 Symantec Corporation.

All Rights Reserved.

Symantec, the Symantec Logo, LiveUpdate, Symantec Enterprise Security Architecture, Enterprise Security Manager, and NetRecon are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation20330 Stevens Creek Blvd.Cupertino, CA 95014

http://www.symantec.com

http://www.symantec.com

3

Technical support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product feature and function, installation, and configuration. The Technical Support group also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec technical support offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ A telephone and web-based support that provides rapid response and up-to-the-minute information

■ Upgrade insurance that delivers automatic software upgrade protection

■ Content Updates for virus definitions and security signatures that ensure the highest level of protection

■ Global support that is available 24 hours a day, 7 days a week worldwide. Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program

■ Advanced features, including Technical Account Management

For information about Symantec’s Maintenance Programs, you can visit our Web site at the following URL:

www.symantec.com/techsupp/

Select your country or language under Global Support. The specific features that are available may vary based on the level of maintenance that was purchased and the specific product that you are using.

Contacting Technical SupportCustomers with a current maintenance agreement may access Technical Support information at the following URL:


Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem.

When contacting the Technical Support group, please have the following information available:

■ Product release level

■ Hardware information


4

■ Available memory, disk space, NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description

■ Error messages/log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technical support Web page at the following URL:


Select your region or language under Global Support, and then select the Licensing and Registration page.

Customer ServiceCustomer service information is available at the following URL: www.symantec.com/techsupp/

Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade insurance and maintenance contracts

■ Information about Symantec Value License Program

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Maintenance agreement resourcesIf you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows:

www.symantec.com/techsupp/www.symantec.com/techsupp/

5

■ Asia-Pacific and Japan: [email protected]

■ Europe, Middle-East, and Africa: [email protected]

■ North America and Latin America: [email protected]

Additional Enterprise servicesSymantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, xpertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following:

To access more information about Enterprise services, please visit our Web site at the following URL:

www.symantec.com

Select your country or language from the site index.

Symantec Early Warning Solutions These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur.

Managed Security Services These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats.

Consulting Services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources.

Educational ServicesEducational Services provide a full array of technical training, security education, security certification, and awareness communication programs.

[email protected]@[email protected]

Contents

Symantec ESM Security Update Release Notes

Security Update 30 ................................................................................................ 7New supported operating systems .............................................................. 8New supported service packs ....................................................................... 8System Auditing ............................................................................................. 8User Files ....................................................................................................... 10Login Parameters ......................................................................................... 11Resolved issues and enhancements .......................................................... 11Known issues ................................................................................................ 13System requirements .................................................................................. 16

Security Update 29 .............................................................................................. 20ICE .................................................................................................................. 20Resolved issues and enhancements .......................................................... 21System requirements .................................................................................. 24

Security Update 28 .............................................................................................. 28Account Integrity ......................................................................................... 28File System Entitlement ............................................................................. 28Startup Files ................................................................................................. 29User Files ....................................................................................................... 29Resolved issues and enhancements .......................................................... 30System requirements .................................................................................. 31

Security Update 27 .............................................................................................. 35New supported operating systems ............................................................ 35Changed messages ....................................................................................... 35File System Entitlement ............................................................................. 36Login Parameters ......................................................................................... 36Symantec Product Information ................................................................. 37Known issues ................................................................................................ 47Resolved issues and enhancements .......................................................... 48System requirements .................................................................................. 50

Security Update 26 .............................................................................................. 53New supported operating system .............................................................. 53Changed messages ....................................................................................... 53Account Information ................................................................................... 54Account Integrity ......................................................................................... 54File Attributes .............................................................................................. 54

2 Contents

File Find ......................................................................................................... 55File System Entitlement ............................................................................. 55File Watch ..................................................................................................... 62Network Integrity ........................................................................................ 62Password Strength ...................................................................................... 63Startup Files ................................................................................................. 65Symantec Product Information ................................................................. 66Resolved issues ............................................................................................ 67System requirements .................................................................................. 69

Security Update 25 .............................................................................................. 71New supported operating systems ............................................................ 71Account Information ................................................................................... 71Account Integrity ......................................................................................... 71File Attributes .............................................................................................. 72File Find ......................................................................................................... 73ICE .................................................................................................................. 74Login Parameters ......................................................................................... 74Password Strength ...................................................................................... 75Registry ......................................................................................................... 75Startup Files ................................................................................................. 78User Files ...................................................................................................... 78Known issues ................................................................................................ 79Resolved issues ............................................................................................ 79System requirements .................................................................................. 81

Security Update 24 .............................................................................................. 83New supported operating system .............................................................. 83Changed messages ....................................................................................... 83Account Integrity ......................................................................................... 83Backup Integrity .......................................................................................... 84ICE .................................................................................................................. 86Object Integrity ............................................................................................ 88Password Strength ...................................................................................... 90Startup ........................................................................................................... 91Resolved issues ............................................................................................ 91System requirements .................................................................................. 93

Security Update 23 .............................................................................................. 95New supported operating systems ............................................................ 95Account Integrity (Windows) ..................................................................... 95File Attributes .............................................................................................. 96File Find ......................................................................................................... 97Login Parameters ......................................................................................... 98Network Integrity ........................................................................................ 98OS Patches ..................................................................................................100

3Contents

Registry .......................................................................................................101Startup Files ...............................................................................................102Resolved issues ...........................................................................................102System requirements ................................................................................104

Security Update 22 ............................................................................................106New supported operating systems ..........................................................106File Attributes ............................................................................................106Network Integrity ......................................................................................107Password Strength .....................................................................................107Registry .......................................................................................................107Resolved issues ...........................................................................................108System requirements ................................................................................110

Security Update 21 ............................................................................................112Update Report Content .............................................................................112File Attributes ............................................................................................113File Attributes ............................................................................................113File Find .......................................................................................................113File Watch ...................................................................................................114Group Policy ...............................................................................................114Login Parameters .......................................................................................123Network Integrity ......................................................................................123Network Integrity ......................................................................................123Password Strength .....................................................................................124Password Strength .....................................................................................124Password Strength .....................................................................................125Startup Files ...............................................................................................125Symantec Product Information ...............................................................126System Mail ................................................................................................127System Mail ................................................................................................127Known issues ..............................................................................................128Resolved issues ...........................................................................................130System requirements ................................................................................131

Security Update 20 ............................................................................................133Active Directory Services .........................................................................133File Attributes (SUSE ES 8) .......................................................................134File Attributes (UNIX) ...............................................................................135File Attributes (Windows) .........................................................................136File Find (Windows 2000/Server 2003/XP) ............................................137Using regular expressions ........................................................................146File Watch (Windows) ...............................................................................149File Watch (Linux) ......................................................................................150Login Parameters (Windows) ...................................................................151Login Parameters (UNIX) ..........................................................................152

4 Contents

Network Integrity (Windows Server 2003/XP) .....................................155Network Integrity (UNIX) .........................................................................160OS Patches (SUSE ES 8) ............................................................................163Startup Files (UNIX) ..................................................................................163Changed messages .....................................................................................164Known issues ..............................................................................................164Resolved issues ..........................................................................................164System requirements ................................................................................165

Security Update 19 ............................................................................................167Account Integrity .......................................................................................167Account Integrity .......................................................................................168Account Integrity .......................................................................................170Active Directory .........................................................................................170File Attributes ............................................................................................173File Attributes ............................................................................................173File Attributes ............................................................................................174File Find .......................................................................................................175File Watch ...................................................................................................177Login Parameters .......................................................................................178Network Integrity ......................................................................................178Network Integrity ......................................................................................178Object Integrity ..........................................................................................179OS Patches ..................................................................................................180OS Patches ..................................................................................................181Password Strength ....................................................................................182Registry .......................................................................................................183Startup Files ...............................................................................................184Known issues ..............................................................................................184Resolved issues ..........................................................................................185System requirements ................................................................................186

Security Update 18 ............................................................................................188SUSE Linux .................................................................................................188Account Integrity .......................................................................................188File Attributes ............................................................................................191File Attributes ............................................................................................191File Attributes ............................................................................................194File Find (UNIX) .........................................................................................198File Watch ...................................................................................................198Login Parameters .......................................................................................199Network Integrity ......................................................................................199Network Integrity ......................................................................................200Password Strength ....................................................................................201Registry .......................................................................................................202

5Contents

Startup Files ...............................................................................................202System Auditing .........................................................................................203Resolved issues ...........................................................................................205Documentation updates ............................................................................206System requirements ................................................................................207

Frequently asked questions .............................................................................209

6 Contents

Symantec ESM Security Update Release Notes

The Symantec ESM Security Update Release Notes describe the security updates for Symantec Enterprise Security Manager (Symantec ESM) 5.5, 6.0, 6.1.1, and 6.5.x that have been released since the latest Symantec ESM Security Update user guides were published. Security updates will be added to the Symantec ESM Release Notes until the next version of Symantec ESM is released. At that time, this content will be integrated into new Security Update user guides.

Note: When Windows checks do not run on all Windows operating systems, the supported systems appear after the check name. For example, User Files (Windows 2000) runs only on Windows 2000 Server.

Security Update 30The following are new in SU 30:

■ Support for Red Hat Enterprise Linux ES 5 (x86, Opteron, EM64T, and IA64-bit)

■ Support for Windows Vista Enterprise and Business editions (32-bit and 64-bit)

■ Support for SLES 9 operating systems on IBM e-server PPC

■ Support for Windows Server 2003 agents on SP2

■ Support for Linux agents on SLES 9 SP3

■ Eight new checks

8 Symantec ESM Security Update Release NotesSecurity Update 30

New supported operating systemsSU30 supports the following new operating systems:

■ SLES 9 operating systems on IBM e-server PPC

■ Windows Vista Enterprise and Business editions (32-bit and 64-bit)

Note: You must update the ESM 6.5.2 manager and console so that the agents on Windows Vista function correctly with ESM 6.5.2. Download the ESM 6.5.2 manager and console updates from “program updates” on the following Security Response site: http://www.symantec.com/avcenter/security/Content/Product/Product_ESM.html

Note: Windows Vista does not support the Internetwork Packet Exchange (IPX) protocol.

New supported service packsSU30 supports the following new service packs:

■ Windows Server 2003 agents on SP2

■ Linux agents on SLES 9 SP3

System AuditingSU 30 includes seven new checks and seven new messages in the System Auditing module.

Days until application events are overwritten (Windows)This new check reports a message when the application event log entries can be overwritten before a specified number of days has passed.

Table 3-1 shows the new message for the Days until application events are overwritten check.

Table 3-1 Days until application events are overwritten message

Message name Title Severity

ESM_LOG_TIME_TO_OVERWRT_SHORT_APPLN

Application event log will be overwritten too soon

Yellow-1

http://www.symantec.com/avcenter/security/Content/Product/Product_ESM.html

9Symantec ESM Security Update Release NotesSecurity Update 30

Days until system events are overwritten (Windows)This new check reports a message when the system event log entries can be overwritten before a specified number of days has passed.

Table 3-2 shows the new message for the Days until system events are overwritten check.

Application events do not overwrite application log (Windows)This check reports a message when the system can overwrite the application event log.

Table 3-3 shows the new message for the Application events do not overwrite application log check.

System events do not overwrite system log (Windows)This check reports a message when the system can overwrite the system event log.

Table 3-4 shows the new message for the System events do not overwrite system log check.

Table 3-2 Days until system events are overwritten message


ESM_LOG_TIME_TO_OVERWRT_SHORT_SYS

System event log will be overwritten too soon

Yellow-1

Table 3-3 Application events do not overwrite application log message


ESM_LOG_OVERWRITE_APPLN

Application event log will be overwritten

Yellow-1

Table 3-4 System events do not overwrite system log message


ESM_LOG_OVERWRITE_SYS

System event log will be overwritten Yellow-1


Archive Application events log when full (Windows Vista)This check reports a message when the application event log entries can be overwritten and if the log entries are not archived when the log is full.

Table 3-5 shows the new message for the Archive application events log when full check.

Archive security event log when full (Windows Vista)This check reports a message when the security event log entries can be overwritten and if the log entries are not archived when the log is full.

Table 3-6 shows the new message for the Archive security event log when full check.

Archive system event log when full (Windows Vista)This check reports a message when the system event log entries can be overwritten and if the log entries are not archived when the log is full.

Table 3-7 shows the new message for the Archive system event log when full check.

User FilesSU 30 includes one new check in the User Files module.

Table 3-5 Archive application events log when full message


ESM_LOG_OVERWRITE_ARCHIVE_APPLN

Application events do not archive logs when it is full

Yellow-1

Table 3-6 Archive security event log when full message


ESM_LOG_OVERWRITE_ARCHIVE_SEC

Security events do not archive logs when it is full

Yellow-1

Table 3-7 Archive system event log when full message


ESM_LOG_OVERWRITE_ARCHIVE_SYS

System events do not archive logs when it is full

Yellow-1


Hide wwritable files in ww dir (UNIX)A new “Hide wwritable files in ww dir” check has been added in the User Files module. This check does not report the World Writable files inside the World Writable directories. This check works only if you select the "World writable files" check.

Login ParametersSU 30 includes one new message for the Warning banners check in the Login Parameters module.

Warning banners (UNIX)Table 3-8 shows the new message for the Warning banners check.

Resolved issues and enhancementsThe following issues and enhancements are resolved in SU 30:

Table 3-8 Warning banners message


STKU_BANNER_PARAMETER_NOT_SET

Banner parameter in EEPROM is not set

Yellow-2

File Attributes, Registry, and File System Entitlement (Windows)

A new enhancement requires ESM to check if the account name that you provide is enabled. If you have permissions on an object whose account is disabled, ESM reports that account name as disabled in the output.

Password Strength (Linux)

The Password Strength module has been enhanced for the Maximum password age and Minimum password age checks to work on Linux. Also, appropriate error-handling has been included for these checks.

Startup Files (Solaris 10) ESM agents present in the local zone are now enhanced to detect the critical processes running in the local zones.

Windows Vista, SLES 9 on IBM eServer PPC

Windows Vista and SLES 9 on IBM eServer PPC agents are enhanced to support the Signature Fix.


All modules (Windows) If the username contained characters that are not a part of the existing character set on the agent, ESM used to report an error stating “Unhandled Exception().”

Now, ESM displays the following message on the Console:

Found some characters that are not part of the current character set.

OS Patches (Windows) The Polish version of Windows XP SP2 reports the service pack information as “Dodatek Service Pack 2” instead of “Service Pack 2”. ESM was failing to recognize such service packs.

The File Attributes module has been enhanced for ESM to recognize all service packs.

Account Integrity (Windows)

For the German Active Directory, ESM was interpreting the word “BUILTIN” incorrectly, and generating errors.

The Account Integrity module has been modified for ESM to translate the word “BUILTIN”, interpret it correctly.

Login Parameters (Linux) ESM was failing to recognize SU logins on Linux, and reporting accounts with such logins as inactive.

The Login Parameters module has been modified for ESM to check the SU log file for Linux. Now, ESM does not report the accounts with SU logins as inactive.

Login Parameters (UNIX) The Login Parameters module has been modified for ESM to report the regular expressions in the Warning Banner check correctly.

Login Parameters (UNIX) ESM was reporting that banner files for ftp and telnet services are missing, even if the services were disabled, or not installed. Also, for the eeprom command, ESM was reporting that the banner file does not exist, even if the banner parameter was not set for the command.

The Login Parameters module has been modified for ESM to first check if the ftp and telnet services are disabled or installed, and then checks for the banner files.

Also, a new message “Banner parameter in EEPROM is not set” has been added to the Warning banners check. ESM now reports this message if the banner parameter is not set for the eeprom command.

If the banner parameter is not available for eeprom, ESM does not generate any message.

File Access (UNIX) ESM was not locating the existing files on the system, if you ran the File Access module on an HP-UX agent.


Known issuesThe following issues are known in SU30:

OS Patches (AIX 5.3) The OS Patches module has been modified for ESM to report all the patches that are installed by the Emergency fixes.

OS Patches (UNIX) The Patch not installed and process not running check was not reporting certain patches on some services that the check could not detect as running.

The OS Patches module has been modified for the check to detect the services that are running and the report the patches applied on them.

OS Patches (UNIX) The Patch not installed and process not running check has been modified to separate the process name from the shell path, for the processes started from the shell.

Password Strength (RHEL ES 4.0)

The Password Strength module has been modified and the password age check no longer reports system errors for non-LDAP accounts on accounts that are configured for LDAP.

User Files (UNIX) A new “Hide wwritables in ww dir” check has been added in the User Files module. This check does not report the World Writable files in the World Writable directories.

This check works only if you select the World Writable files check.

AIX RS6K Policy runs on AIX agents were generating errors after updating the manager with SU 29 using LiveUpdate. The errors were occurring due to the incorrect locale present for U.S. English on the agents.

The LiveUpdate packages now contain a new file that updates the U.S. English locale present on the agents.

Network Integrity (HP-UX 11.11)

The FTP session logging disabled check has been modified to check for the absence of -l option in the ftp configuration files.

Response (Windows Vista)

Windows Vista 64-bit does not support the Response module.

Registry (Windows) ESM agent runs in the context of local system account that does not have sufficient permissions to resolve the members of a domain group that is added to the local group. As a result, ESM displays the “Different key ownership” message.


System Auditing (Windows Vista)

Windows Vista does not support the “Days until security events are overwritten” check since its functionality has changed.

The following new checks have been created for Windows Vista:

■ Archive Application events log when full

■ Archive System events log when full

■ Archive Security events log when full

File Attributes, Registry, and File System Entitlement

ESM does not report checks for the disabled accounts of a domain, which is a part of file, folder, or registry key permissions.

If the disabled account is a local user on the system, ESM reports the checks for the account.

File Attributes (Windows Vista)

If you create a new File Attributes template, the File Attributes module returns incorrect results for services that have permissions on folders.

To resolve this, replace the service name with “NT service\” in the Permissions ACL column of the File Attributes template.

For example, if the text in the Permissions ACL column is TrustedInstaller, replace it with the following:

“NT Service\TrustedInstaller”

Registry (Windows Vista) ESM cannot resolve the EventLog user in the Registry module template. Also, entries for unknown users get added in the template.

To resolve this, perform the following actions in the Registry module template

■ Replace “EventLog” with “NT Service\EventLog”.

■ Remove the blank entries, if any.

Windows Vista If the User Account Control (UAC) is enabled, corrections on Windows Vista 32-bit and 64-bit operating systems fail.

To resolve this, disable User Account Control.

SLES 9 IBM eServer PPC When you install an agent on SLES 9 IBM eServer PPC, an error message is displayed while the files get extracted on the system.

Ignore the error message because the installation is completed successfully.

File Access (AIX 5.1, 5.2 RS6K)

In ESM 6.0, the “Files To Check” check in the File Access module does not work after you perform a LiveUpdate on AIX 5.1 or AIX 5.2 operating systems.

To resolve this issue, apply the SU 30 TPK.


Windows Vista and SLES 9 IBM eServer PPC

The Reporting Database Link (RDL) and Cognos do not report messages for Windows Vista and SLES 9 IBM eServer PPC agents after you register them with an ESM manager.

To resolve this issue, upgrade any existing agent to SU 30.

Windows Vista and SLES 9 IBM eServer PPC

You cannot remotely install an agent on Windows Vista and SLES 9 IBM eServer PPC.


System requirementsSymantec reserves the right to certify the Security Update on the new versions of these operating systems before officially supporting them.

Table 3-9 lists the supported operating systems for SU 30.

Table 3-9 Supported operating systems for SU 30

Agent operating system Supported versions on 6.0

Supported versions on 6.5

AIX /RS 6000 4.2.1, 4.33, 5.1 5.1, 5.2, 5.3

AIX (PPC) 64-bit 5.3 5.3

HP-UX (HPPA) 10.20, 11.0, 11.11 11.0, 11.11

HP-UX (Itanium®) 11.23 11.23

Red Hat Linux 7.x, 8, 9 N/A

Red Hat Enterprise Linux ES (Intel x86)

2.1, 3.0 3.0, 4.0

Red Hat Enterprise Linux WS and AS (AMD64)

3.0 3.0, 4.0

Red Hat Enterprise Linux AS (Itanium®) 3.0 3.0, 4.0

Red Hat Enterprise Linux WS and AS (EM64T)

3.0 3.0, 4.0

Sun Solaris (SPARC) 2.5.1, 2.6, 2.7, 2.8, 2.9, 2.10

2.8, 2.9, 2.10

Sun Solaris (x86, Opteron and EM64T) N/A 2.10

SUSE Linux Standard Server 8 8, 9

SUSE Linux Enterprise Server 8, 9 8, 9, 10

SUSE Linux Enterprise Server (Itanium®)

9 9

SUSE Linux Enterprise Server on IBM PPC e-Server

- 9

Windows 2000 Professional and Server (Intel)

All All

Windows Server 2003 (Intel) All All

Windows Server 2003 (Itanium®) All All


Table 3-10 lists the post-install disk space usage for an ESM 6.5 agent with SU30 applied. The amount of disk space required by each agent depends on its operating system.

Windows Vista (x86, Opteron and EM64T)

- All

Windows Server 2003 Enterprise (Opteron and EM64T)

All

Windows XP Professional (Intel) SP2 SP2

Table 3-10 Post-install agent disk space requirements for SU 30

Agent operating system SU 30

AIX /RS 6000 211 MB

AIX 5.3 (PPC) 212 MB

HP-UX 126 MB

HP-UX (Itanium®) 128 MB

Red Hat Linux 79 MB

Red Hat Enterprise Linux ES (Intel x86) 79 MB

Red Hat Enterprise Linux WS and AS (AMD64) 86 MB

Red Hat Enterprise Linux AS (Itanium®) 109 MB

Red Hat Enterprise Linux WS and AS (EM64T) 90 MB

Sun Solaris 2.7 99 MB

Sun Solaris 10 103 MB

Sun Solaris 10 (x86, Opteron and EM64T) 75 MB

SUSE Linux Standard Server 8 75 MB

SUSE Linux Enterprise Server 9 75 MB

SUSE Linux Enterprise Server 9 (Itanium®) 94 MB

SUSE Linux Enterprise Server on IBM PPC e-Server 74 MB

Windows 2000 Professional and Server (Intel) 86 MB

Table 3-9 Supported operating systems for SU 30




The LiveUpdate installation of SU30 for all supported operating systems requires approximately 900 MB disk space on each Symantec ESM 6.0 Manager and 850 MB on each ESM 6.5 Manager.

Windows Server 2003 (Intel) 86 MB

Windows Server 2003 (Itanium®) 149 MB

Windows Server 2003 Enterprise (Opteron and EM64T) 70 MB

Windows XP Professional (Intel) 84 MB

Windows Vista (32-bit) 43 MB

Windows Vista (64-bit) 71.2

Table 3-10 Post-install agent disk space requirements for SU 30



An additional amount of disk space is required during installation of the TPK or for updating the agent using LiveUpdate. This additional amount of space is listed in the ESM agent root directory.

Table 3-11 lists the agent disk space requirements for applying SU30.

Table 3-11 Agent disk space requirements for SU 30

Agent operating System

ESM platform name TPK Live Update

AIX (PPC 64) aix-ppc64 134 MB 113 MB

AIX (RS 6000) aix-rs6k 113 MB 96 MB

AIX (RS 6000) aix-rs6k-433 119 MB -

HP-UX hpux-hppa 84 MB 69 MB

HP-UX hpux-hppa-11 88 MB -

HP-UX Itanium hpux-ia64 119 MB 97 MB

SUSE Itanium lnx-ia64 84 MB 74 MB

SUSE Linux x86 lnx-x86 44 MB 39 MB

Red Hat Itanium lnx-ia64 84 MB 74 MB

Red Hat Linux Opteron and EM64T Opteron

lnx-x86 44 MB 39 MB

Red Hat Linux Opteron and EM64T Xeon

lnx-x86 44 MB 39 MB

Red Hat Linux x86 lnx-x86 44 MB 39 MB

Solaris 10 solaris-sparc 66 MB 57 MB

Solaris 2.7 solaris-sparc-27 43 MB -

Solaris x86,Opteron and EM64T

solaris-x86 64 MB 58 MB

Windows 2000 x86 w2k-ix86 37 MB 36 MB

Windows Server 2003 Itanium

w3s-ia64 113 MB 102 MB

Windows Server 2003 Opteron and EM64T

w3s-Opteron and EM64T

59 MB 55 MB


About Windows Vista (32-bit and 64-bit) agentsThe Symantec ESM 6.5 Windows Vista (32-bit and 64-bit) agents have been updated to fix the following issues:

■ Denial-of-service vulnerability

■ Manifest.xml was not getting updated after applying LiveUpdate on the Windows Vista agent

To verify whether you have the latest agents for Windows Vista installed, check the agent's properties in the ESM console. The "ESM Version" should display 2007/06/28. An older date indicates that the installed agent needs to be updated. If you have the old agent installed, uninstall it, and install the new agent.

Security Update 29The following are the changes in SU 29:

ICESU 29 includes the following changes to the ICE scripts:

■ By default, ALLOW_ICE_SCRIPT_PUSH will be set to “N” in the ICE.dat file. The ALLOW_ICE_SCRIPT_PUSH will be set to “Y” if you enter ‘Y’ or ‘y’ when the TPK installation script prompts for: ”Do you want to allow the ICE module scripts to be pushed to this agent[no]?

■ During the TPK installation, the following message has been changed from, “Do you want to allow the ICE module scripts to be pushed to this agent[yes]?” to “Do you want to allow the ICE module scripts to be pushed to this agent[no]?

■ During Live Update, by default, pushing of the scripts will be disabled. If you want to push the ICE scripts to the agent, create the ICE.dat file manually in the agent configuration directory #ESM/agent/config and set the parameter ALLOW_ICE_SCRIPT_PUSH=’Y’ in the file.

Windows Server 2003 x86

w3s-ix86 37 MB 36 MB

Windows XP x86 wxp-ix86 32 MB 31 MB

Table 3-11 Agent disk space requirements for SU 30


ESM platform name TPK Live Update



Account Integrity(UNIX) The description for the User shell compliance check has been changed from back tick (‘) to "This check reports users who are using login shells that are not shell compliant as per the template file definitions. Use the file list to specify template files for this check (the Users to check option does not apply to this check)."

File Attributes(Windows) This enhancement displays the SID when Windows is not able to resolve the account name. Previously, the username was displayed as blank when the SID was not resolved.

File Attributes(Windows) Earlier, the 'Event Log Information' check scanned the entire Event Log when it was enabled. Now, it is enhanced to load records from the Event Log, which are logged after the snapshot is taken.

File Attributes & Registry(Windows)

Added a new column 'Enable Auditing Checking' to the template files, namely fileatt and registry. Currently, these modules ignore 'Enable ACL Checking' or 'Enable Permissions ACL Checking" settings and report the messages depending on the 'Enable Auditing Checking' column setting for Auditing Check.

File Find(HP-UX) The FileFind module has been modified to get information for files greater than 2 GB, which was causing the error. Now, "Unexpected system error" on the files that are >2GB in ESM 6.0 and 6.5 agents will not be displayed. This defect fix is not applicable to HP-UX-HPPA TPK. This defect is fixed for HP-UX 11.00, 11.11, 11.i and 11.23.

File System Entitlement(Windows)

The title of the Information "Could not bind to LDAP:" is changed from "Unexpected System Error" to "Unable to get Agent System Information."


The User and Group Information check is modified to display SAM Account name of the user and group along with the distinguished name, GUID and domain.


'Folder permissions' in the File System Entitlement module displays "domainname\groupname" as the source instead of only the "groupname", when the group is the source of permissions for a particular user.

OS Patches(ESM553 only)(Windows)

The OS patches module has been modified, and when you execute the OS patches module after installing SU 28, the ESM Manager service does not crash anymore.


OS Patches(Windows) The Patch module has been modified to remove the duplicate code for truncating strings above 1024 characters, which was causing the error. Now, the unexpected system error "Format of AxStringCode is invalid" will not be displayed.

Account Integrity(Linux) The "Password in /etc/passwd" check reports with a warning message, "This Agent is not currently configured to use shadow files or enhanced security files" when it is not able to locate the shadow file. Previously, it displayed the message, "unexpected system error" when it could not locate the shadow file.

Password Strength(Linux)

The system reports “Unexpected System Error” for accounts with no shadow entry in case of the following checks: Password Age’, ‘Minimum password age’ and ‘Maximum password age’. The Level was changed from red to yellow. Also, the title was changed from "Unexpected system error" to "Check could not be performed."


If the password age was not provided ESM reported back with the error "Password never changed" even when the password was changed. Now, the "Password never changed" message is changed to "The password age is not provided."

Password Strength(HP-UX 11.11)

This module has been modified to check the default system wide settings if the user settings are not available. Now, wrong messages will not be reported when NULL PASSWORD & User can change their password values are set to default in Trusted mode.


This check was not working for Red Hat Linux ES. Now, it will display the correct warning message when the Minimum password age is not set correctly.

Password Strength(UNIX)

The password strength module was modified to exempt ldap configured systems from the constraint of minimum password length.

Startup(UNIX) The 'syslog' check reports "Required syslog configuration not found" even when the template entries match the syslog.conf file. Now, the check has been modified and it does not display the "Required syslog configuration not found" message when the template entries match the syslog.conf file.

Startup(Linux) The 'Unconfined service' check reported the status as 'unconfined' for SuSE Linux 10 even when the service was configured as 'confined.' Now, the check has been modified to display only the 'unconfined' status.


User Files(UNIX) 'This module has been modified to report the correct umask of the user. Previously, the module was reporting the incorrect umask when it is not set in the user’s profile.




Table 3-12 SU 29-supported operating systems



AIX /RS 6000 4.2.1, 4.33, 5.1 5.1, 5.2, 5.3

AIX (PPC) 64-bit 5.3 5.3

HP-UX (HPPA) 10.20, 11.0, 11.11 11.0, 11.11

HP-UX (Itanium®) 11.23 11.23



2.1, 3.0 3.0, 4.0


3.0 3.0, 4.0



3.0 3.0, 4.0


2.8, 2.9, 2.10





9 9


All All




All




Table 3-13 SU 29 agent disk space requirements


AIX /RS 6000 211 MB


HP-UX 126 MB


Red Hat Linux 79 MB




















The LiveUpdate installation of SU29 for all supported operating systems requires approximately 1.3 GB disk space on each Symantec ESM 6.0 Manager and 790 MB on each ESM 6.5 Manager.


Table 3-14 lists the agent disk space requirements for applying SU29. This is the additional amount of disk space that is required during installation of the TPK or when updating the agent using LiveUpdate. The space required is in the ESM agent root directory.

Table 3-14 SU 29 agent disk space requirements for installation


Esm platform name TPK Live Update



AIX (RS 6000) aix-rs6k-433 119 MB -


HP-UX hpux-hppa-11 88 MB -






lnx-x86 44 MB 39 MB


lnx-x86 44 MB 39 MB



Solaris 2.7 solaris-sparc-27 43 MB -





w3s-ia64 113 MB 102 MB


w3s-iOpteron and EM64T

59 MB 55 MB



■ Three new checks

■ One new option

■ Four new messages

Account IntegritySU 28 includes one new check and two new messages in the Account Integrity module.

ScreenSaver Password Protected (Windows)This check reports the accounts whose screen savers are not password protected. This check also reports the accounts for which the screensaver password protect setting could not be retrieved because it was not set.

This check only applies to domain accounts where a domain policy was pushed to the workstation.

You can use the name list to include or exclude users or security groups that are not already included or excluded by the Users to check option.

Table 3-15 shows the new messages for the ScreenSaver Password Protected check.







Table 3-15 ScreenSaver Password Protected messages


ESM_SCRSVR_PSSWDPROTECT_NOT_ENABLED

ScreenSaver password protect not enabled

Red-4

ESM_SCRSVR_PSSWDPROTECT_NOT_FOUND

ScreenSaver password protect not found

Red-4


File System EntitlementSU 28 includes one new check and one new message in the File System Entitlement module.

List Shares (Windows 2000/ 2003)This new check reports all folders that are shared by the hosts that are listed in the namelist.

Table 3-16 shows the new message for the List Shares check.

Startup FilesSU 28 includes one new check and one new message in the Startup Files module.

Unconfined Services (Linux)This new check reports processes with tcp or udp ports that do not have AppArmor protection enabled on Suse Enterprise Server 10 and higher. Use the namelist to exclude services.

Table 3-17 shows the new message for the Unconfined Services check.

User FilesSU 28 includes one new option in the User Files module.

Umask (UNIX)This new option defines how the existing Umask check is executed. Select this option to search each user’s startup scripts manually for umask commands.

Table 3-16 List Shares message


FE_SHARE Share Green-0

Table 3-17 Unconfined Services message


STKU_UNCONFINED_SERVICE

Unconfined Service Red-4


Use the namelist to specify scripts that should be parsed. Do not select this option if either the Umask (using su) option or the Umask (modifying startup script) option is selected.


File Attribute (Linux) An entry for Suse 10 and Red Hat 4.0 WS has been added to the template file.

File Watch (All) A new Exclude check box has been added to the existing Malicious File Watch template in the directory sublist. When this new Exclude checkbox is selected, it will exclude the files listed in the Directories to Watch field from the malicious files check. By default, this check box is selected.

Login Parameters, Network Integrity, Startup Files, System Mail (UNIX)

Syslog-ng support has been added.

Startup Files (UNIX) An Add Service button has been added to the Startup template. When adding services, an * (asterisk) character typed in the Item name field will load all services found on the agent.







AIX /RS 6000 4.2.1, 4.33, 5.1 5.1, 5.2, 5.3

AIX (PPC) 64-bit 5.3 5.3

HP-UX (HPPA) 10.20, 11.0, 11.11 11.0, 11.11

HP-UX (Itanium®) 11.23 11.23



2.1, 3.0 3.0, 4.0


3.0 3.0, 4.0



3.0 3.0, 4.0


2.8, 2.9, 2.10





9 9


All All




All




Table 3-19 SU 28 agent disk space requirements


AIX /RS 6000 211 MB


HP-UX 126 MB


Red Hat Linux 79 MB




















The LiveUpdate installation of SU28 for all supported operating systems requires approximately 1.3 GB disk space on each Symantec ESM 6.0 Manager and 790 MB on each ESM 6.5 Manager.


Table 3-20 lists the agent disk space requirements for applying SU28. This is the additional amount of disk space that is required during installation of the TPK or when updating the agent using LiveUpdate. The space required is in the ESM agent root directory.






AIX (RS 6000) aix-rs6k-433 119 MB 100 MB


HP-UX hpux-hppa-11 88 MB 74 MB






lnx-x86 44 MB 39 MB


lnx-x86 44 MB 39 MB



Solaris 2.7 solaris-sparc-27 43 MB 37 MB





w3s-ia64 113 MB 102 MB


w3s-iOpteron and EM64T

59 MB 55 MB



■ Support for the following operating systems:

■ Red Hat Enterprise Linux 4 AS (Xeon)

■ Windows Server 2003 R2 (x86, Opteron and EM64T)

■ Thirty-two new checks

■ Three new options

■ Forty-three new messages

New supported operating systemsThe ESM 6.5 agent has been certified to support the following platforms using existing agents:

■ Red Hat Enterprise Linux 4 AS (Xeon)

Note: Use the ESM 6.5 Red Hat Linux ES 4 (x86, Opteron and EM64T) Agent Setup from Security Update 25.

■ Windows Server 2003 R2 (x86, Opteron and EM64T)

Note: Use the shipping ESM 6.5 or 6.5.2 Agent for the x86 platform and the ESM 6.5 Windows Server 2003 Enterprise (Opteron and EM64T) Agent Setup from Security Update 25 for the Opteron and EM64T platform.

Changed messagesThe Login Parameters module had one message that was deleted in SU 27. This change only affects Windows agents. See “Login Parameters” on page 36.








File System EntitlementSU 27 includes two new options in the File System Entitlement module.

Alternate domain controllers (Windows 2000/Windows Server 2003)This new option specifies a list of domain controllers that the module should use to look up users in the Active Directory. Name list entries may use the format domain:controller where domain is a domain name and controller is the name of a domain controller. If this format is used, the name list entry is used to query users belonging to that domain. If only the domain controller name is specified, it is assumed to be the name of a global catalog. The module will not attempt to make LDAP requests to domains that are not listed in the name list.

Preload user information (Windows 2000/Windows Server 2003)This new option enables you to collect all user information at the beginning of the policy run. If this option is enabled, only one request is made to each of the Active Directory domain controllers specified in the name list and all user information is collected at the beginning of the policy run. If no domain controllers are specified in the name list, or if the domain controllers specified cannot be contacted, then the module behaves as though this option were not enabled.

Login ParametersSU 27 identifies one deleted message in the Login Parameters module.

Lockout time too short (Windows)This message has been deleted as of SU27.

Table 3-21 shows the deleted message for the Login Parameters module.

Table 3-21 Lockout time too short message


ESM_LOCKOUT_TIME_TOO_LOW

Lockout time too short Deleted


Symantec Product InformationSU 27 includes thirty-two new checks, one new option, and forty-three new messages in the Symantec Product Information module.

All new pcAnywhere checks are supported on pcAnywhere versions: 10, 10.5, 11, 11.5, and 12.

Minimum version (Windows)This new check reports if the installed version of pcAnywhere is less than the minimum specified in the value field.

Table 3-22 shows the new message for the Minimum version check.

Log generation enabled (Windows)This new check reports if pcAnywhere is not configured to generate log entries.

Table 3-23 shows the new message for the Log generation enabled check.

Record log on server (Windows)This new check reports if pcAnywhere is not configured to record log entries on a central server. Specify allowed servers in the name list.

Table 3-24 shows the new messages for the Record log on server check.

Table 3-22 Minimum version message


PCA_MIN_VERSION pcAnywhere version too low Red-4

Table 3-23 Log generation enabled message


PCA_LOG_DISABLED_PCA pcAnywhere logging not enabled Red-4

Table 3-24 Record log on server messages


PCA_NO_SERVER_LOG_PCA

pcAnywhere not storing log on remote server

Red-4

PCA_FORBIDDEN_SERVER_PCA

pcAnywhere log on unapproved server

Red-4


Record log locally (Windows)This new check reports if pcAnywhere is not configured to record log entries locally.

Table 3-25 shows the new message for the Record log locally check.

Event log enabled (Windows)This new check reports if pcAnywhere is not configured to generate NT event logs.

Table 3-26 shows the new message for the Event log enabled check.

Record event log on server (Windows)This new check reports if pcAnywhere is not configured to record event log entries on a central server. Specify allowed servers in the name list.

Table 3-27 shows the new messages for the Record event log on server check.

Record event log locally (Windows)This new check reports if pcAnywhere is not configured to record event log entries locally.

Table 3-25 Record log locally message


PCA_NO_LOCAL_LOG_PCA

No local pcAnywhere log Yellow-2

Table 3-26 Event log enabled message


PCA_LOG_DISABLED_EVT

pcAnywhere event logging disabled Red-4

Table 3-27 Record event log on server messages


PCA_NO_SERVER_LOG_EVT

pcAnywhere not logging events on remote server

Red-4

PCA_FORBIDDEN_SERVER_EVT

pcAnywhere event log on unapproved server

Red-4


Table 3-28 shows the new message for the Record event log locally check.

Events to log (Windows)This check reports events that are enabled in the keyword name list, but are not configured to be logged by pcAnywhere. Use the name list to specify which events should be enabled and/or disabled.

Table 3-29 shows the new message for the Events to log check.

SNMP traps enabled (Windows)This new check reports if pcAnywhere is not configured to enable SNMP traps. Use the name list to specify trap destinations. The include list indicates SNMP destinations that are allowed, while the exclude list indicates SNMP destinations that are forbidden.

Table 3-30 shows the new message for the SNMP traps enabled check.

Hosts to check (Windows)This new option lets you specify pcAnywhere hosts that you want to include or exclude. The name list applies to all Hosts checks following this option.

Table 3-28 Record event log locally message


PCA_NO_LOCAL_LOG_EVT

No local pcAnywhere event log Yellow-2

Table 3-29 Events to log message


PCA_REQUIRED_EVENT Required pcAnywhere event not logged

Red-4

Table 3-30 SNMP traps enabled message


PCA_SNMP_DISABLED pcAnywhere SNMP disabled Red-4

PCA_FORBIDDEN_DESTINATION

Forbidden pcAnywhere SNMP trap destination found

Red-4


Encryption level (Windows)This new check reports pcAnywhere hosts that are not configured to use one of the encryption levels specified in the name list.

Table 3-31 shows the new message for the Encryption level check.

Encryption algorithm (Windows)This new check reports pcAnywhere hosts that are not configured to use one of the encryption algorithms specified in the name list. Hosts using a key length smaller than the value specified in the value field will also be reported.

Table 3-32 shows the new messages for the Encryption algorithm check.

Remotes with lower encryption (Windows)This new check reports pcAnywhere hosts that are not configured to deny connections from remotes requesting a lower encryption level.

Table 3-33 shows the new message for the Remotes with lower encryption check.

Table 3-31 Encryption level message


PCA_ENCRYPTION_LEVEL

pcAnywhere host using forbidden encryption level

Red-4

Table 3-32 Encryption algorithm messages


PCA_ENCRYPTION_ALGORITHM

pcAnywhere host using forbidden encryption algorithm

Red-4

PCA_ENCRYPTION_LENGTH

pcAnywhere host encryption key size too small

Red-4

Table 3-33 Remotes with lower encryption message


PCA_LOWER_ENCRYPTION

pcAnywhere host allowing insecure connections

Red-4


Remotes with different algorithm (Windows)This new check reports pcAnywhere hosts that are not configured to deny connections from remotes requesting a different encryption algorithm.

Table 3-34 shows the new message for the Remotes with different algorithm check.

Password required to view (Windows)This new check reports pcAnywhere hosts that do not require a password to view properties.

Table 3-35 shows the new message for the Password required to view check.

Password required to modify (Windows)This new check reports pcAnywhere hosts that do not require a password to modify properties.

Table 3-36 shows the new message for the Password required to modify check.

Password required to execute (Windows)This new check reports pcAnywhere hosts that do not require a password to execute.

Table 3-34 Remotes with different algorithm message


PCA_ENCRYPTION_DIFF_ALG

pcAnywhere host allowing different encryption algorithms

Red-4

Table 3-35 Password required to view message


PCA_VIEW_ALLOWED pcAnywhere host viewable without password

Red-4

Table 3-36 Password required to modify message


PCA_MODIFY_ALLOWED pcAnywhere host modifiable without password

Red-4


Table 3-37 shows the new message for the Password required to execute check.

Callers (Windows)This new check reports pcAnywhere hosts that are configured to allow unapproved callers. Use the name list to include or exclude approved callers.

Table 3-38 shows the new message for the Callers check.

Abnormal termination (Windows)This new check reports pcAnywhere hosts that are not configured to handle abnormal terminations using one of the methods enabled in the name list.

Table 3-39 shows the new messages for the Abnormal termination check.

Secure abnormal termination (Windows)This new check reports pcAnywhere hosts that are not configured to secure abnormal terminations using one of the methods enabled in the name list.

Table 3-37 Password required to execute message


PCA_EXEC_ALLOWED pcAnywhere host executable without password

Red-4

Table 3-38 Callers message


PCA_FORBIDDEN_CALLER

pcAnywhere host allows forbidden caller

Red-4

Table 3-39 Abnormal termination messages


PCA_ABNORMAL_TERM Forbidden abnormal termination mechanism

Red-4

PCA_ABNORMAL_TIMEOUT

Abnormal termination timeout too long

Red-4


Table 3-40 shows the new message for the Secure abnormal termination check.

Normal termination (Windows)This new check reports pcAnywhere hosts that are not configured to handle normal terminations using one of the methods enabled in the name list.

Table 3-41 shows the new message for the Normal termination check.

Secure normal termination (Windows)This new check reports pcAnywhere hosts that are not configured to secure normal terminations using one of the methods enabled in the name list.

Table 3-42 shows the new message for the Secure normal termination check.

Prompt to confirm connection (Windows)This new check reports pcAnywhere hosts that are not configured to prompt to confirm connections. Specify the minimum timeout value in the value field.

Table 3-40 Secure abnormal termination message


PCA_UNSECURE_ABNORMAL_TERM

Forbidden abnormal termination security

Red-4

Table 3-41 Normal termination message


PCA_NORMAL_TERM Forbidden normal termination mechanism

Red-4

Table 3-42 Secure normal termination message


PCA_UNSECURE_NORMAL_TERM

Forbidden normal termination security

Red-4


Table 3-43 shows the new messages for the Prompt to confirm connection check.

Disconnect on timeout (Windows)This new check reports pcAnywhere hosts that are not configured to disconnect if a timeout occurs while waiting for a connection confirmation.

Table 3-44 shows the new message for the Disconnect on timeout check.

Blank screen after connection (Windows)This new check reports pcAnywhere hosts that are not configured to blank the PC screen after connection.

Table 3-45 shows the new message for the Blank screen after connection check.

Secure after connection (Windows)This new check reports pcAnywhere hosts that are not configured to secure the workstation after connection using one of the methods enabled in the name list.

Table 3-43 Prompt to confirm connection messages


PCA_NO_PROMPT Host does not prompt to confirm connection

Red-4

PCA_PROMPT_TIMEOUT

Timeout after prompt too long Red-4

Table 3-44 Disconnect on timeout message


PCA_DISCONNECT_TIMEOUT

Host does not disconnect on timeout

Red-4

Table 3-45 Blank screen after connection message


PCA_BLANK_SCREEN Host does not blank screen Red-4


Table 3-46 shows the new message for the Secure after connection check.

Keyboard/Mouse on host (Windows)This new check reports pcAnywhere hosts that are configured to activate the keyboard and mouse on the host.

Table 3-47 shows the new message for the Keyboard/Mouse on host check.

Keyboard/Mouse on remote (Windows)This new check reports pcAnywhere hosts that are configured to activate the keyboard and mouse on the remote.

Table 3-48 shows the new message for the Keyboard/Mouse on remote check.

Disconnect if inactive (Windows)This new check reports pcAnywhere hosts that are not configured to disconnect if the remote host has been inactive. Specify the maximum timeout in the value field.

Table 3-49 shows the new messages for the Disconnect if inactive check.

Table 3-46 Secure after connection message


PCA_SECURE_CONNECTION

Host uses forbidden connection security

Red-4

Table 3-47 Keyboard/Mouse on host message


PCA_KB_HOST Keyboard/Mouse enabled on host Yellow-2

Table 3-48 Keyboard/Mouse on remote message


PCA_KB_REMOTE Keyboard/Mouse enable on remote Yellow-2

Table 3-49 Disconnect if inactive messages


PCA_INACTIVE_DISCONNECT

Host not configured to disconnect if inactive

Red-4


Case sensitive passwords (Windows)This new check reports pcAnywhere hosts that are not configured to use case sensitive passwords.

Table 3-50 shows the new message for the Case sensitive passwords check.

Login timeout (Windows)This new check reports pcAnywhere hosts that are not configured to timeout while waiting for login. Specify the maximum timeout in the value field.

Table 3-51 shows the new messages for the Login timeout check.

Maximum login attempts (Windows)This new check reports pcAnywhere hosts that allow more than the number of login attempts specified in the value field.

Table 3-52 shows the new messages for the Maximum login attempts check.

PCA_INACTIVE _TIMEOUT

Inactive timeout too long Red-4

Table 3-50 Case sensitive passwords message


PCA_CASE_INSENSITIVE

Host uses case insensitive passwords Red-4

Table 3-51 Login timeout messages


PCA_NO_LOGIN_TIMEOUT

No login timeout configured Red-4

PCA_LOGIN_TIMEOUT Login timeout too long Red-4

Table 3-52 Maximum login attempts messages


PCA_NO_LOGIN_ATTEMPTS

No login attempt maximum configured

Red-4

Table 3-49 Disconnect if inactive messages



Block failed IP (Windows)This new check reports pcAnywhere hosts that are not configured to block failed IP addresses. Specify the minimum block duration in the value field.

Table 3-53 shows the new messages for the Block failed IP check.

Table 3-54 shows the new message that applies to all pcAnywhere checks in the Symantec Production Information module.

Known issuesThe following issues are known in SU 27:

PCA_LOGIN_ATTEMPTS Max login attempts too high Red-4

Table 3-53 Block failed IP messages


PCA_IP_NOT_BLOCKED Host not configured to block failed IP addresses

Red-4

PCA_IP_BLOCKTIME Failed IP addresses block time too short

Red-4

Table 3-54 pcAnywhere installation message


PCA_NOT_INSTALLED pcAnywhere not installed Red-4

Table 3-52 Maximum login attempts messages


ESM 6.5 + LiveUpdate (All) LiveUpdate to Solaris 10 (x86, Opteron and EM64T) 6.5 agent machines can return the error: “Error, @; error verifying integrity of LiveUpdate signature file, ld.so.1: gpgv: fatal: libiconv.so.2: open failed: No such file or directory” on the policy run. If this error occurs, the Solaris machine needs to have the following library conversion package applied: libiconv-1.8-sol10-intel-local. This package can be downloaded from ftp://ftp.sunfreeware.com/pub/freeware/intel/10/.



File System Entitlement (Windows)

The File System Entitlement module outputs an unexpected system error if scanning the file .zapi on the $ETC share of a NetApp filer. The $ETC share should not be scanned by the File System Entitlement module.

Account Integrity (Windows)

The Account Integrity module has been modified to properly snapshot Active Directory groups containing the ‘’ characters.

File Attributes (AIX, Solaris)

The File Attributes default templates have been updated with current files and permissions.

File Attributes (All), File Watch (All), ICE (All), Registry (All)

The File Attributes, File Watch, ICE, and Registry modules have been modified to include SHA-256, a more secure hashing algorithm, in the Signature or Checksum drop-down menu in the corresponding templates.

File Find (UNIX) The File Find module has been modified to include the ability to match parameters of a running process in the File Content Search Conditions sublist.

File Watch (All) The Field Depth in the File Watch module template has been enhanced to allow wildcards to be used to report files at multiple depths.

Group Policy (Windows 2000/Windows Server 2003)

The Group Policy module has been modified to allow regular expressions to be used for Group Policy Names in the GPO Restricted Groups template.

Login Parameters (Linux) The Login Parameters module has been changed to include Linux support for the Excessive failed login attempts for users check and the Inactive Accounts check.

Login Parameters (UNIX) The Excessive failed logins for users check has been modified to properly handle empty or blank user names.

Network Integrity (Windows)

The Network Integrity module has been modified to properly query the RRAS NT service permissions without errors.

OS Patches (AIX) The OS Patch module has been modified to detect both Emergency and Interim Fixes in addition to the previously supported security patch content.


Password Strength (Solaris)

The Password Strength module has been modified to attempt to perform Password Strength checks using default Solaris password hash types even though an unrecognized PAM module has been detected on Solaris 9 and later systems.

Registry (Windows) The Key ownership check has been modified to handle nested groups when used in combination with the Allow any privileged account option.

Security Update Install (TPK) (Windows)

The TPK installation package now supports long file names in Windows.

Startup Files (UNIX) The Startup Files module has been modified to report on multiple instances of running processes specified in the enabled templates.

Startup Files (Linux) The Startup Files module has been modified to read all information from long process table entries for determining mandatory and forbidden processes.

Symantec Product Information (Windows)

The File System Auto-Protected check has been modified to prevent query file deletion errors. This check is now also supported on Windows Server 2003 Opteron and EM64T and Itanium editions.





A

Documents

Symantec Enterprise Security Manager™ Security Update 30 ...€¦ · 5/3/2008 · The following are new in SU 30: Support for Red Hat Enterprise Linux ES 5 (x86, Opteron, EM64T,