Release Notes CSG 7.0.22

Collax Security Gateway
28.03.2018

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Net: Resolve host FQDNs in network groups

Collax servers use host elements in many places. Hosts are individual computers which are known to the Collax Server. A host is an existing element and a prerequisite for various settings that affect the services. Hosts can be created in the host administration, where only the full domain name (FQDN), but not the IPv4 address are known. Without known IP address, these can not be used inside network groups. The network groups are used in two areas: Permissions and firewall matrix (routing). Use the “Resolve host FQDNs for network groups” option for hosts where only the FQDN is known, so that they can be used by network groups to be able to apply firewall rules to them. This dialog is located under “Network -> Firewall -> General”.

System Management: Linux Kernel 4.9.87

Collax Server 7 is based on the long time support (LTS) Kernel 4.9. It provides better hardware support und more security fixes und is supported until January 2019.

Hardware: PV-Storage-Device for Xen-Support

In PV mode, Xen sets its virtual disk to /dev/xvda for the installed operating system in the virtual machine. With this update Collax Server also support the installation on /dev/xvda devices.

Collax Information & Security Intelligence: New Add-on module - Detect threats - precise evaluations

With this version, the new add-on module “Collax Information and Security Intelligence” is available. Keeping track of infrastructure data in the process of rapidly growing data volumes is increasingly important. This can only be done on the basis of well-prepared information, and this should best be available in real time. Collax provides a special software module specifically for this challenge.

It is based on the client-server principle. The clients or agents collect the information from the log files and send them to a central server. This prepares the data, saves it and provides a surface for evaluation. As a basis for the module we use the powerful framework Elastic Stack of the company Elastic (www.elastic.co) and expand it with important functions for practical use.

Issues Fixed in this Version

Security: ClamAV

In the source code of the virus scanner ClamAV security holes have been discovered. These holes will be closed within this software update to the version 0.99.4.

CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-0202 CVE-2018-1000085

Security: Meltdown and Spectre - Serious processor security hole

Security researchers have discovered massive security holes in processors that were developed by security experts These holes were published under the name Meltdown or Spectre. Meltdown is the vulnerability, that allowed unprivileged processes the reading of kernel memory. Spectre is the security hole that exploits that CPUs execute many commands speculatively in advance, resulting in memory areas, that can be tapped. This update installs a feature against Spectre Variant 1 called “User Pointer Sanitization”.

More information on Meltdown and Spectre here .

GUI: Firefox form autocomplete of passwords

Der Firefox Webbrowser merkt sich automatisch Einträge einzelner Textfelder. Aufgrund eines Fehlers in einer Firefox Programmeinstellung wurde beim Aufruf des Administratorformulars und im Dialog einzelner Benutzerkonten das Passwortfeld automatisch mit vorher gespeicherten Daten befüllt, was zur Folge hatte, dass sich die Einstellungen im Dialog änderten und ggf. angepasst werden mussten. Mit diesem Update wird der Fehler umgangen.

The Firefox web browser automatically remembers entries of individual text fields. Because of an error in a Firefox program setting the password field was automatically filled with previously stored data when calling the admin form and in the dialog of individual user accounts, which meant that the settings in the dialog changed and had to be adjusted. With this update the error is corrected by a new implementation.

GUI: Copy tables to clipboard

With this release the copying of tables to the clipboard is implemented consistently. To copy, click the right mouse button in the table name at the top of the table with the action Clicked “Copy to clipboard”.

GUI: System Log Files and KDC

In the menu item “Status -> System Log Files” messages of all Services or individual subsystems and can be evaluated. This update displays messages from the KDC service (Key Distribution Center in the Kerberos subsystem) into a separate logfile. This file is only readable in a separate area on the Linux console. Due to the “Chatiness” of the KDC service, we decided to make the logs better readable.

GUI: block suspicious files

In the dialog “Mail and Messaging -> Antivirus Mail Filtering” the filtering for viruses for the e-mail traffic is turned on. The option “Block suspicious files” was still active, even if filtering for viruses was switched off again and the option was previously set. Due to a faulty routine within the web interface the function was not removed. This update corrects the error.

GUI: Emulate tarpitting

In the dialog “Mail and Messaging -> Spam -> Spam-SMTP-Filter” the function Tarpitting enables the tarpit function for additional protection against spam e-mail and the spread of worms. This option is located in the add-on module Collax Mail Security. Due to a faulty routine within the web interface the function could not be saved. This update corrects the error.

Hardware: IPMI vbat on Skylake

IPMI (Intelligent Platform Management Interface) can be used for hardware monitoring and management on some systems. On Skylake Supermicro motherboards the Sensor Data Record (SDR) repository for the record “VBAT” reported an incorrect value. Meanwhile, this also led to a warning within the active monitoring. With this update Collax provides a patched program package that displays the corrected error caused by Supermicro motherboards.

Notes

E-Mail: Collax Virus Protection powered by Kaspersky prior Version 7

Version 7 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.0 will be available until December 31, 2017. From 01.01.2018 Kaspersky will not update the patterns for Collax version 5 and older. All installations using the Collax Virus Protection module should therefore, be brought up to date.