Release Notes CBS 5.0.2

Collax Business Server
29.06.2008

Installation Notes

Accomplish Upgrade to Version 5.0.2

To install this update please follow these steps:

  • Please do a backup of all server data.
  • Go to System -> System Operation -> Software -> System Update and click Upgrade-Information. Please read the information carefully. For further questions please contact Collax GmbH before accomplishing the upgrade.
  • Click Start upgrade. The successful update of the package list is indicated by the detail message Please continue with downloading package list. and the final message Done!.
  • For updating the packet list click Get Package List. The successful update of the package list is indicated by the message Done!.
  • Click Get Packages for downloading the listed update packages. Important: If you download the packages over a slow connection (ISDN, analog, etc.), the browser may drop the connection to the administration interface. However, the download will continue in the background. Continue with the next step. If you get an error message, wait a few minutes and try again.
  • Click Install. This action installs the update. The end of this process is indicated by the message Done!.
  • Please Note that a reboot automated will be executed to engage the new kernel.

Installation Notes

Upgrade from Version less than 4.1.26

To accomplish the upgrade to version Collax Business Server 5.0.2 the prior version 4.1.26 needs to be installed. To install the version 4.1.26 please follow the steps “Get Package List”, “Get Packages” and “Install”.

Please follow the steps “Accomplish Upgrade to Collax Business Server Version 5.0.2” if the version 4.1.26 is installed. Please read the release notes to the appropriate version.

Check File System

Before upgrading the server a check of the file system should be carried out. The file system check is available in the boot menu of the server. To lead the check by, a display and a keyboard must be connected to the server and afterwards a restart needs to be executed. After loading the BIOS the file system check can be selected in the boot menu. As a result the file system is checked and suitable state messages are displayed. If the file system is in order the server starts and the upgrade can be carried out. Technical questions to the file system check can be placed to your certificated Collax partner or to the support team by Collax.

Duration of Upgrade

Depending on your existing server installation up to 320 software components will be downloaded and replaced. So the total duration of the upgrade process will take between 45 minutes and 180 minutes.

New in this Version

Security: Firewall Tftp Connection Tracker

If services use undeterminable ports for the data transfer connection tracker are used for the firewall to establish and track such connections. With this update the connection tracker for the trivial file transfer protocol (tftp) can be activated in the firewall when required. Connections about this protocol can be set up and logged with it.

GUI: SMTP outbound and SMTP receiption Forms

With the new version the setup of the e-mail service SMTP is split in two forms instead of one. The setup of SMTP is directed now whether e-mails are dispatched (SMTP outbound for system information e-mails), or whether e-mails in different accounts, e-mail lists, or several e-mail domains should be administered (SMTP reception).

GUI: X.509 certificates and Certificate Signing Requests Forms

The administration of certificates become easier with the new version where the content was split into two forms: X.509 certificates and Certificate Signing Requests (CSR).

GUI: Wizard for registration of license keys

From this version the new wizard is available for the simplistic registration of licence data used. The wizard resembles with Collax deposited licensee’s information from leads the user gradual through the registration process.

E-Mail: Primary Email Address

From this version it is possibly to define a primary e-mail address on the Collax server. Just by the use of several e-mail domains the Collax server offers now centrally very adaptable setting possibilities to assign a primary sender’s address for user groups. The primary e-mail address can be customised by means of a determinable address structure and the weighting of the e-mail domains for the needs of single groups. These settings are able in the form Settings-> Mail and Messaging-> SMTP receiption within the tab Options. Furthermore the possibility to set an individually sender’s address for every user exists within the form Settings-> Usage Policy -> Users.

Add-on Software: New Version of Collax Virus Protection

The virus scanner Collax Virus Protection offers comprehensive antivirus protection for email services. Within this Collax system update the scanner is updated to the newest version.

The options for “Email disinfection”, “Damaged Email” and “Alerts” are omitted from this update on. Emails can additionally be copied to quarantine (mail queue for hold mails) if they had been cleaned or before they shall be deleted.

Attention: Please start a manual pattern update by clicking the button “Get Updates” at the bottom of the form in Settings -> Filter -> Collax Virus Protection, Tab Mail. This update is necessary to start the services successfully.

System Management: Monitoring of Services

All enabled services of the Collax servers are checked on their working mode, f.e.: running or stopped. The status is indicated in the form “System-> monitoring / evaluation-> state-> services”. If the active monitoring is switched on, the services are also tested qualitatively. The status whether the function of the service is all right, or whether problems occured during operation have appeared (Bsp: OK, WARNING, CRITICAL). Configuration -> Monitoring” is indicated in the new column “Test”.

System Management: Extension of System Information

Up to now information about CPU, RAM and hard disks were displayed as system information. From this update it is possible to gather detailed graphic information about file system, hard disks and network interfaces.

System Management: Logging of Firewall Rules

It is regulated within the Firewall matrix which network connections running thru the Collax server are permitted or are forbidden. To simplify the logging of these regulated network connections the option “Logging for the Firewall Matrix” can be set now in the form “Settings->Networking->Firewall->General->Options”. Up to now this setting needed to be activated for each single connection. The logging of permissible or forbidden connections will be applied in general on all firewall rules, explicitly or implicitly, and thereby it eases the use and the reporting of the rules.

System Management: Extended Active-Directory Integration

Up to now the integration of Collax server in Microsoft ActiveDirectory was used to authenticate the users against in the ActiveDirectory. This function is going to be extended with this software version to read user-related data from the ActiveDirectory, this data is going to be used within the Collax services to provide a full centralized user management via Microsoft ActiveDirectory. This function can be activated via Settings -> Usage Policy -> PDC/ADS -> Enable Active Directory proxy.

Hardware: iSCSI Initiator

iSCSI makes the use of the SCSI protocol on a TCP/IP network possible. From this version the function of the controller, the iSCSI initiator, is implemented in the Collax server. With the iSCSI initiator storage devices in the network (iSCSI Targets) are integrated transparent as local storage devices. To the functions of the iSCSI initiator counts the target discovery, to integrate storage devices fast on the network, as well as the possibility of the authentication to establish a reliable connection to the iSCSI-Target.

Hardware: Driver for 10GB Network Interface Cards

The driver for 10gigabit network interface cards will be implemented within kernel version 2.6.25.20. These driver support the following NICs: Chelsio 10Gb Ethernet, Chelsio Communications T3 10Gb Ethernet, Intel® 10GbE PCI Express, Intel® PRO/10GbE PCI-X, S2IO 10Gbe XFrame NIC, NetXen Multi port (110) Gigabit, Sun Neptune 10Gbit, Tehuti Networks 10G, Broadcom NetXtremeII 10Gb.

Misc: Add-on Modul Collax Net Security available

Ab diesem Software-Update kann das Modul im Menü “System->Systembetrieb->Software->Lizenzen und Module” mit einer zusätzlichen Lizenz aktiviert werden, anschließend kann das Modul installiert werden.

The module Collax Net Security unites all important security and network functionalities, those of a gateway can be expected. With this module new functions like Multi-WAN-Access, L2TP-VPN, SSL-VPN, VPN Wizard, Intrusion Detection and Intrusion Prevention (IDS/IPS) are available for the Collax Business Server within this add-on.

From this software update the module can be activated in the menu “System -> System Operation -> Software -> Licences and Modules” with an additional licence, afterwards the add-on can be installed.

Misc: Add-on Modul Collax Mail Security available

Ab diesem Software-Update kann das Modul im Menü “System->Systembetrieb->Software->Lizenzen und Module” mit einer zusätzlichen Lizenz aktiviert werden, anschließend kann das Modul installiert werden.

The module Collax Mail Security protects workstations and servers against all dangers which e-mail traffic can include. This module has available the Spam filter steps Greylisting, tar pit emulation and a reputation filter (Razor check) as well as the virus scanner ClamAV as add-ins for the Collax Business Server.

From this software update the module can be activated in the menu “System -> System Operation -> Software -> Licences and Modules” with an additional licence, afterwards the module can be installed.

Issues Fixed in this Version

Security: Cryptography Toolkit OpenSSL

In the source code of the cryptography toolkit OpenSSL 0.9.8k security holes have been discovered. These holes will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0590 CVE-2009-0591 CVE-2009-0789

Security: GNU TLS and SSL implementation

In the source code of GnuTLS security holes have been discovered. These holes will be closed within this Collax software update.

GnuTlS 2.6.6 is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2008-4089 CVE-2009-1415 CVE-2009-1416 CVE-2009-1417

Security: Udev, Dynamic Device Management

In the source code of GnuTLS security holes have been discovered. These holes will be closed within this Collax software update.

A patch for udev 126 is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-1185

Security: VPN IKE Daemon Pluto

In the source code of the IKE daemon Pluto security holes have been discovered. These holes will be closed within this Collax software update.

A patch for Pluto 2.4.9 is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0790

Security: GNU data type library glib2

In the source code of glib2 security holes have been discovered. These holes will be closed within this Collax software update.

A patch for glib2 2.18.2 is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2008-4316

Security: Authentification library libsasl2

In the source code of system library libsasl2 security holes have been discovered. These holes will be closed within this Collax software update.

A patch for libsasl2 is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0688

Security: System library libfreetype

In the source code of system libraries libfreetyp security holes have been discovered. These holes will be closed within this Collax software update.

A patch for libfreetype is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-1416

Security: SquirrelMail Web Mail

In the source code of web mailer SquirrelMail security holes have been discovered. These holes will be closed within this Collax software update.

SquirrelMail 1.4.18 is going to be installed and fixes the assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-1578 CVE-2009-1579 CVE-2009-1580 CVE-2009-1581

Security: Samba, Windows SMB/CIFS Server for UNIX

In the source code of the Windows SMB/CIFS fileserver Samba security holes have been discovered. These holes will be closed within this Samba software patch for version 3.0.34.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-1888

GUI: Implicit Rules of Services Firewall-Matrix

The Firewall matrix offers a unique visual representation of regulated network connections. In addition, the matrix prevents unintentional false configuration of Firewall rules by the fact, that the order of the rules automatically and properly is generated. The visual representation of implied rules with uncertain networks and certain services was not correct, this is corrected from this update on.

Notes

Add-on Software: New Licensing of Avira Antivir

The Anti Virus product Avira Antivir will now be identically licensed as all Collax Modules. With this method a higher handling comfort is reached and the separate Avira Antivir-License integration is now redundant. Updating the license manually will not be necessary anymore.

Add-on Software: Download Progress Bar when using Avira Antivir Web-Virus-Filter

The anti virus product Avira Antivir displayed a special progress bar while scanning downloaded files. With the new anti virus technology within this update this progress bar becomes superfluous. From this update the progress bar of Avira Antivir is going to be removed.

Misc: PHP update 5.3.6

In cause of the major-release of PHP 5.3.6 it is possible that files which use PHP have to be adapted.