Release Notes CSG 7.0.32

Collax Security Gateway
17.10.2018

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

GUI: Extended System information

The dialog “Hardware -> System Devices and Components” display the system’s hardware resources. With this release the view is extended and additional information is beeing displayed. Virtual machines running on Collax V-Server hardware are displayed with the Name of the vm and on which Node (name and productversion) it is running. Servers from other vendors show additional dmi-data (desktop management interface) like manufacturer, product name, serial number and more information about the BIOS and the system.

GUI: Event e-mail notification

Zusätzlich wird nun bei der Benachrichtigung über Konfig-Aktivierungen eine detaillierte Übersicht über die gemachten Änderungen mitgeschickt.

In the dialog in the menu “Logging / Monitoring -> Event log”, the system can be used for certain events and independently send an e-mail to the administrator. The emails contained the text “Notification” without the appropriate event. With this update, the subject of the e-mail is adjusted, from which the event will be visible in the subject of the e-mail. Likewise, the information from which server the status mails are sent is adapted. Please consider to adjust your sieve filter rules if necessary.

GUI: Change history of the system configuration

The new tab “Change history” in the dialog “Configuration -> Configuration Management” lists all completed configuration changes and activations and summarizes them in blocks. The header of a block indicates when and by whom the changes were made. If the changes have been activated afterwards, there is an additional Go symbol in the header line, also indicating the time and the administrator who triggered the activation. The administrator specifies the login and the IP address from which the administration interface was accessed. Entries for “root@127.0.0.1” are changes and activations made automatically by the server. The current state is marked with a gear symbol at the beginning of the header line.

E-Mail: ClamAV-Phishing-Whitelist

Starting with this version, false positive detections of the phishing filter of ClamAV can be avoided. ClamAV compares the displayed URL and the actual URL of a link in a mail and classifies it as a phishing attempt if the domains of the two URLs are too different. If this is the case, the mail is quarantined with the reason “Heuristics.Phishing.Email.SpoofedDomain”. Known is a case of an Amazon mail, which was considered a supposed phishing attempt. You will find the dialogue under “Mail -> Mail Security -> Spam White/Blacklist”. Please also see the online help with examples.

Web Proxy: Rule Analysis

Rule analysis is a tool that can be used to check the rules of the Web proxy. When users authenticate to the Web proxy, it can be tested whether they are allowed to access a particular Web page or not and on the basis of which proxy rule this is done. In addition, or for non-authenticated users, it is possible to check how the request is filtered if it is made from a specific IP address. If proxy rules are set up with a time period, a query can also be simulated at a certain point in time. This dialog is located under “Networking -> Web Security -> Rule Analysis”.

System Management: Linux Kernel 4.9.128

This update installs Linux kernel 4.9.128.

System Management: Different notification groups within Active Monitoring

This update extends the notifications for user groups in which groups should be alerted when a service fails. Users from groups will automatically receive email notifications from Nagios. Now it is possible to differentiate between notifications in case of warning, in critical condition and in the recovery of messages. This dialog is located in the “Permissions” tab under “Logging / Monitoring -> Monitoring -> Active”.

Hardware: UEFI-BIOS support

This update of the installation process of the ISO medium provides the support for systems with UEFI-BIOS.

Hardware: Gemini Lake™ support within installation process

This update of the installation process of the ISO medium provides the support for Intel® Gemini Lake™ platforms.

Collax Information & Security Intelligence: Component update

This update updates the elastic stack to version 6.4.0. In addition to many improvements in the background for example, new features of Kibana are visible. So auto-completion is integrated and for each visualization there is an inspector for a more detailed analysis of the data.

Collax Information & Security Intelligence: Reports with automatic mail

This release introduces new features for the Collax Information and Security Intelligence module. It is now possible to generate reports. There are a number of default reports available. Layout and content can also be adapted to given requirements. The reports can be regular and automatically generated and sent as a PDF to selected recipients.

Collax Information & Security Intelligence: Retention periods for data

With a high volume of data, the indexes can quickly use up the disk space. Also, the GDPR may require the deletion of older data. It’s now possible to automatically delete data from the indices that are older than a configurable deadline. The retention periods can be adjusted according to the area of the data (eg syslog, mail or firewall) set differently.

Collax Information & Security Intelligence: Backup items

All data that has been collected can be included in the backup with this update. For each area (eg syslog, mail or firewall) there is a separate backup item available. As a result, different backup strategies can be applied to the areas.

Issues Fixed in this Version

Security: Internet Domain Name Server BIND

In the source code of the internet domain name server BIND security holes have been discovered. These holes will be closed within this Collax software update to bind 9.11.4

E-Mail: Status information to the email address of the virus administrator

An e-mail address for an administrator is specified here. This administrator receives status information from the virus filter. Up to now, under certain circumstances, invalid@invalid was used as the sender when sending messages. This caused uncertainty and is resolved. The notification will now be sent as root@FQDN.

Notes

E-Mail: Collax Virus Protection powered by Kaspersky prior Version 7

Version 7 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.0 will be available until December 31, 2017. From 01.01.2018 Kaspersky will not update the patterns for Collax version 5 and older. All installations using the Collax Virus Protection module should therefore, be brought up to date.

E-Mail: Collax Avira AntiVir prior Version 7.0.24

Version 7.0.24 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.24 will be available until December 31, 2018. From 01.01.2019 Avira will not update the patterns for Collax version 7.0.22 and older. All installations using the Collax Avira AntiVir module should therefore, be brought up to date.

Collax Information & Security Intelligence: Modified mapping of the indices

When updating Elastic Stack to 6.4.0, the mapping of the indexes was changed. This prevents Filebeat to write the data to the same index before and after the update. Therefore, after the update has been performed, the resulting data will no longer be included in the index. From 0:00 clock on, Elastic Stack will create a new index and all data from this point will be written again to the index. The data between the end of the update and midnight will be lost. If it is better to renounce to the data before the update, from 0:00 until the end of the update, the index for the current day can be deleted after the update via the administration interface. Then all data will be lost after 0:00 and the deletion of the index.