Imperva Securesphere V11.0 Agent Release Notes 6pb12
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 2z6p3t
Overview 5o1f4z
& View Imperva Securesphere V11.0 Agent Release Notes as PDF for free.
More details 6z3438
- Words: 5,753
- Pages: 18
Agent Release Notes Version 11.0 Patch 3 March 2016
COPYRIGHT NOTICE © 2016 Imperva, Inc. All Rights Reserved. Follow this link to see the SecureSphere copyright notices and certain open source license : https://www.imperva.com/sign_in.asp?retURL=/articles/Reference/SecureSphere-License-and-Copyright-Information This document is for informational purposes only. Imperva, Inc. makes no warranties, expressed or implied. No part of this document may be used, disclosed, reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Imperva, Inc. To obtain this permission, write to the attention of the Imperva Legal Department at: 3400 Bridge Parkway, Suite 200, Redwood Shores, CA 94065. Information in this document is subject to change without notice and does not represent a commitment on the part of Imperva, Inc. The software described in this document is furnished under a license agreement. The software may be used only in accordance with the of this agreement. This document contains proprietary and confidential information of Imperva, Inc. This document is solely for the use of authorized Imperva customers. The information furnished in this document is believed to be accurate and reliable. However, no responsibility is assumed by Imperva, Inc. for the use of this material.
TRADEMARK ATTRIBUTIONS Imperva and SecureSphere are trademarks of Imperva, Inc.
All other brand and product names are trademarks or ed trademarks of their respective owners.
PATENT INFORMATION The software described by this document is covered by one or more of the following patents: US Patent Nos. 7,640,235, 7,743,420, 7,752,662, 8,024,804, 8,051,484, 8,056,141, 8,135,948, 8,181,246, 8,392,963, 8,448,233, 8,453,255, 8,713,682, 8,752,208, 8,869,279 and 8,904,558, 8,973,142, 8,984,630, 8,997,232, 9,009,832, 9,027,136, 9,027,137, 9,128,941, 9,148,440 and 9,148,446.
Imperva Information US Headquarters Imperva Inc. 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 USA Tel: (650) 345 9000 Fax: (650) 345 9004 Imperva-SecureSphere-v11.0-Agent-Release-Notes-Patch-3-v4
Email: [email protected] Website: www.imperva.com
SecureSphere Agents Version 11.0
1.
Release Highlights 1.1
Windows 2008 and 2012 Inline Monitoring and Blocking SecureSphere Agents for Database on Windows now s inline monitoring and blocking on Windows 2008 and 2012 servers on the following Channels: T Local and T Remote. In order to enable this feature, that EIK is enabled.
1.2
Patch 1 Additions
1.2.1
Oracle Network Data Encryption (NDE, also known as Oracle ASO)
SecureSphere Agents for Database now s Oracle Network Data Encryption for Oracle 11.2 on RHEL 5 and 6. ed interfaces include External/Local T and BEQ. This feature is disabled by default. for instructions on enabling it.
1.2.2
SUSE SLES 10 SP3 Teradata Distribution
SecureSphere Agents for Database now s SUSE Enterprise Linux (SLES 10 SP3) with kernel 2.6.16.600.91.TDC.1.R.2 to 2.6.16.60-0.131.TDC.2.R.0, designed for Teradata deployments
1.2.3
SUSE SLES 11 SP1 Teradata Distribution
SecureSphere Agents for Database now s SUSE Enterprise Linux (SLES 11 SP1) with kernel 2.6.32.540.35.TDC.1.R.1 to 2.6.32.54-0.53.TDC.1.R.0, designed for Teradata deployments.
1.2.4
RHEL 6 Single Package
SecureSphere Software Updates now provides a single package for both K0 and K1 RHEL 6 agents, then automatically decides which to load. This eliminates the need to replace the agent package when upgrading the RHEL 6 kernel.
1.2.5
Red Hat Enterprise Linux 7
SecureSphere Agents for Database now Red Hat Enterprise Linux (RHEL) 7.
1.3
Patch 2 Additions
1.3.1
Windows 2003 Inline Monitoring and Blocking for MSSQL Databases
SecureSphere Agents for Database on Windows now inline monitoring and blocking on Windows 2003 servers for MSSQL databases on the following Channels: T Local and T Remote. In order to enable this feature, that EIK is enabled.
1.3.2
2014 IPC Data Interface
SecureSphere Agents for Database on Windows now a -defined MSSQL 2014 IPC data interface type (named pipes).
1.4
Patch 3 Additions
1.4.1
SLES 11 SP1 Teradata Distribution
SecureSphere Agents for Database now SUSE Enterprise Linux (SLES 11 SP1) with kernel 2.6.32.540.35.TDC.1.R.1 to 2.6.32.54-0.59.TDC.1.R.0, designed for Teradata deployments.
SecureSphere Release Notes
3
1. Release Highlights
1.4.2
Oracle Network Data Encryption (NDE, also known as Oracle ASO)
In addition to the ed platforms noted in section 1.2.1 above, SecureSphere Agents for Database now Oracle Network Data Encryption for Oracle 11.2 on RHEL 7, OEL 5 UEK 1 64-bit, OEL 5 UEK 2 64-bit, OEL 6 UEK 2 64-bit and OEL 6 UEK 3 64-bit. This feature is disabled by default. for instructions on enabling it.
4
SecureSphere Release Notes
SecureSphere Agents Version 11.0
2.
Installing SecureSphere Agents 2.1
Installing and Upgrading SecureSphere Agents Before ing the SecureSphere Agent installation file(s), please read carefully the “Installing SecureSphere Agents” chapter in the SecureSphere istration Guide.
Note: In Unix and Unix-like systems, the bash shell must be available before installing the SecureSphere Agent.
2.2
Required Permissions for Agent Installation/Configuration To install and configure agents, you require privileges. To run with privileges: In Windows: Open the Windows Start Menu, search for ‘cmd,’ then right-click cmd.exe and select “Run as .” In command window, navigate to location of installation package and run as required. In Unix/Linux: Run as root (uid=0)
2.3
SecureSphere Agent Package Starting from SecureSphere v10.5, SecureSphere s ing and deploying agents from the Software Updates screen in the SecureSphere GUI. To use this functionality, you need to be working with a management server v10.5 or newer. The agent is provided as a compressed file (.tar.gz for Unix, .zip for Windows), which includes a number of other files. Notes:
•
•
When ing and installing agents for use with a Management Server v10.5 and later, the additional files are used as part of the installation. Installation is conducted as described in the v10.5 istration guide. When ing and installing agents for use with a Management Server earlier than v10.5, the additional files should be ignored, and installation is conducted as described in that version's istration Guide.
The content of the compressed file include:
2.4
•
An installation file for the SecureSphere Agent. This file is a .bsx for Unix or .msi for Windows and its name contains the string ragent.
•
An installation file for the SecureSphere Agent Installation Manager. This file is a .bsx for Unix or .msi for Windows and its name contains the string ragentinstaller.
•
An installation batch file (install.sh). This file is only part of the Unix installation package. It is not included with the Windows installation package.
•
A ree file.
•
A file with the suffix "metadata" which is used by the agent installation manager.
SharePoint, File and DSM When installing a SecureSphere Agent for SharePoint, File and Directory Services Monitoring (DSM), you must ensure that the MX and the Gateway versions are 9.5 or later for SharePoint, 10.0 or later for DSM.
SecureSphere Release Notes
5
2. Installing SecureSphere Agents
2.5
Special Considerations for SUSE and OEL UEK Platforms SUSE maintains several versions of their OS, and service packs for each version. In addition, SUSE periodically releases updates to service packs, which sometimes include updated versions of the kernel. As such, there are a number of items that should be taken into and understood before installing SUSE and OEL UEK agents. For more information, see topics in the SecureSphere Agent Installation chapter of the SecureSphere istration Guide that discuss special considerations for SUSE platforms.
2.6
Agent Installation Requirements
2.6.1
Agent Memory Requirements
The SecureSphere Agent requires memory for operation based on different factors. The following lists the amount of memory that is required for operation : •
Space: 100-150 MB
•
Kernel Space: •
1-32 cores: 300 MB
•
32-128 cores: 500 MB
•
>128 cores: 2 GB
2.6.2
Agent Disk Space Requirements
The SecureSphere Agent uses up to 500 MB of disk space for its normal operation, logging, storing configuration, and more. In addition, to ensure audit information is preserved in the event of network problems, SecureSphere reserves 8 GB of disk space by default. You can change the amount of disk space being reserved, as well as the location where this information is saved. For information on how to change this value, see the article Agents - Modifying the PCAP quota created on the Database in the Imperva Customer Portal.
2.7
Upgrading SecureSphere Agents Beginning with version 10.0 SecureSphere Agents, to upgrade, you simply install the new SecureSphere Agent. It is no longer necessary to uninstall previous versions. This includes when upgrading the same version to a newer patch. •
In both Windows and Unix, there is no need to re- an upgraded SecureSphere Agent.
To upgrade a Unix Agent to v11.0: 1.
2.
the new agent package. •
To determine what installation package you need to , see Determining Which non-Windows SecureSphere Agent Package to Install on page 7
•
For a list of available agent package file names, see SecureSphere Agent Package Installation File Names on page 8
Untar (uncompress) the agent package as follows: cd
unzip -c
.tar.gz | tar xvf
3.
Install the new SecureSphere Agent using the following upgrade parameters: ./install.sh
Note: If installing on SUSE or UEK for the first time you need to add the following to the above command -k kabi_
.txt For more information on using this command see the SecureSphere Guide.
6
SecureSphere Release Notes
SecureSphere Agents Version 11.0
To upgrade a Windows agent to v11.0: 1.
and unzip the new agent package file (.zip).
2.
Double-click the file named Imperva-ragent-Windows-
.msi, the agent is upgraded.
3.
Install the installation manager: Double-click the file named Imperva-ragentinstaller-Windows
.msi, the agent installation manager is installed. Note: this step is only relevant when installing with a management server version 10.5 or newer.
2.8
SecureSphere Agent Installation Files
2.8.1
Determining Which non-Windows SecureSphere Agent Package to Install Note: This section is not relevant to Windows SecureSphere Agents, because there is only one installation package for all ed versions of Windows.
To determine which non-Windows SecureSphere Agent package to and install, see Table . Alternatively, you can use the which_ragent_package_xxxx.sh script (where xxxx is the version number of the script) which you can from the Imperva FTP site at /s/SecureSphere_Agents/Misc/ The script should be run on the database server and takes a single parameter, the SecureSphere Agent version number you want to install. which_ragent_package_xxxx.sh Parameters Parameter
Description
-v
The SecureSphere Agent version number you want to install.
For example: [root@agents-system tmp]# ./which_ragent_package_[version].sh -v 11.0
This means that you want the script to return the name of the SecureSphere Agent version 11.0 package for the platform on which the script is run.
Note: For Big Data, use ./which_ragent_package_[version].sh -v 11.0.1
The script returns the OS, OS version, platform, kernel version and the name of the SecureSphere Agent package you should and install. For example:
SecureSphere Release Notes
7
2. Installing SecureSphere Agents
[root@agents-system tmp]# ./which_ragent_package_[version].sh -v 11.0 OS: RHEL Version: 5 Platform: x86_64 Kernel: SMP Latest ragent package: Imperva-ragent-RHEL-v5-kSMP-px86_64-b11.0.0.0224.tar.gz *** Please that you run the latest version of which_ragent_package available at https://ftp-us.imperva.com ***
Note: • Always the latest version of the which_ragent_package_xxxx.sh before using it, otherwise it may point you to an out-of-date SecureSphere Agent package. • Before ing the SecureSphere Agent package, that the script has correctly identified your OS, OS version, platform and kernel version.
2.8.2
SecureSphere Agent Package Installation File Names
Starting from version 9.5 there is only one Windows installation package. There is no separation to 32 and 64 bit SharePoint packages. •
Table 1 lists standard agents for Database, File and Directory Services Management
The SecureSphere Agent’s build number is embedded in the name of the installation file. Note: • The SecureSphere Agent for DB2 z/OS installation files and procedure are given in the SecureSphere istration Guide. • Other SecureSphere Agents are available in this release only for the OS Versions listed in the table below.
For minimum SecureSphere Agent disk space and memory requirements, see 2.6: Agent Installation Requirements, page 4-6. Once the SecureSphere Agent begins to monitor traffic, it requires additional memory and disk space, depending on the volume of monitored traffic. For additional information, see the “SecureSphere Agents” chapter in the SecureSphere Guide, under the Advanced Configuration section of the Settings tab.
2.8.3
Database, File and Directory Services Agents
The following table lists agent packages used for Database, File and Directory Service products.
8
SecureSphere Release Notes
SecureSphere Agents Version 11.0
2.8.3.1
Agent Packages Released with Patch 3 Table 1 SecureSphere Agents Installation File Names
OS / Version
Installation File Name
Note: Note: All platforms listed below additionally patches installed on the listed versions. Unix-based Agents AIX AIX 5.2 32-bit
Imperva-ragent-AIX-v52-ppowerpc32-b11.0.0.3008.tar.gz
AIX 5.2 64-bit
Imperva-ragent-AIX-v52-ppowerpc64-b11.0.0.3008.tar.gz
AIX 5.3 32-bit
Imperva-ragent-AIX-v53-ppowerpc32-b11.0.0.3008.tar.gz
AIX 5.3 64-bit
Imperva-ragent-AIX-v53-ppowerpc64-b11.0.0.3008.tar.gz
AIX 6.1 64-bit
Imperva-ragent-AIX-v61-ppowerpc64-b11.0.0.3008.tar.gz
AIX 7.1 64-bit
Imperva-ragent-AIX-v71-ppowerpc64-b11.0.0.3008.tar.gz
HP-UX HP-UX B11.11 PA-RISC
Imperva-ragent-HPUX-v11.11-phppa-b11.0.0.3007.tar.gz
HP-UX B11.23 Itanium
Imperva-ragent-HPUX-v11.23-pia64-b11.0.0.3007.tar.gz
HP-UX B11.23 PA-RISC
Imperva-ragent-HPUX-v11.23-phppa-b11.0.0.3007.tar.gz
HP-UX B11.31 Itanium
Imperva-ragent-HPUX-v11.31-pia64-b11.0.0.3007.tar.gz
HP-UX B11.31 PA-RISC
Imperva-ragent-HPUX-v11.31-phppa-b11.0.0.3007.tar.gz
OEL Note: For OEL UEK SecureSphere Agents, both the installation file listed here and the kabi_
.txt file. See Special Considerations for SUSE and OEL UEK Platforms on page 5 for more information. OEL 5 UEK 1 64-bit (2.6.32-100.26.2)
Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-300.7.1 to 2.6.32-300.39.2)
Imperva-ragent-OEL-v5-kUEK-v1-ik2-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.21.1)
Imperva-ragent-OEL-v5-kUEK-v1-ik3-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.23 to the latest version of 2.6.32-400 UEK kernel series ed by Oracle)
Imperva-ragent-OEL-v5-kUEK-v1-ik4-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 2 64-bit (2.6.39-400.17.1 to the latest version of 2.6.39-400 UEK kernel series ed by Oracle)
Imperva-ragent-OEL-v5-kUEK-v2-px86_64-b11.0.0.3007.tar.gz
OEL 6 UEK 2 64-bit (2.6.32-400.23 to the latest version of 2.6.39-400 UEK kernel series ed by Oracle)
Imperva-ragent-OEL-v6-kUEK-v2-px86_64-b11.0.0.3007.tar.gz
OEL 6 UEK 3 64-bit (3.8.13-16 to the latest version of 3.8.13 UEK Kernel series ed by Oracle)
Imperva-ragent-OEL-v6-kUEK-v3-px86_64-b11.0.0.3007.tar.gz
SecureSphere Release Notes
9
2. Installing SecureSphere Agents
Table 1 SecureSphere Agents Installation File Names (continued) OS / Version
Installation File Name
Red Hat RHEL 3 32-bit hugemem
Imperva-ragent-RHEL-v3-kHUGEMEM-pi386-b11.0.0.3007.tar.gz
RHEL 3 32-bit SMP
Imperva-ragent-RHEL-v3-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 3 32-bit
Imperva-ragent-RHEL-v3-pi386-b11.0.0.3007.tar.gz
RHEL 3 64-bit SMP
Imperva-ragent-RHEL-v3-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 4 32-bit hugemem
Imperva-ragent-RHEL-v4-kHUGEMEM-pi386-b11.0.0.3007.tar.gz
RHEL 4 32-bit SMP
Imperva-ragent-RHEL-v4-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 4 64-bit large SMP
Imperva-ragent-RHEL-v4-kLARGESMP-px86_64-b11.0.0.3007.tar.gz
RHEL 4 64-bit SMP
Imperva-ragent-RHEL-v4-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 5 32-bit PAE
Imperva-ragent-RHEL-v5-kPAE-pi386-b11.0.0.3007.tar.gz
RHEL 5 32-bit SMP
Imperva-ragent-RHEL-v5-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 5 64-bit SMP
Imperva-ragent-RHEL-v5-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 5 64-bit XEN
Imperva-ragent-RHEL-v5-kXEN-px86_64-b11.0.0.3007.tar.gz
RHEL 6 (update 5 and newer) 32-bit SMP
Imperva-ragent-RHEL-v6K1-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 6 (update 5 and newer) 64-bit SMP
Imperva-ragent-RHEL-v6K1-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 6 32-bit SMP
Imperva-ragent-RHEL-v6-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 6 64-bit SMP
Imperva-ragent-RHEL-v6-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 7 64-bit SMP
Imperva-ragent-RHEL-v7-kSMP-px86_64-b11.0.0.3007.tar.gz
Solaris Sun 5.8 SPARC
Imperva-ragent-SunOS-v5.8-psparcv9-b11.0.0.3008.tar.gz
Sun 5.9 SPARC
Imperva-ragent-SunOS-v5.9-psparcv9-b11.0.0.3008.tar.gz
Sun 5.10 SPARC
Imperva-ragent-SunOS-v5.10-psparcv9-b11.0.0.3008.tar.gz
Sun 5.10 x86 64-bit
Imperva-ragent-SunOS-v5.10-px86_64-b11.0.0.3008.tar.gz
Sun 5.11 SPARC
Imperva-ragent-SunOS-v5.11-psparcv9-b11.0.0.3008.tar.gz
Sun 5.11 x86 64-bit
Imperva-ragent-SunOS-v5.11-px86_64-b11.0.0.3008.tar.gz
SUSE Note: For SUSE SecureSphere Agents, both the installation file listed here and the kabi_
.txt file. See Special Considerations for SUSE and OEL UEK Platforms on page 5 for more information.
10
SUSE 9 32-bit SP3
Imperva-ragent-SLE-v9SP3-kSMP-pi386-b11.0.0.3007.tar.gz
SUSE 9 64-bit SP3
Imperva-ragent-SLE-v9SP3-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 9 64-bit SP4
Imperva-ragent-SLE-v9SP4-kSMP-px86_64-b11.0.0.3007.tar.gz
SecureSphere Release Notes
SecureSphere Agents Version 11.0
Table 1 SecureSphere Agents Installation File Names (continued) OS / Version
Installation File Name
SUSE 10 64 bit SP0
Imperva-ragent-SLE-v10SP0-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP1
Imperva-ragent-SLE-v10SP1-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP2
Imperva-ragent-SLE-v10SP2-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP3
Imperva-ragent-SLE-v10SP3-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP4
Imperva-ragent-SLE-v10SP4-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 11 32 bit SP0
Imperva-ragent-SLE-v11SP0-kPAE-pi386-b11.0.0.3007.tar.gz
SUSE 11 64 bit SP1
Imperva-ragent-SLE-v11SP1-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64 bit SP2
Imperva-ragent-SLE-v11SP2-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64 bit SP3
Imperva-ragent-SLE-v11SP3-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64bit SP3 for Teradata (2.6.16.60-0.91.TDC.1.R.2 to 2.6.16.60-0.131.TDC.2.R.0)
Imperva-ragent-TD-SLE-v10SP3-kTD-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64bit SP1 for Teradata (2.6.32.54-0.23.TDC.1.R.2)
Imperva-ragent-TD-SLE-v11SP1-kTD-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64bit SP1 for Teradata (2.6.32.54-0.35.TDC.1.R.1 to 2.6.32.54-0.76.TDC.1.R.0)
Imperva-ragent-TD-SLE-v11SP1-kTD-ik2-px86_64-b11.0.0.3007.tar.gz
Windows-based Agents Note: For detailed information see ed Windows Platforms below. This version s: 32-bit and 64bit Windows
2.9
Imperva-ragent-Windows-b11.0.0.3009.zip
ed Windows Platforms This section lists for the SecureSphere agent on Microsoft Windows. For information regarding ed Windows platforms for specific SecureSphere products, please see that specific product’s Guide. The SecureSphere agent is ed on the following Windows Platforms: •
Windows 2000 SP4 32bit
•
Windows 2003-32bit
•
Windows 2003-R2-32bit
•
Windows 2003-64bit
•
Windows 2003-R2-64bit
•
Windows 2008-32bit
•
Windows 2008-64bit
•
Windows 2008-R2-64bit
•
Windows 2012
SecureSphere Release Notes
11
2. Installing SecureSphere Agents
•
2.10
Windows 2012-R2
After Installing the SecureSphere Agent
2.10.1 DB2 - AIX Post Installation Information If you are connecting to DB2 locally over shared memory, then you must restart all DB2 database instances after the first time you start the SecureSphere Agent. There is no need to reboot the machine.
2.10.2 AIX Post Installation Information If you have installed the SecureSphere Agent on a machine on which no SecureSphere Agent was previously installed, or if a version 8.5 or lower SecureSphere Agent was installed, then: •
If you want to monitor local DB2 shared memory traffic, you must restart all DB2 database instances after the first time you start the SecureSphere Agent.
•
If you want to enable the source IP address feature, you must restart the servers (SSH, Telnet, R) after the first time you start the SecureSphere Agent.
There is no need to reboot the machine.
2.10.3 Locally Caching Monitored Traffic When the SecureSphere Agent is unable to send database traffic to the Gateway (for example, if the communication link to the Gateway is down) it stores the data to disk until such time as the data can be sent to the Gateway. Parameters controlling the location and size of these disk files can be configured in the Advanced Configuration section of the SecureSphere Agent’s Settings tab. For more information, see the SecureSphere Guide.
2.10.4 FAM Source IP Address Feature The source IP address feature for FAM is ed by SecureSphere Gateways beginning with version 9.5, and implemented for Windows 2008, 2008 R2, 2012 and 2012 R2 servers. Agent for this feature with starts from v10.0 Patch 2, v10.5 Patch 1, and v11.0. Note: When working with these operating system where SMB g is enforced, the Source IP feature is not ed for traffic monitored by SecureSphere agents.
12
SecureSphere Release Notes
SecureSphere Agents Version 11.0
3.
Open Issues Table 2 Release 11.0 Issues ID
Agent Environment
1
AGNT-6537
AIX
On T external with PCAP, when all channels are removed from a specific interface, the agent process is restarted.
2
AGNT-7042
AIX
In AIX when there are problems writing to the disk (for example full disk) the agent processes (ragent/ctrl/wd) may crash occasionally. See IBM issue APAR IV74663.
3
AGNT-7597
AIX
On some occassions, AIX failed to configure libpcap. A system event is not sent in this scenario.
Description
4
AGNT-7598
AIX
When the number of monitoring external interfaces using the pcap mode exceeds the number of available BPF filters on an AIX platform, no system event is shown. External interfaces with no available BPF filters are not monitored
5
AGNT-7312
Active Directory
Logon attempts over LDAP may fail with wrong error code when the needs to set new on next logon attempt.
6
AGNT-7057
All OS Platforms
On rare occasions when a local connection to a database is open for a very long period, and there is large number of connections being opened and closed, the "" in audit data may appear as "connected ."
7
AGNT-7605
All OS platforms
When server where the Agent is installed is completely out of disk space, the Agent may stop working properly and requires a restart.
8
AGNT-7232
DB2
When monitoring DB2 Shared memory connections, the response size in audit appears as 0.
9
AGNT-7660
Linux
For all Linux OSs (excluding: RHEL5, RHEL6K1, RHEL7, UEK4, UEK6, UEK7) the Imperva agent cannot coexist with the Vormetric Agents.
10
AGNT-7586
Linux, SUSE
Upgrade from Big Data Agent to a standard DB Agent in the case where the Big Data Agent has been ed to a Gateway is not ed. Workaround - Uninstall the Big Data Agent, and install the DB Agent.
11
AGNT-7654
Linux, Unix
When using LDAP authentication on a 64bit machine without the 32bit LDAP libraries installed, the s in OS chain are displayed as GUID instead of names.
12
AGNT-7636
RHEL, MySQL
When working in EIK on Rhel 3 64 bit SMP with MySQL DB, agent monitoring rules and blocking do not always work.
13
AGNT-5730
SharePoint
Revoke permissions for an attachment under a list item is not ed.
14
AGNT-6280
SharePoint
Web applications running with trust level lower than "Full trust" requires granting full trust for ManagedEnrichmentCLRx64.dll in order to be able to use security policies with "Block" action.
15
AGNT-6330
SharePoint
A SharePoint security policy configured to block upon file object modification also blocks list objects.
16
AGNT-6933
Unix, MySQL
When working in EIK mode and monitoring external MySQL traffic, the name is not shown correctly in audit data.
SecureSphere Release Notes
13
3. Open Issues
Table 2 Release 11.0 Issues ID
Agent Environment
17
AGNT-7439
SharePoint
18
AGNT-7571
Windows, SharePoint
19
AGNT-7657
SUSE, Teradata
Teradata: Blocking is not ed in inline mode for local T connections.
20
AGNT-7638
Teradata
On some occasions, agent may lock up issues when experiencing a high rate external traffic in Teradata systems due to Teradata enforcing stricter rules for kernel behavior.
21
AGNT-7645
UEK
In UEK7, text poke feature cannot be disabled.
22
AGNT-6398
Windows
After blocking in sniffing mode for local T connections, it takes about a minute for the client to close the local T session.
23
AGNT-6505
Windows
In order for an MSSQL NP interface to be monitored, the MSSQL service needs write privileges to the agents folders.
24
AGNT-6754
Windows
Following an upgrade of the agent (with no reboot to MSSQL), under a high volume of Named Pipe traffic, MSSQL exception could be generated. No effect on the client communication was observed.
25
AGNT-7084
Windows
Upgrading the Windows Agent to the same Agent version will fail.
26
AGNT-7189
Windows 2003
When using Windows 2003 and below EIK when at least one of the channels is not MSSQL, a system event is sent to the Management Server stating traffic to the non-MSSQL channel will be monitored in sniffing.
27
AGNT-7204
Windows 2003
MSSQL local does not PID related exclusions.
28
AGNT-7217
Windows 2003
In some cases, Windows Itanium displays hashed s.
29
AGNT-7235
Windows 2003
In rare case, when stopping an agent with local inline connections, connections become blocked.
30
AGNT-6189
Windows 2008
Windows 2008: When upgrading from agent versions earlier than 11.0, server might cause lower agent performance. Workaround: Reboot the database server after upgrade.
31
AGNT-7109
Windows
When working in PCAP mode, if WINPCAP is not installed and the T external data interface exists, then the T loopback data interface might not be monitored.
32
AGNT-5678
Windows, DB2
Windows, DB2: Shared memory connections, blocking mode is not ed.
33
AGNT-7632
Windows
Event Capture Time field of PCAP traffic might be wrong.
34
AGNT-4148
Solaris
The Solaris Agent is not able to monitor the IXGBE T data channel out of the box. Workaround: run the following command: ln -s /devices/pseudo/ clone@0:ixgbe /dev/ixgbe.
14
Description After installing the SecureSphere Agent in a SharePoint 2013 environment with .NET 4.5 is installed, audit data is not available. Workaround: Please . SharePoint audit collection will always be taken with the Farm .
SecureSphere Release Notes
SecureSphere Agents Version 11.0
4.
Patch Change Logs This section includes information regarding bugs that were resolved in patches Please note the following: •
Release numbers are not necessarily sequential
•
"All Platforms" means Windows and all Unix-like platforms (Linux, Solaris, HPUX, AIX, SUSE etc.)
4.1
Patch Bug Fixes
4.1.1
SecureSphere Agent Release 11.0 Patch 3 Update 1 - Released on: 2015-10-18
AGNT-6043 AIX: When using AIX v5.2, system U capping generated false alarms. AGNT-6743 AIX: Load script was not ed on SunOS and AIX. AGNT-7588 AIX: When using AIX v5.2, system U capping generated false alarms. AGNT-7449 AIX, Oracle: Memory leak occasionally occurred in kernel when connecting to the database with T local. AGNT-6529 AIX, Sybase: In EIK mode in AIX 5.2, Sybase traffic was not monitored on T External connections. AGNT-6837 All OS Platforms: Agent space could have crashed when trying to use the system capping feature. AGNT-7110 All OS Platforms: No clear indication was given when disk space was approaching full. AGNT-7229 All OS Platforms: In rare cases, agent watchdog would crash on agent service stop. AGNT-7396 All OS Platforms: On rare occasions, the SecureSphere Agent failed to to Gateways. AGNT-6407 HPUX: Agent crashed due to accessing invalid memory. May have happened in loaded system. AGNT-7366 HPUX: Agent unnecessarily wrote to the system log on shutdown. AGNT-6848 Linux: Upgrade from a big data agent to DAM/FAM agent was permitted. This is no longer ed and if a big data agent is already installed it cannot be upgraded to a DAM/FAM agent. AGNT-6951 Linux: Several SecureSphere files remained after uninstalling the SecureSphere Agent. AGNT-7308 Linux: PCL: In RHEL5, RHEL6K1, UEK4, UEK6, UEK7 - The Imperva agent could not have coexisted with the Vormetric Agents. AGNT-7497 Linux: If the folder "/lib/modules/`uname -r`/kernel/drivers/misc" was not available, there was a problem starting the Remote Agent service. AGNT-7570 Linux, HPUX, Solaris: A rare occurrence in all NIX environments (not including AIX). When using a high frequency short connection monitored by an Agent, this may have caused a re-use of PID processes, resulting in a server crash. AGNT-6772 Linux, Oracle: On 11.0.0.1xxx, with Oracle ASO enabled and when a non-default 'shared' folder was specified, some Oracle sessions crashed. AGNT-6798 Linux, Unix, AIX, HPUX: Uninstalling an agent in v11.0 patch 1 displayed the requested message after agent was removed. AGNT-7347 MS SQL: Hashed s were encountered on MSSQL due to AES256\128 fetching the wrong domain name. AGNT-7161 RHEL: RHEL kernel version 3.10.0-123 was not ed. AGNT-6721 RHEL, Oracle: When using Oracle encryption (ASO), a large amount of concurrent s impacted performance. AGNT-6866 RHEL, UEK: When the SecureSphere Agent was loaded following the loading of another agent that monitored the execve system call, the other agent may have no longer monitored this system call. AGNT-7546 RHEL, UEK, Oracle: Taking GTI with ASO enabled might have frozen up and not completed successfully. AGNT-7177 SharePoint: Obtaining agent log did not retrieve additional logs related to the agent's SharePoint audit solution.
SecureSphere Release Notes
15
4. Patch Change Logs
AGNT-7200 SharePoint: When a SharePoint site collection was created without using full flags for audit collection, the agent could have potentially run with errors for a short period. AGNT-5823 Solaris: On Solaris servers with high traffic load and large number of U cores, the agent caused a high system-U usage. AGNT-6637 Solaris: On some Solaris kernels (not common versions), after agent installation, the agent moved to running with errors state with message “Couldn't initialize T local traffic monitor.” AGNT-7531 Solaris: SecureSphere Agent did not monitor traffic after installing latest Solaris 11 patch. Only external traffic was monitored when using pcap (not EIK). AGNT-6566 Teradata: When enabling EIK in the agent's Advanced Configuration, the '' column in the SecureSphere GUI for external did not show any data. AGNT-7562 Teradata: On some occasions, agent locked up issues when experiencing a high rate external traffic in Teradata systems due to Teradata enforcing stricter rules for kernel behavior. AGNT-7353 UEK: In OEL v-6 kUEK-v3, the Agent could not be installed or could not start if glibc.i686 libraries rpm was not installed on the system. AGNT-7354 Unix: Agent did not monitor Oracle External traffic while in EIK when Oracle listener was configured to listen on all IP addresses and IPV6 is on one of the NIC's. AGNT-6847 Windows: PCAP mode started after disabling EIK without restarting the agent, resulting in values being repeated in audit. AGNT-6939 Windows: Agent discovery did not managed service s (MSA) and virtual s, which were new features available with Windows 7 and Windows Server 2008 R2. AGNT-6946 Windows: MSSQL IPC channels were not being monitored when used in Windows 2000. AGNT-7370 Windows: There was no event messages (Windows eventlog) for the Kragent driver. AGNT-7463 Windows: There was no logging the status of process termination in Windows, for example it was not clear whether a process terminated gracefully or exited with an error. AGNT-7573 Windows: Debug log messages and debug GTI print dump_pids with Unicode strings caused system crash. AGNT-7600 Windows: Server crash occurred when monitoring Oracle on a Windows machine using an Agent. AGNT-6874 Windows 2008: On T Local and T External channels with EIK configured, if a Monitoring Rule was defined and traffic was excluded, some connections were not monitored. AGNT-7099 Windows 2008: Fictitious IPs were not being displayed in Windows 2008 and above when T local traffic was being monitored. AGNT-7391 Windows 2008: Server crashed when using agent on Windows 2008. AGNT-6763 Windows, CIFS: The "Exclude System Folders (Windows Only)" checkbox in the agent settings screen was not working. AGNT-7261 Windows, CIFS: Selecting the source of traffic activity to monitor (local only or both local and external) during registration only affected database monitoring. AGNT-4103 Windows, MS SQL: Inline mode for MSSQL 2012 IPC (named pipes) was added. AGNT-7081 Windows, MS SQL: Agent potentially could have crashed when running traffic over named pipe (to MsSQL) while the RemoteAgent was shutting down. AGNT-7473 Windows, SharePoint: A new advanced configuration was added to the agent "sp-sites-errorthreshold", you can set it to determine how many "faulty" site-collections the agent accepts before it changes status to "Running with errors" AGNT-7548 Windows, Windows 2003, Windows 2008, MS SQL: In some cases the agent failed to extract the default MSSQL certificate, causing "Hashed " to appear in the audit. Relevant only for "SQL Server Authentication". AGNT-6792 When there were no write permissions to Solaris TMPDIR (if exists) or /var/tmp, the Agent Installation Manager could not be installed.
4.1.2
SecureSphere Agent Release 11.0 Patch 2 Update 1 - Released on: 2015-4-19
SPHR-52922 DB: Big Data - Injecting MongoDB with relative addresses resulted in errors in agent log stating "Failed to find dlopen. aborting injection!" while no events regarding MongoDB activity were created.
16
SecureSphere Release Notes
SecureSphere Agents Version 11.0
4.1.3
SecureSphere Agent Release 11.0 Patch 2 - Released on: 2015-3-24
AGNT-6731: Windows: Added agent for AES128 & AES256 key discovery. AGNT-6002: Windows: Certificate discovery didn't discover "all purpose" certificates. AGNT-6940: Windows, SharePoint: SecureSphere Agent for SharePoint could have crashed when there was an error while collecting audit data. AGNT-6898: Windows: When AES discovery was enabled, an istrative running the service caused errors which flooded the ctrl log. AGNT-6824: Oracle: Enabling ASO on uned platforms could have resulted in a server crash.
4.1.4
SecureSphere Agent Release 11.0 Patch 1 Update 1 - Released on: 2015-4-30
AGNT-7322 Solaris: Could not start the database Oracle 12.1 when the SecureSphere Agent was running on Solaris 11 operating systems.
4.1.5
SecureSphere Agent Release 11.0 Patch 1 - Released on: 2014-12-31
AGNT-6166 AIX: Agent running on AIX versions 6.1 TL9SP3 and 7.1TL3SP3 or newer would cause the machine to freeze up. AGNT-6349 AIX: When using an Agent Monitoring Rule with ""Agent Criteria - Process Details"" which contained the ""Arguments"" parameter, the rule didn't function correctly and did not exclude traffic monitoring. AGNT-4815 All OS Platforms: On rare occasions, the agent may crash upon initialization. AGNT-6294 All OS Platforms: Full disk caused agent get tech info requests to hang, though resulting error message wasn't clear. AGNT-6298 All OS Platforms: Full disk caused confusing error message from agent. AGNT-6338 All OS Platforms: When an IP address of 0.0.0.0 was configured for a Data Interface, configuration failed. AGNT-6370 All OS Platforms: On a database server with a large number of external t channels using pcap, the white list was not applied. AGNT-6374 All OS Platforms: ragent process crashed on shutdown. AGNT-6462 All OS Platforms: High U was encountered when the agent was running. AGNT-6518 All OS Platforms: Kernel U usage limit was not optimally being utilized and didn't take into consideration the amount of cores in the machine. AGNT-6220 HPUX, Solaris: Agent was stopped after "unmount" of the file system. AGNT-6451 Unix: Server crashed when fetching get tech info from agent. AGNT-6577 RHEL: Agent crashed Linux Operating System when it tried to remove a directory under a readonly share. AGNT-6165 Solaris: Agent processes stopped responding on some machines due to library mismatch. AGNT-6485 Solaris: Agent installation on Solaris 11 SP1 with branch smaller than 0.175.1.15.0.4.0 is not ed. The error message had a spelling error. AGNT-5959 SUSE, UEK, Teradata: Agent installation would occasionally fail when a new line characters were modified by the , but no matching kernel error was available. For example, when a file is ed via Windows FTP client as a text file. AGNT-6097 SUSE, UEK, Teradata: Kabis synced from internal SecureSphere infrastructure replaced customer's existing kabi file even if customer had newer kabi file. AGNT-6521 Unix: In some cases, such as with high U, large number of processes, high network latency or slow disk access, get-tech-info didn't work. AGNT-6160 Unix, Sybase: Sybase discovery didn't always work. AGNT-4594 Windows: On rare occasions, the agent may crash as the result of a bad configuration or shutdown. AGNT-6334 Windows: Process name and name exclusion processing time was improved in driver. AGNT-6585 Windows: MSSQL crash could have occurred while monitoring and filtering a high volume of MSSQL "name pipe" traffic.
SecureSphere Release Notes
17
4. Patch Change Logs
AGNT-6538 Windows, CIFS: Enabling FAM monitoring on Windows platform may result in high U if configuration fails. AGNT-6586 Windows: Filtering a large number of MSSQL "named pipe" connections over a long period, might have caused the agent to start generating T gaps on "named pipe" connections, causing audit loss. AGNT-6588 Windows: Filtering a high volume of MSSQL ""named pipe"" connections, might cause ""named pipe"" module to perform excessive log writing. AGNT-6610 Windows: Agent restart during high rate of incoming ""filter connection"" requests from gateway, might have caused the agent to stop monitoring MSSQL named pipe connections. AGNT-6664 Windows: Hashed s appeared in audit data as the result of Kerberos key for network services not being correctly calculated (with RC4 encryption), AGNT-6753 Windows: When in inline mode, Windows agent would occasionally freeze up. AGNT-6760 Windows: When working with Windows 2008/2012 Inline, the host operating system may freeze up or crash when stopping the agent or local monitored process. AGNT-6786 Windows: In rare cases, Windows machines might crash when configuring an "Agent Monitoring Rule" using the "Agent Criteria - Process Details" criteria. AGNT-5856 Windows, CIFS: Unicode names appeared as question marks in audit data. AGNT-6357 Windows, CIFS: RemoteAgent process could have crashed if driver could not be started. AGNT-6517 Windows, CIFS: Non-English name exclusions were not ed. This functionality was added. AGNT-6543 Windows, CIFS: Client that used SMB1 and tried to connect to invalid share could have resulted in a crash. AGNT-6006 Windows, SharePoint: When a server restarted the agent before all other services in the server were initialized, it occasionally failed to deploy the web-service.
18
SecureSphere Release Notes
COPYRIGHT NOTICE © 2016 Imperva, Inc. All Rights Reserved. Follow this link to see the SecureSphere copyright notices and certain open source license : https://www.imperva.com/sign_in.asp?retURL=/articles/Reference/SecureSphere-License-and-Copyright-Information This document is for informational purposes only. Imperva, Inc. makes no warranties, expressed or implied. No part of this document may be used, disclosed, reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Imperva, Inc. To obtain this permission, write to the attention of the Imperva Legal Department at: 3400 Bridge Parkway, Suite 200, Redwood Shores, CA 94065. Information in this document is subject to change without notice and does not represent a commitment on the part of Imperva, Inc. The software described in this document is furnished under a license agreement. The software may be used only in accordance with the of this agreement. This document contains proprietary and confidential information of Imperva, Inc. This document is solely for the use of authorized Imperva customers. The information furnished in this document is believed to be accurate and reliable. However, no responsibility is assumed by Imperva, Inc. for the use of this material.
TRADEMARK ATTRIBUTIONS Imperva and SecureSphere are trademarks of Imperva, Inc.
All other brand and product names are trademarks or ed trademarks of their respective owners.
PATENT INFORMATION The software described by this document is covered by one or more of the following patents: US Patent Nos. 7,640,235, 7,743,420, 7,752,662, 8,024,804, 8,051,484, 8,056,141, 8,135,948, 8,181,246, 8,392,963, 8,448,233, 8,453,255, 8,713,682, 8,752,208, 8,869,279 and 8,904,558, 8,973,142, 8,984,630, 8,997,232, 9,009,832, 9,027,136, 9,027,137, 9,128,941, 9,148,440 and 9,148,446.
Imperva Information US Headquarters Imperva Inc. 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 USA Tel: (650) 345 9000 Fax: (650) 345 9004 Imperva-SecureSphere-v11.0-Agent-Release-Notes-Patch-3-v4
Email: [email protected] Website: www.imperva.com
SecureSphere Agents Version 11.0
1.
Release Highlights 1.1
Windows 2008 and 2012 Inline Monitoring and Blocking SecureSphere Agents for Database on Windows now s inline monitoring and blocking on Windows 2008 and 2012 servers on the following Channels: T Local and T Remote. In order to enable this feature, that EIK is enabled.
1.2
Patch 1 Additions
1.2.1
Oracle Network Data Encryption (NDE, also known as Oracle ASO)
SecureSphere Agents for Database now s Oracle Network Data Encryption for Oracle 11.2 on RHEL 5 and 6. ed interfaces include External/Local T and BEQ. This feature is disabled by default. for instructions on enabling it.
1.2.2
SUSE SLES 10 SP3 Teradata Distribution
SecureSphere Agents for Database now s SUSE Enterprise Linux (SLES 10 SP3) with kernel 2.6.16.600.91.TDC.1.R.2 to 2.6.16.60-0.131.TDC.2.R.0, designed for Teradata deployments
1.2.3
SUSE SLES 11 SP1 Teradata Distribution
SecureSphere Agents for Database now s SUSE Enterprise Linux (SLES 11 SP1) with kernel 2.6.32.540.35.TDC.1.R.1 to 2.6.32.54-0.53.TDC.1.R.0, designed for Teradata deployments.
1.2.4
RHEL 6 Single Package
SecureSphere Software Updates now provides a single package for both K0 and K1 RHEL 6 agents, then automatically decides which to load. This eliminates the need to replace the agent package when upgrading the RHEL 6 kernel.
1.2.5
Red Hat Enterprise Linux 7
SecureSphere Agents for Database now Red Hat Enterprise Linux (RHEL) 7.
1.3
Patch 2 Additions
1.3.1
Windows 2003 Inline Monitoring and Blocking for MSSQL Databases
SecureSphere Agents for Database on Windows now inline monitoring and blocking on Windows 2003 servers for MSSQL databases on the following Channels: T Local and T Remote. In order to enable this feature, that EIK is enabled.
1.3.2
2014 IPC Data Interface
SecureSphere Agents for Database on Windows now a -defined MSSQL 2014 IPC data interface type (named pipes).
1.4
Patch 3 Additions
1.4.1
SLES 11 SP1 Teradata Distribution
SecureSphere Agents for Database now SUSE Enterprise Linux (SLES 11 SP1) with kernel 2.6.32.540.35.TDC.1.R.1 to 2.6.32.54-0.59.TDC.1.R.0, designed for Teradata deployments.
SecureSphere Release Notes
3
1. Release Highlights
1.4.2
Oracle Network Data Encryption (NDE, also known as Oracle ASO)
In addition to the ed platforms noted in section 1.2.1 above, SecureSphere Agents for Database now Oracle Network Data Encryption for Oracle 11.2 on RHEL 7, OEL 5 UEK 1 64-bit, OEL 5 UEK 2 64-bit, OEL 6 UEK 2 64-bit and OEL 6 UEK 3 64-bit. This feature is disabled by default. for instructions on enabling it.
4
SecureSphere Release Notes
SecureSphere Agents Version 11.0
2.
Installing SecureSphere Agents 2.1
Installing and Upgrading SecureSphere Agents Before ing the SecureSphere Agent installation file(s), please read carefully the “Installing SecureSphere Agents” chapter in the SecureSphere istration Guide.
Note: In Unix and Unix-like systems, the bash shell must be available before installing the SecureSphere Agent.
2.2
Required Permissions for Agent Installation/Configuration To install and configure agents, you require privileges. To run with privileges: In Windows: Open the Windows Start Menu, search for ‘cmd,’ then right-click cmd.exe and select “Run as .” In command window, navigate to location of installation package and run as required. In Unix/Linux: Run as root (uid=0)
2.3
SecureSphere Agent Package Starting from SecureSphere v10.5, SecureSphere s ing and deploying agents from the Software Updates screen in the SecureSphere GUI. To use this functionality, you need to be working with a management server v10.5 or newer. The agent is provided as a compressed file (.tar.gz for Unix, .zip for Windows), which includes a number of other files. Notes:
•
•
When ing and installing agents for use with a Management Server v10.5 and later, the additional files are used as part of the installation. Installation is conducted as described in the v10.5 istration guide. When ing and installing agents for use with a Management Server earlier than v10.5, the additional files should be ignored, and installation is conducted as described in that version's istration Guide.
The content of the compressed file include:
2.4
•
An installation file for the SecureSphere Agent. This file is a .bsx for Unix or .msi for Windows and its name contains the string ragent.
•
An installation file for the SecureSphere Agent Installation Manager. This file is a .bsx for Unix or .msi for Windows and its name contains the string ragentinstaller.
•
An installation batch file (install.sh). This file is only part of the Unix installation package. It is not included with the Windows installation package.
•
A ree file.
•
A file with the suffix "metadata" which is used by the agent installation manager.
SharePoint, File and DSM When installing a SecureSphere Agent for SharePoint, File and Directory Services Monitoring (DSM), you must ensure that the MX and the Gateway versions are 9.5 or later for SharePoint, 10.0 or later for DSM.
SecureSphere Release Notes
5
2. Installing SecureSphere Agents
2.5
Special Considerations for SUSE and OEL UEK Platforms SUSE maintains several versions of their OS, and service packs for each version. In addition, SUSE periodically releases updates to service packs, which sometimes include updated versions of the kernel. As such, there are a number of items that should be taken into and understood before installing SUSE and OEL UEK agents. For more information, see topics in the SecureSphere Agent Installation chapter of the SecureSphere istration Guide that discuss special considerations for SUSE platforms.
2.6
Agent Installation Requirements
2.6.1
Agent Memory Requirements
The SecureSphere Agent requires memory for operation based on different factors. The following lists the amount of memory that is required for operation : •
Space: 100-150 MB
•
Kernel Space: •
1-32 cores: 300 MB
•
32-128 cores: 500 MB
•
>128 cores: 2 GB
2.6.2
Agent Disk Space Requirements
The SecureSphere Agent uses up to 500 MB of disk space for its normal operation, logging, storing configuration, and more. In addition, to ensure audit information is preserved in the event of network problems, SecureSphere reserves 8 GB of disk space by default. You can change the amount of disk space being reserved, as well as the location where this information is saved. For information on how to change this value, see the article Agents - Modifying the PCAP quota created on the Database in the Imperva Customer Portal.
2.7
Upgrading SecureSphere Agents Beginning with version 10.0 SecureSphere Agents, to upgrade, you simply install the new SecureSphere Agent. It is no longer necessary to uninstall previous versions. This includes when upgrading the same version to a newer patch. •
In both Windows and Unix, there is no need to re- an upgraded SecureSphere Agent.
To upgrade a Unix Agent to v11.0: 1.
2.
the new agent package. •
To determine what installation package you need to , see Determining Which non-Windows SecureSphere Agent Package to Install on page 7
•
For a list of available agent package file names, see SecureSphere Agent Package Installation File Names on page 8
Untar (uncompress) the agent package as follows: cd
3.
Install the new SecureSphere Agent using the following upgrade parameters: ./install.sh
Note: If installing on SUSE or UEK for the first time you need to add the following to the above command -k kabi_
6
SecureSphere Release Notes
SecureSphere Agents Version 11.0
To upgrade a Windows agent to v11.0: 1.
and unzip the new agent package file (.zip).
2.
Double-click the file named Imperva-ragent-Windows-
3.
Install the installation manager: Double-click the file named Imperva-ragentinstaller-Windows
2.8
SecureSphere Agent Installation Files
2.8.1
Determining Which non-Windows SecureSphere Agent Package to Install Note: This section is not relevant to Windows SecureSphere Agents, because there is only one installation package for all ed versions of Windows.
To determine which non-Windows SecureSphere Agent package to and install, see Table . Alternatively, you can use the which_ragent_package_xxxx.sh script (where xxxx is the version number of the script) which you can from the Imperva FTP site at /s/SecureSphere_Agents/Misc/ The script should be run on the database server and takes a single parameter, the SecureSphere Agent version number you want to install. which_ragent_package_xxxx.sh Parameters Parameter
Description
-v
The SecureSphere Agent version number you want to install.
For example: [root@agents-system tmp]# ./which_ragent_package_[version].sh -v 11.0
This means that you want the script to return the name of the SecureSphere Agent version 11.0 package for the platform on which the script is run.
Note: For Big Data, use ./which_ragent_package_[version].sh -v 11.0.1
The script returns the OS, OS version, platform, kernel version and the name of the SecureSphere Agent package you should and install. For example:
SecureSphere Release Notes
7
2. Installing SecureSphere Agents
[root@agents-system tmp]# ./which_ragent_package_[version].sh -v 11.0 OS: RHEL Version: 5 Platform: x86_64 Kernel: SMP Latest ragent package: Imperva-ragent-RHEL-v5-kSMP-px86_64-b11.0.0.0224.tar.gz *** Please that you run the latest version of which_ragent_package available at https://ftp-us.imperva.com ***
Note: • Always the latest version of the which_ragent_package_xxxx.sh before using it, otherwise it may point you to an out-of-date SecureSphere Agent package. • Before ing the SecureSphere Agent package, that the script has correctly identified your OS, OS version, platform and kernel version.
2.8.2
SecureSphere Agent Package Installation File Names
Starting from version 9.5 there is only one Windows installation package. There is no separation to 32 and 64 bit SharePoint packages. •
Table 1 lists standard agents for Database, File and Directory Services Management
The SecureSphere Agent’s build number is embedded in the name of the installation file. Note: • The SecureSphere Agent for DB2 z/OS installation files and procedure are given in the SecureSphere istration Guide. • Other SecureSphere Agents are available in this release only for the OS Versions listed in the table below.
For minimum SecureSphere Agent disk space and memory requirements, see 2.6: Agent Installation Requirements, page 4-6. Once the SecureSphere Agent begins to monitor traffic, it requires additional memory and disk space, depending on the volume of monitored traffic. For additional information, see the “SecureSphere Agents” chapter in the SecureSphere Guide, under the Advanced Configuration section of the Settings tab.
2.8.3
Database, File and Directory Services Agents
The following table lists agent packages used for Database, File and Directory Service products.
8
SecureSphere Release Notes
SecureSphere Agents Version 11.0
2.8.3.1
Agent Packages Released with Patch 3 Table 1 SecureSphere Agents Installation File Names
OS / Version
Installation File Name
Note: Note: All platforms listed below additionally patches installed on the listed versions. Unix-based Agents AIX AIX 5.2 32-bit
Imperva-ragent-AIX-v52-ppowerpc32-b11.0.0.3008.tar.gz
AIX 5.2 64-bit
Imperva-ragent-AIX-v52-ppowerpc64-b11.0.0.3008.tar.gz
AIX 5.3 32-bit
Imperva-ragent-AIX-v53-ppowerpc32-b11.0.0.3008.tar.gz
AIX 5.3 64-bit
Imperva-ragent-AIX-v53-ppowerpc64-b11.0.0.3008.tar.gz
AIX 6.1 64-bit
Imperva-ragent-AIX-v61-ppowerpc64-b11.0.0.3008.tar.gz
AIX 7.1 64-bit
Imperva-ragent-AIX-v71-ppowerpc64-b11.0.0.3008.tar.gz
HP-UX HP-UX B11.11 PA-RISC
Imperva-ragent-HPUX-v11.11-phppa-b11.0.0.3007.tar.gz
HP-UX B11.23 Itanium
Imperva-ragent-HPUX-v11.23-pia64-b11.0.0.3007.tar.gz
HP-UX B11.23 PA-RISC
Imperva-ragent-HPUX-v11.23-phppa-b11.0.0.3007.tar.gz
HP-UX B11.31 Itanium
Imperva-ragent-HPUX-v11.31-pia64-b11.0.0.3007.tar.gz
HP-UX B11.31 PA-RISC
Imperva-ragent-HPUX-v11.31-phppa-b11.0.0.3007.tar.gz
OEL Note: For OEL UEK SecureSphere Agents, both the installation file listed here and the kabi_
Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-300.7.1 to 2.6.32-300.39.2)
Imperva-ragent-OEL-v5-kUEK-v1-ik2-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.21.1)
Imperva-ragent-OEL-v5-kUEK-v1-ik3-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.23 to the latest version of 2.6.32-400 UEK kernel series ed by Oracle)
Imperva-ragent-OEL-v5-kUEK-v1-ik4-px86_64-b11.0.0.3007.tar.gz
OEL 5 UEK 2 64-bit (2.6.39-400.17.1 to the latest version of 2.6.39-400 UEK kernel series ed by Oracle)
Imperva-ragent-OEL-v5-kUEK-v2-px86_64-b11.0.0.3007.tar.gz
OEL 6 UEK 2 64-bit (2.6.32-400.23 to the latest version of 2.6.39-400 UEK kernel series ed by Oracle)
Imperva-ragent-OEL-v6-kUEK-v2-px86_64-b11.0.0.3007.tar.gz
OEL 6 UEK 3 64-bit (3.8.13-16 to the latest version of 3.8.13 UEK Kernel series ed by Oracle)
Imperva-ragent-OEL-v6-kUEK-v3-px86_64-b11.0.0.3007.tar.gz
SecureSphere Release Notes
9
2. Installing SecureSphere Agents
Table 1 SecureSphere Agents Installation File Names (continued) OS / Version
Installation File Name
Red Hat RHEL 3 32-bit hugemem
Imperva-ragent-RHEL-v3-kHUGEMEM-pi386-b11.0.0.3007.tar.gz
RHEL 3 32-bit SMP
Imperva-ragent-RHEL-v3-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 3 32-bit
Imperva-ragent-RHEL-v3-pi386-b11.0.0.3007.tar.gz
RHEL 3 64-bit SMP
Imperva-ragent-RHEL-v3-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 4 32-bit hugemem
Imperva-ragent-RHEL-v4-kHUGEMEM-pi386-b11.0.0.3007.tar.gz
RHEL 4 32-bit SMP
Imperva-ragent-RHEL-v4-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 4 64-bit large SMP
Imperva-ragent-RHEL-v4-kLARGESMP-px86_64-b11.0.0.3007.tar.gz
RHEL 4 64-bit SMP
Imperva-ragent-RHEL-v4-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 5 32-bit PAE
Imperva-ragent-RHEL-v5-kPAE-pi386-b11.0.0.3007.tar.gz
RHEL 5 32-bit SMP
Imperva-ragent-RHEL-v5-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 5 64-bit SMP
Imperva-ragent-RHEL-v5-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 5 64-bit XEN
Imperva-ragent-RHEL-v5-kXEN-px86_64-b11.0.0.3007.tar.gz
RHEL 6 (update 5 and newer) 32-bit SMP
Imperva-ragent-RHEL-v6K1-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 6 (update 5 and newer) 64-bit SMP
Imperva-ragent-RHEL-v6K1-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 6 32-bit SMP
Imperva-ragent-RHEL-v6-kSMP-pi386-b11.0.0.3007.tar.gz
RHEL 6 64-bit SMP
Imperva-ragent-RHEL-v6-kSMP-px86_64-b11.0.0.3007.tar.gz
RHEL 7 64-bit SMP
Imperva-ragent-RHEL-v7-kSMP-px86_64-b11.0.0.3007.tar.gz
Solaris Sun 5.8 SPARC
Imperva-ragent-SunOS-v5.8-psparcv9-b11.0.0.3008.tar.gz
Sun 5.9 SPARC
Imperva-ragent-SunOS-v5.9-psparcv9-b11.0.0.3008.tar.gz
Sun 5.10 SPARC
Imperva-ragent-SunOS-v5.10-psparcv9-b11.0.0.3008.tar.gz
Sun 5.10 x86 64-bit
Imperva-ragent-SunOS-v5.10-px86_64-b11.0.0.3008.tar.gz
Sun 5.11 SPARC
Imperva-ragent-SunOS-v5.11-psparcv9-b11.0.0.3008.tar.gz
Sun 5.11 x86 64-bit
Imperva-ragent-SunOS-v5.11-px86_64-b11.0.0.3008.tar.gz
SUSE Note: For SUSE SecureSphere Agents, both the installation file listed here and the kabi_
10
SUSE 9 32-bit SP3
Imperva-ragent-SLE-v9SP3-kSMP-pi386-b11.0.0.3007.tar.gz
SUSE 9 64-bit SP3
Imperva-ragent-SLE-v9SP3-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 9 64-bit SP4
Imperva-ragent-SLE-v9SP4-kSMP-px86_64-b11.0.0.3007.tar.gz
SecureSphere Release Notes
SecureSphere Agents Version 11.0
Table 1 SecureSphere Agents Installation File Names (continued) OS / Version
Installation File Name
SUSE 10 64 bit SP0
Imperva-ragent-SLE-v10SP0-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP1
Imperva-ragent-SLE-v10SP1-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP2
Imperva-ragent-SLE-v10SP2-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP3
Imperva-ragent-SLE-v10SP3-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64-bit SP4
Imperva-ragent-SLE-v10SP4-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 11 32 bit SP0
Imperva-ragent-SLE-v11SP0-kPAE-pi386-b11.0.0.3007.tar.gz
SUSE 11 64 bit SP1
Imperva-ragent-SLE-v11SP1-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64 bit SP2
Imperva-ragent-SLE-v11SP2-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64 bit SP3
Imperva-ragent-SLE-v11SP3-kSMP-px86_64-b11.0.0.3007.tar.gz
SUSE 10 64bit SP3 for Teradata (2.6.16.60-0.91.TDC.1.R.2 to 2.6.16.60-0.131.TDC.2.R.0)
Imperva-ragent-TD-SLE-v10SP3-kTD-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64bit SP1 for Teradata (2.6.32.54-0.23.TDC.1.R.2)
Imperva-ragent-TD-SLE-v11SP1-kTD-px86_64-b11.0.0.3007.tar.gz
SUSE 11 64bit SP1 for Teradata (2.6.32.54-0.35.TDC.1.R.1 to 2.6.32.54-0.76.TDC.1.R.0)
Imperva-ragent-TD-SLE-v11SP1-kTD-ik2-px86_64-b11.0.0.3007.tar.gz
Windows-based Agents Note: For detailed information see ed Windows Platforms below. This version s: 32-bit and 64bit Windows
2.9
Imperva-ragent-Windows-b11.0.0.3009.zip
ed Windows Platforms This section lists for the SecureSphere agent on Microsoft Windows. For information regarding ed Windows platforms for specific SecureSphere products, please see that specific product’s Guide. The SecureSphere agent is ed on the following Windows Platforms: •
Windows 2000 SP4 32bit
•
Windows 2003-32bit
•
Windows 2003-R2-32bit
•
Windows 2003-64bit
•
Windows 2003-R2-64bit
•
Windows 2008-32bit
•
Windows 2008-64bit
•
Windows 2008-R2-64bit
•
Windows 2012
SecureSphere Release Notes
11
2. Installing SecureSphere Agents
•
2.10
Windows 2012-R2
After Installing the SecureSphere Agent
2.10.1 DB2 - AIX Post Installation Information If you are connecting to DB2 locally over shared memory, then you must restart all DB2 database instances after the first time you start the SecureSphere Agent. There is no need to reboot the machine.
2.10.2 AIX Post Installation Information If you have installed the SecureSphere Agent on a machine on which no SecureSphere Agent was previously installed, or if a version 8.5 or lower SecureSphere Agent was installed, then: •
If you want to monitor local DB2 shared memory traffic, you must restart all DB2 database instances after the first time you start the SecureSphere Agent.
•
If you want to enable the source IP address feature, you must restart the servers (SSH, Telnet, R) after the first time you start the SecureSphere Agent.
There is no need to reboot the machine.
2.10.3 Locally Caching Monitored Traffic When the SecureSphere Agent is unable to send database traffic to the Gateway (for example, if the communication link to the Gateway is down) it stores the data to disk until such time as the data can be sent to the Gateway. Parameters controlling the location and size of these disk files can be configured in the Advanced Configuration section of the SecureSphere Agent’s Settings tab. For more information, see the SecureSphere Guide.
2.10.4 FAM Source IP Address Feature The source IP address feature for FAM is ed by SecureSphere Gateways beginning with version 9.5, and implemented for Windows 2008, 2008 R2, 2012 and 2012 R2 servers. Agent for this feature with starts from v10.0 Patch 2, v10.5 Patch 1, and v11.0. Note: When working with these operating system where SMB g is enforced, the Source IP feature is not ed for traffic monitored by SecureSphere agents.
12
SecureSphere Release Notes
SecureSphere Agents Version 11.0
3.
Open Issues Table 2 Release 11.0 Issues ID
Agent Environment
1
AGNT-6537
AIX
On T external with PCAP, when all channels are removed from a specific interface, the agent process is restarted.
2
AGNT-7042
AIX
In AIX when there are problems writing to the disk (for example full disk) the agent processes (ragent/ctrl/wd) may crash occasionally. See IBM issue APAR IV74663.
3
AGNT-7597
AIX
On some occassions, AIX failed to configure libpcap. A system event is not sent in this scenario.
Description
4
AGNT-7598
AIX
When the number of monitoring external interfaces using the pcap mode exceeds the number of available BPF filters on an AIX platform, no system event is shown. External interfaces with no available BPF filters are not monitored
5
AGNT-7312
Active Directory
Logon attempts over LDAP may fail with wrong error code when the needs to set new on next logon attempt.
6
AGNT-7057
All OS Platforms
On rare occasions when a local connection to a database is open for a very long period, and there is large number of connections being opened and closed, the "" in audit data may appear as "connected ."
7
AGNT-7605
All OS platforms
When server where the Agent is installed is completely out of disk space, the Agent may stop working properly and requires a restart.
8
AGNT-7232
DB2
When monitoring DB2 Shared memory connections, the response size in audit appears as 0.
9
AGNT-7660
Linux
For all Linux OSs (excluding: RHEL5, RHEL6K1, RHEL7, UEK4, UEK6, UEK7) the Imperva agent cannot coexist with the Vormetric Agents.
10
AGNT-7586
Linux, SUSE
Upgrade from Big Data Agent to a standard DB Agent in the case where the Big Data Agent has been ed to a Gateway is not ed. Workaround - Uninstall the Big Data Agent, and install the DB Agent.
11
AGNT-7654
Linux, Unix
When using LDAP authentication on a 64bit machine without the 32bit LDAP libraries installed, the s in OS chain are displayed as GUID instead of names.
12
AGNT-7636
RHEL, MySQL
When working in EIK on Rhel 3 64 bit SMP with MySQL DB, agent monitoring rules and blocking do not always work.
13
AGNT-5730
SharePoint
Revoke permissions for an attachment under a list item is not ed.
14
AGNT-6280
SharePoint
Web applications running with trust level lower than "Full trust" requires granting full trust for ManagedEnrichmentCLRx64.dll in order to be able to use security policies with "Block" action.
15
AGNT-6330
SharePoint
A SharePoint security policy configured to block upon file object modification also blocks list objects.
16
AGNT-6933
Unix, MySQL
When working in EIK mode and monitoring external MySQL traffic, the name is not shown correctly in audit data.
SecureSphere Release Notes
13
3. Open Issues
Table 2 Release 11.0 Issues ID
Agent Environment
17
AGNT-7439
SharePoint
18
AGNT-7571
Windows, SharePoint
19
AGNT-7657
SUSE, Teradata
Teradata: Blocking is not ed in inline mode for local T connections.
20
AGNT-7638
Teradata
On some occasions, agent may lock up issues when experiencing a high rate external traffic in Teradata systems due to Teradata enforcing stricter rules for kernel behavior.
21
AGNT-7645
UEK
In UEK7, text poke feature cannot be disabled.
22
AGNT-6398
Windows
After blocking in sniffing mode for local T connections, it takes about a minute for the client to close the local T session.
23
AGNT-6505
Windows
In order for an MSSQL NP interface to be monitored, the MSSQL service needs write privileges to the agents folders.
24
AGNT-6754
Windows
Following an upgrade of the agent (with no reboot to MSSQL), under a high volume of Named Pipe traffic, MSSQL exception could be generated. No effect on the client communication was observed.
25
AGNT-7084
Windows
Upgrading the Windows Agent to the same Agent version will fail.
26
AGNT-7189
Windows 2003
When using Windows 2003 and below EIK when at least one of the channels is not MSSQL, a system event is sent to the Management Server stating traffic to the non-MSSQL channel will be monitored in sniffing.
27
AGNT-7204
Windows 2003
MSSQL local does not PID related exclusions.
28
AGNT-7217
Windows 2003
In some cases, Windows Itanium displays hashed s.
29
AGNT-7235
Windows 2003
In rare case, when stopping an agent with local inline connections, connections become blocked.
30
AGNT-6189
Windows 2008
Windows 2008: When upgrading from agent versions earlier than 11.0, server might cause lower agent performance. Workaround: Reboot the database server after upgrade.
31
AGNT-7109
Windows
When working in PCAP mode, if WINPCAP is not installed and the T external data interface exists, then the T loopback data interface might not be monitored.
32
AGNT-5678
Windows, DB2
Windows, DB2: Shared memory connections, blocking mode is not ed.
33
AGNT-7632
Windows
Event Capture Time field of PCAP traffic might be wrong.
34
AGNT-4148
Solaris
The Solaris Agent is not able to monitor the IXGBE T data channel out of the box. Workaround: run the following command: ln -s /devices/pseudo/ clone@0:ixgbe /dev/ixgbe.
14
Description After installing the SecureSphere Agent in a SharePoint 2013 environment with .NET 4.5 is installed, audit data is not available. Workaround: Please . SharePoint audit collection will always be taken with the Farm .
SecureSphere Release Notes
SecureSphere Agents Version 11.0
4.
Patch Change Logs This section includes information regarding bugs that were resolved in patches Please note the following: •
Release numbers are not necessarily sequential
•
"All Platforms" means Windows and all Unix-like platforms (Linux, Solaris, HPUX, AIX, SUSE etc.)
4.1
Patch Bug Fixes
4.1.1
SecureSphere Agent Release 11.0 Patch 3 Update 1 - Released on: 2015-10-18
AGNT-6043 AIX: When using AIX v5.2, system U capping generated false alarms. AGNT-6743 AIX: Load script was not ed on SunOS and AIX. AGNT-7588 AIX: When using AIX v5.2, system U capping generated false alarms. AGNT-7449 AIX, Oracle: Memory leak occasionally occurred in kernel when connecting to the database with T local. AGNT-6529 AIX, Sybase: In EIK mode in AIX 5.2, Sybase traffic was not monitored on T External connections. AGNT-6837 All OS Platforms: Agent space could have crashed when trying to use the system capping feature. AGNT-7110 All OS Platforms: No clear indication was given when disk space was approaching full. AGNT-7229 All OS Platforms: In rare cases, agent watchdog would crash on agent service stop. AGNT-7396 All OS Platforms: On rare occasions, the SecureSphere Agent failed to to Gateways. AGNT-6407 HPUX: Agent crashed due to accessing invalid memory. May have happened in loaded system. AGNT-7366 HPUX: Agent unnecessarily wrote to the system log on shutdown. AGNT-6848 Linux: Upgrade from a big data agent to DAM/FAM agent was permitted. This is no longer ed and if a big data agent is already installed it cannot be upgraded to a DAM/FAM agent. AGNT-6951 Linux: Several SecureSphere files remained after uninstalling the SecureSphere Agent. AGNT-7308 Linux: PCL: In RHEL5, RHEL6K1, UEK4, UEK6, UEK7 - The Imperva agent could not have coexisted with the Vormetric Agents. AGNT-7497 Linux: If the folder "/lib/modules/`uname -r`/kernel/drivers/misc" was not available, there was a problem starting the Remote Agent service. AGNT-7570 Linux, HPUX, Solaris: A rare occurrence in all NIX environments (not including AIX). When using a high frequency short connection monitored by an Agent, this may have caused a re-use of PID processes, resulting in a server crash. AGNT-6772 Linux, Oracle: On 11.0.0.1xxx, with Oracle ASO enabled and when a non-default 'shared' folder was specified, some Oracle sessions crashed. AGNT-6798 Linux, Unix, AIX, HPUX: Uninstalling an agent in v11.0 patch 1 displayed the requested message after agent was removed. AGNT-7347 MS SQL: Hashed s were encountered on MSSQL due to AES256\128 fetching the wrong domain name. AGNT-7161 RHEL: RHEL kernel version 3.10.0-123 was not ed. AGNT-6721 RHEL, Oracle: When using Oracle encryption (ASO), a large amount of concurrent s impacted performance. AGNT-6866 RHEL, UEK: When the SecureSphere Agent was loaded following the loading of another agent that monitored the execve system call, the other agent may have no longer monitored this system call. AGNT-7546 RHEL, UEK, Oracle: Taking GTI with ASO enabled might have frozen up and not completed successfully. AGNT-7177 SharePoint: Obtaining agent log did not retrieve additional logs related to the agent's SharePoint audit solution.
SecureSphere Release Notes
15
4. Patch Change Logs
AGNT-7200 SharePoint: When a SharePoint site collection was created without using full flags for audit collection, the agent could have potentially run with errors for a short period. AGNT-5823 Solaris: On Solaris servers with high traffic load and large number of U cores, the agent caused a high system-U usage. AGNT-6637 Solaris: On some Solaris kernels (not common versions), after agent installation, the agent moved to running with errors state with message “Couldn't initialize T local traffic monitor.” AGNT-7531 Solaris: SecureSphere Agent did not monitor traffic after installing latest Solaris 11 patch. Only external traffic was monitored when using pcap (not EIK). AGNT-6566 Teradata: When enabling EIK in the agent's Advanced Configuration, the '' column in the SecureSphere GUI for external did not show any data. AGNT-7562 Teradata: On some occasions, agent locked up issues when experiencing a high rate external traffic in Teradata systems due to Teradata enforcing stricter rules for kernel behavior. AGNT-7353 UEK: In OEL v-6 kUEK-v3, the Agent could not be installed or could not start if glibc.i686 libraries rpm was not installed on the system. AGNT-7354 Unix: Agent did not monitor Oracle External traffic while in EIK when Oracle listener was configured to listen on all IP addresses and IPV6 is on one of the NIC's. AGNT-6847 Windows: PCAP mode started after disabling EIK without restarting the agent, resulting in values being repeated in audit. AGNT-6939 Windows: Agent discovery did not managed service s (MSA) and virtual s, which were new features available with Windows 7 and Windows Server 2008 R2. AGNT-6946 Windows: MSSQL IPC channels were not being monitored when used in Windows 2000. AGNT-7370 Windows: There was no event messages (Windows eventlog) for the Kragent driver. AGNT-7463 Windows: There was no logging the status of process termination in Windows, for example it was not clear whether a process terminated gracefully or exited with an error. AGNT-7573 Windows: Debug log messages and debug GTI print dump_pids with Unicode strings caused system crash. AGNT-7600 Windows: Server crash occurred when monitoring Oracle on a Windows machine using an Agent. AGNT-6874 Windows 2008: On T Local and T External channels with EIK configured, if a Monitoring Rule was defined and traffic was excluded, some connections were not monitored. AGNT-7099 Windows 2008: Fictitious IPs were not being displayed in Windows 2008 and above when T local traffic was being monitored. AGNT-7391 Windows 2008: Server crashed when using agent on Windows 2008. AGNT-6763 Windows, CIFS: The "Exclude System Folders (Windows Only)" checkbox in the agent settings screen was not working. AGNT-7261 Windows, CIFS: Selecting the source of traffic activity to monitor (local only or both local and external) during registration only affected database monitoring. AGNT-4103 Windows, MS SQL: Inline mode for MSSQL 2012 IPC (named pipes) was added. AGNT-7081 Windows, MS SQL: Agent potentially could have crashed when running traffic over named pipe (to MsSQL) while the RemoteAgent was shutting down. AGNT-7473 Windows, SharePoint: A new advanced configuration was added to the agent "sp-sites-errorthreshold", you can set it to determine how many "faulty" site-collections the agent accepts before it changes status to "Running with errors" AGNT-7548 Windows, Windows 2003, Windows 2008, MS SQL: In some cases the agent failed to extract the default MSSQL certificate, causing "Hashed " to appear in the audit. Relevant only for "SQL Server Authentication". AGNT-6792 When there were no write permissions to Solaris TMPDIR (if exists) or /var/tmp, the Agent Installation Manager could not be installed.
4.1.2
SecureSphere Agent Release 11.0 Patch 2 Update 1 - Released on: 2015-4-19
SPHR-52922 DB: Big Data - Injecting MongoDB with relative addresses resulted in errors in agent log stating "Failed to find dlopen. aborting injection!" while no events regarding MongoDB activity were created.
16
SecureSphere Release Notes
SecureSphere Agents Version 11.0
4.1.3
SecureSphere Agent Release 11.0 Patch 2 - Released on: 2015-3-24
AGNT-6731: Windows: Added agent for AES128 & AES256 key discovery. AGNT-6002: Windows: Certificate discovery didn't discover "all purpose" certificates. AGNT-6940: Windows, SharePoint: SecureSphere Agent for SharePoint could have crashed when there was an error while collecting audit data. AGNT-6898: Windows: When AES discovery was enabled, an istrative running the service caused errors which flooded the ctrl log. AGNT-6824: Oracle: Enabling ASO on uned platforms could have resulted in a server crash.
4.1.4
SecureSphere Agent Release 11.0 Patch 1 Update 1 - Released on: 2015-4-30
AGNT-7322 Solaris: Could not start the database Oracle 12.1 when the SecureSphere Agent was running on Solaris 11 operating systems.
4.1.5
SecureSphere Agent Release 11.0 Patch 1 - Released on: 2014-12-31
AGNT-6166 AIX: Agent running on AIX versions 6.1 TL9SP3 and 7.1TL3SP3 or newer would cause the machine to freeze up. AGNT-6349 AIX: When using an Agent Monitoring Rule with ""Agent Criteria - Process Details"" which contained the ""Arguments"" parameter, the rule didn't function correctly and did not exclude traffic monitoring. AGNT-4815 All OS Platforms: On rare occasions, the agent may crash upon initialization. AGNT-6294 All OS Platforms: Full disk caused agent get tech info requests to hang, though resulting error message wasn't clear. AGNT-6298 All OS Platforms: Full disk caused confusing error message from agent. AGNT-6338 All OS Platforms: When an IP address of 0.0.0.0 was configured for a Data Interface, configuration failed. AGNT-6370 All OS Platforms: On a database server with a large number of external t channels using pcap, the white list was not applied. AGNT-6374 All OS Platforms: ragent process crashed on shutdown. AGNT-6462 All OS Platforms: High U was encountered when the agent was running. AGNT-6518 All OS Platforms: Kernel U usage limit was not optimally being utilized and didn't take into consideration the amount of cores in the machine. AGNT-6220 HPUX, Solaris: Agent was stopped after "unmount" of the file system. AGNT-6451 Unix: Server crashed when fetching get tech info from agent. AGNT-6577 RHEL: Agent crashed Linux Operating System when it tried to remove a directory under a readonly share. AGNT-6165 Solaris: Agent processes stopped responding on some machines due to library mismatch. AGNT-6485 Solaris: Agent installation on Solaris 11 SP1 with branch smaller than 0.175.1.15.0.4.0 is not ed. The error message had a spelling error. AGNT-5959 SUSE, UEK, Teradata: Agent installation would occasionally fail when a new line characters were modified by the , but no matching kernel error was available. For example, when a file is ed via Windows FTP client as a text file. AGNT-6097 SUSE, UEK, Teradata: Kabis synced from internal SecureSphere infrastructure replaced customer's existing kabi file even if customer had newer kabi file. AGNT-6521 Unix: In some cases, such as with high U, large number of processes, high network latency or slow disk access, get-tech-info didn't work. AGNT-6160 Unix, Sybase: Sybase discovery didn't always work. AGNT-4594 Windows: On rare occasions, the agent may crash as the result of a bad configuration or shutdown. AGNT-6334 Windows: Process name and name exclusion processing time was improved in driver. AGNT-6585 Windows: MSSQL crash could have occurred while monitoring and filtering a high volume of MSSQL "name pipe" traffic.
SecureSphere Release Notes
17
4. Patch Change Logs
AGNT-6538 Windows, CIFS: Enabling FAM monitoring on Windows platform may result in high U if configuration fails. AGNT-6586 Windows: Filtering a large number of MSSQL "named pipe" connections over a long period, might have caused the agent to start generating T gaps on "named pipe" connections, causing audit loss. AGNT-6588 Windows: Filtering a high volume of MSSQL ""named pipe"" connections, might cause ""named pipe"" module to perform excessive log writing. AGNT-6610 Windows: Agent restart during high rate of incoming ""filter connection"" requests from gateway, might have caused the agent to stop monitoring MSSQL named pipe connections. AGNT-6664 Windows: Hashed s appeared in audit data as the result of Kerberos key for network services not being correctly calculated (with RC4 encryption), AGNT-6753 Windows: When in inline mode, Windows agent would occasionally freeze up. AGNT-6760 Windows: When working with Windows 2008/2012 Inline, the host operating system may freeze up or crash when stopping the agent or local monitored process. AGNT-6786 Windows: In rare cases, Windows machines might crash when configuring an "Agent Monitoring Rule" using the "Agent Criteria - Process Details" criteria. AGNT-5856 Windows, CIFS: Unicode names appeared as question marks in audit data. AGNT-6357 Windows, CIFS: RemoteAgent process could have crashed if driver could not be started. AGNT-6517 Windows, CIFS: Non-English name exclusions were not ed. This functionality was added. AGNT-6543 Windows, CIFS: Client that used SMB1 and tried to connect to invalid share could have resulted in a crash. AGNT-6006 Windows, SharePoint: When a server restarted the agent before all other services in the server were initialized, it occasionally failed to deploy the web-service.
18
SecureSphere Release Notes
Related Documents c2h70
Imperva Securesphere V11.0 Agent Release Notes 6pb12
October 2022 0
Imperva Securesphere V11.0 Upgrade Guide 3tp38
December 2019 28
Imperva Securesphere V11.5 Upgrade Guide 1ev3h
November 2019 135
Imperva-securesphere-10.0-migration_guide-v5.0.pdf 5i3w3g
November 2019 18
Release Notes 4q6d4k
December 2022 0
Release Notes 4q6d4k
March 2023 0More Documents from "juana" 23573j
Imperva Securesphere V11.0 Agent Release Notes 6pb12
October 2022 0
6g3p1u
December 2020 0
Solicitud De Arreglo De Calle A La Municipalidad De Yarinacocha - Copia 2c3n2i
June 2022 0
Terapias De Tercera Generacion 5i83w
November 2020 0
Lp Fraktur Lumbal 1l2i4w
August 2020 0