Linux Agent LS64 Changelog (Elements, Business Suite, Standalone)

Samuel_L · 2019-06-03T11:13:56+00:00

There was an error rendering this rich post.

This thread collects endpoint client change logs for WithSecure Elements Agents for Windows and Server - previously known as:

WithSecure Elements EPP for Servers
WithSecure Elements EDR for Servers
WithSecure Elements EDR and EPP for Servers Premium
WithSecure Linux Security 64 (Policy-Manager managed and Standalone)

Find more posts tagged with

Changelog

Comments

Samuel_L

New Linux Security 64 update has been released (2022-11-28)

New Linux Security 64 (version 12.0.409), FSBG (version 1.0.703), and BaseGuard (version 1.0.723) updates have been released. FSBG and BaseGuard are components of Linux Security 64. These updates include the following changes:

CSLP-4169: Make it possible to bypass distribution compatibility checks and run the product on systems that are not officially supported. The main use case for this feature is to enable running the product on various "clone" distributions that resemble one of the supported distributions.
CSLP-3740: Improved integrity checker integration with updates installed via system package manager. Integrity checker baseline can now be automatically updated after a system update has been installed. Currently APT and DNF package managers are supported.
MALT-529, MALT-536, MALT-563: Fixed crashes in scanning service.
MALT-441: Fixed an issue where in certain situations subscription was incorrectly deemed to be invalid.
CSLP-4160: Fixed a possible race condition when taking a new SELinux policy into use.
CSLP-4150: Fixed an issue where SELinux prevented accessing SSSD NSS module on Red Hat Enterprise Linux 7 and CentOS 7.
MALT-527: Fixed a memory access related issue in real-time scanning service.
MALT-388: Added support for wildcards in on-access scanning.
Miscellaneous enhancements and bug fixes.

Samuel_L

New pinnable Linux Security 64 version is available (2022-10-20)

New pinnable Linux Security 64 version "linuxsecurity-2022_4" has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When the product version has been pinned the installation will still receive new engine and definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version is supported for a year from the release of the subsequent pinnable version.

"linuxsecurity-2022_4" contains the following components:

Linux Security 64 version 12.0.338
FSBG version 1.0.654
BaseGuard version 1.0.655

Samuel_L

New Linux Security 64 update has been released (2022-10-05)

New FSBG update (1.0.654) has been released. FSBG is part of Linux Security 64. This update includes the following changes:

CSLP-4158: Fixed an issue where FSBG updates could fail on systems with certain SELinux configuration.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released (2022-09-20)

New FSBG update (1.0.653) has been released. FSBG is part of Linux Security 64. This update includes the following changes:

CSLP-4151: Fixed an issue where new Policy Manager managed installations making use of Policy Manager proxies or Policy Manager address overrides would have invalid update configuration.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released (2022-08-31)

New Linux Security 64 (12.0.338), FSBG (1.0.646), and BaseGuard (1.0.655) updates have been released. FSBG and BaseGuard are part of Linux Security 64. Changes in these releases include:

CSLP-4133: Added support for Ubuntu 22.04.
CSLP-4132: Added support for Red Hat Enterprise Linux 9 and Alma Linux 9.
CSLP-3830: Added support for retrieving updates over HTTPS.
CSLP-4079: Fixed an issue where Linux Security 64 would not correctly report product build number to Policy Manager.
CSLP-4012: Improved SELinux support.
CSLP-4058: Upgraded OpenSSL.
MALT-305: Fixed a crash in integrity checking service.
MALT-108: Fixed an issue where under certain conditions update validity would be verified incorrectly.
MALT-335: Fixed an issue where errors related to expired subscription would be displayed even when the subscription was valid.
MALT-109: Fixed an on-access scanning compatibility issue with kernel versions >=5.13.
MALT-103: Updated embedded curl dependency.
Miscellaneous fixes and improvements.

Samuel_L

New pinnable Linux Security 64 version is available

New pinnable Linux Security 64 version "linuxsecurity-2022_1" has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When the product version has been pinned the installation will still receive new engine and definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version is supported for a year from the release of the subsequent pinnable version.

"linuxsecurity-2022_1" contains the following components:

Linux Security 64 version 12.0.314
FSBG version 1.0.623
BaseGuard version 1.0.632

Samuel_L

New Linux Security 64 update has been released (2022-04-26)

Note: This release was made on 2022-04-26. We are moving old change log entries to the new WithSecure Community forum.

New Linux Security 64 (12.0.314) update has been released. This update includes the following changes:

CSLP-3781: Integrity checker will now produce alerts for file metadata changes. In addition, alerts will be sent when integrity checker protected files are deleted.
CSLP-4053: Fixed a problem where disabling integrity checker did not disable tampering action alerts.
CSLP-4009: Optimize resource usage by avoiding starting real-time scanning and integrity checking related services when they are not needed. This means that these services will no-longer be running after the update if they are not needed.
CSLP-4014: Relax Python dependency's version constraints on CentOS, RHEL, and Alma Linux systems to allow installing the product when the system has Python 3.9 installed.

Samuel_L

New Linux Security 64 update has been released (2022-04-11)

Note: This release was made on 2022-04-11. We are moving old change log entries to the new WithSecure Community forum.

New BaseGuard (1.0.632) and FSBG (1.0.623) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-4051: Fixed an issue where real-time scanning service would crash.
CSLP-4070: Fixed an issue where the product could crash on systems with a large number of mount points.
CSLP-4071: Fixed an issue where the product could crash when shutting down.
CSLP-4067: Upgrade to OpenSSL 1.1.1n

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.614) and FSBG (1.0.611) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

Miscellaneous enhancements and bug fixes.

Sami_J

New pinnable Linux Security 64 version is available

New pinnable Linux Security 64 version "linuxsecurity-2021_5" has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When the product version has been pinned the installation will still receive new engine and definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version has an associated expiration date after which the version will no longer be supported. For "linuxsecurity-2021_5" the expiration date is 2022-12-22T09:00:00Z.

"linuxsecurity-2021_5" contains the following components:

Linux Security 64 version 12.0.291
FSBG version 1.0.600
BaseGuard version 1.0.606

To learn more about product version pinning refer to the "Configuring automatic update options with Policy Manager" section of the Linux Security 64 manual.

Sami_J

New Linux Security 64 update has been released

New BaseGuard (1.0.606) update has been released. BaseGuard is part of Linux Security 64. This update includes the following changes.

CSLP-4036: Old rotated access.log files were not removed but consumed disk space without a limit.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New Linux Security 64 (12.0.291), BaseGuard (1.0.604), and FSBG (1.0.600) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes.

CSLP-4029: Fixed an issue where an update might fail due to a slow migration processes.
CSLP-4030: Fixed an issue where the product would not fully uninstall.
CSLP-4031: Fixed an issue where the scanning service could sometimes cause core files to be generated during service shutdown.
CSLP-3997: New lsctl update subcommand can be used to manually trigger the product to check for updates.
CSLP-4032: Fixed an issue where SELinux policies were not being installed on Alma Linux systems.
CSLP-4021: Updated components to use OpenSSL 1.1.1l.
CSLP-4034: Added support for Alma Linux.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New Linux Security 64 update (12.0.286) has been released. This update includes the following changes:

CSLP-3985: Fixed an issue where using fsanalyze tool as a non-root user would result in an error to be shown.
CSLP-3989: Added rate limiting to decrease the number of duplicate alerts that can be sent in a short period of time.
CSLP-3991: Added support for Debian 11.
CSLP-3975: Fixed an issue where systemd services could be restarted too quickly.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.596) and FSBG (1.0.591) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3971: Fixed a performance regression that increased CPU usage of fsma2 service.
CSLP-4017: Fixed an issue where limited internet connectivity during boot could cause on-access scanning to slow down the system.
CSLP-4018: Fixed an issue where updates could cause on-access scanning to freeze the system.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.579) update has been released. BaseGuard is a part of Linux Security 64. This update includes the following changes:

CSLP-3986: Fixed an issue where, under certain conditions, scanning could stop working following a large number of service restarts.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.576) update has been released. BaseGuard is a part of Linux Security 64. This update includes the following changes:

Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New Linux Security 64 (12.0.266), BaseGuard (1.0.574), and FSBG (1.0.568) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3865: Triggering "send status update" action via Elements EPP Portal now causes Linux Security 64 to check for updates.
CSLP-3932: Files can now be excluded from integrity checking based on file name patterns.
CSLP-3762: Add support for SolarWinds RMM.
CSLP-3967: Made activation and uninstallation more robust.
CSLP-3924: Increased Security Cloud timeout to 30 minutes.
CSLP-3940: Fixed an issue where rename and remove operations did not work correctly when the file being operated on was located directly inside / directory.
Miscellaneous enhancements and bug fixes.

Known Issues

Scanning files as a non-root user using fsanalyze command-line utility causes error message to be shown.
If the product is being used with Policy Manager 15.20 or older, detection alerts from fsanalyze will result in an unknown alert type error being shown in Policy Manager Console. This issue will be resolved in the upcoming version of Policy Manager.

Samuel_L

New pinnable Linux Security 64 version is available

New pinnable Linux Security 64 version "linuxsecurity-2021_2" has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When the product version has been pinned the installation will still receive new engine and definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version has an associated expiration date after which the version will no longer be supported. For "linuxsecurity-2021_2" the expiration date is 2022-06-16T09:00:00Z.

"linuxsecurity-2021_2" contains the following components:

Linux Security 64 version 12.0.242
FSBG version 1.0.548
BaseGuard version 1.0.568

To learn more about product version pinning refer to the "Configuring automatic update options with Policy Manager" section of the Linux Security 64 manual

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.568) and FSBG (1.0.548) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3953: Fixed an issue where scanning service could temporarily consume CPU resources excessively.
CSLP-3952: Fixed an issue where scanning results were sometimes inconsistent due to a caching related issue.
CSLP-3926: Fixed an issue where files were not properly cleaned up when offline updates were used.
CSLP-3951: Fixed an issue where an error about "invalid component in version element" was printed to the journal.
CSLP-3794: Fixed an issue where the same machine appeared with different names in different web services.
CSLP-3948: Fixed an issue where information about latest engine update was not correctly shown in Policy Manager.
CSLP-3950: Updated OpenSSL to 1.1.1k.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 installer package for Policy Manager has been released

New Linux Security 64 installer package for Policy Manager 15.20 has been released. This release adds support for including initial policy directly into the installation package.

When the policy is included directly into the installation package, it can be taken into use even before the client has contacted Policy Manager for the first time. This kind of early configuration can be useful for specifying settings that affect connectivity with Policy Manager.

The new installer requires the use of Policy Manager version 15.20 or greater. The new installer package along with our existing installers can be found from the downloads page.

Known Issues

When exporting an installer for setting up standalone Linux Security 64 installations (installations that will not be connected to the policy manager), please note that the included policy may contain settings which are marked as locked in the policy manager console. These settings cannot be changed locally after the product has been installed. Specifically, the setting "Allow user to unload the products" will always be locked.

Samuel_L

New Linux Security 64 update has been released

New Linux Security 64 (12.0.242), BaseGuard (1.0.555) and FSBG (1.0.532) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3571: Added a new status sub-command to lsctl command-line utility. Status sub-command makes it possible to inspect the state of the product and see various statistics related to scanning.
CSLP-3892: Improve handling of sensitive setting values in lsctl command-line utility. Lsctl will now warn when sensitive setting values have been omitted from its output.
CSLP-3888: Support scheduling the product to be automatically activated on the next boot. This feature can be useful in scenarios where Linux Security 64 is included in a virtual machine template that can be cloned and instantiated multiple times. By scheduling the activation to only happen when a new virtual machine is booted, each virtual machine can be activated separately. This feature requires the use of the latest Linux Security 64 installer.
CSLP-3900: Improved the robustness of product activation. If product activation fails unexpectedly, it should now be possible to simply try activating the product again without the need to first manually uninstall the product. These improvements require the use of the latest Linux Security 64 installer.
CSLP-3927: Fixed a performance issue where write-heavy loads could make on-access scanning unresponsive.
CSLP-3928: Optimize integrity checker by skipping the scanning of files that have not been modified.
CSLP-3916: Updated OpenSSL to 1.1.1k
CSLP-3891: Fixed an issue where unexpected SIGPIPE signals could lead to service failures.
Miscellaneous enhancements and bug fixes.

Samuel_L

New pinnable Linux Security 64 version is available

New pinnable Linux Security 64 version "linuxsecurity-2021_1" has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When the product version has been pinned the installation will still receive new engine and definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version has an associated expiration date after which the version will no longer be supported. For "linuxsecurity-2021_1" the expiration date is 2022-03-08T09:00:00Z.

"linuxsecurity-2021_1" contains the following components:

Linux Security 64 version 12.0.222
FSBG version 1.0.513
BaseGuard version 1.0.536

To learn more about product version pinning refer to the "Configuring automatic update options with Policy Manager" section of the Linux Security 64 manual

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.536) and FSBG (1.0.513) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3898: Fixed a compatibility issue with certain external HTTP proxies.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New Linux Security 64 (12.0.222), BaseGuard (1.0.532) and FSBG (1.0.508) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3832: Support disabling Linux Security 64 in a persistent way.
CSLP-3855: Support basic authentication with proxies.
CSLP-3883: Fixed an issue where enabling archive scanning for real-time scanning could cause slowness.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New Linux Security 64 (12.0.213) update has been released. This update includes the following changes:

CSLP-3708: Added a new lsctl load sub-command for restoring settings. The load sub-command differs from the preexisting set sub-command in that in the case values for some settings are omitted, load will set them to their default values. This can be useful when restoring settings from a backup made with an earlier version of the product that might not contain all the settings present in the current version of Linux Security 64.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 update has been released

New BaseGuard (1.0.525) and FSBG (1.0.499) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3875: Real-time scanning now correctly excludes efivars file system.
CSLP-3876: Fixed an issue where all on-access file scans would fail after a timeout.
CSLP-3874: Fixed an issue where service restarts could cause Linux Security 64 to report licensing related errors when scanning files.
CSLP-3810: Fixed an issue where errors from fsbg-statusd would sometimes show up in journal during updates.

Samuel_L

New pinnable Linux Security 64 version is available

New pinnable Linux Security 64 version "linuxsecurity-2020_1" has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When product version has been pinned the installation will still receive new engine & definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version has an associated expiration date after which the version will no longer be supported. For "linuxsecurity-2020_1" the expiration date is 2021-11-23T09:00:00Z.

"linuxsecurity-2020_1" contains the following components:

Linux Security 64 version 12.0.206
FSBG version 1.0.491
BaseGuard version 1.0.508

To learn more about product version pinning refer to the "Configuring automatic update options with Policy Manager" section of the Linux Security 64 manual

Samuel_L

New Linux Security 64 Update has been released

New Linux Security 64 (12.0.206), FSBG (1.0.491), and BaseGuard (1.0.508) updates have been released. FSBG and BaseGuard are part of Linux Security 64. These updates include the following changes:

CSLP-3727: Add support for installing a specific version of the product using the --product-version installer option. This is currently only supported for Policy Manager managed Linux Security 64 installations. Using --product-version option requires that the version 2.0.25 (or later) of the Linux Security 64 Policy Manager installation package is used. Please note that using this feature requires that the machine where the product is installed is able to contact fsapi.com domain.
CSLP-3797: Fix an issue where reinstalling the product with a different management mode would result in an error.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 Update has been released

New BaseGuard (1.0.506) and FSBG (1.0.482) updates have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3801: Setting changes made on the PSB Portal now take effect immediately.
CSLP-3802: Fixed an issue where Linux Security 64 installation would be named as UNKNOWN in the Policy Manager if the machine did not have a DNS name assigned to it.
CSLP-3803: Fixed permissions on the Policy Manager certificate file
CSLP-3804: Fixed an issue where ICAP service cache was stored in the wrong directory.
CSLP-3806: Fixed in issue where scanning certain archives would result in an error.
Miscellaneous enhancements and bug fixes.

Samuel_L

New Linux Security 64 Update has been Released

A new BaseGuard update (1.0.482) and a new FSBG update (1.0.471) have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:

CSLP-3722: Rapid Detection and Response functionality was added (see below).
CSLP-3542: Optimized performance when on-access scanning and integrity checking are turned off.
CSLP-3780: Fixed an issue where large number of mount points could cause product to stop working.
CSLP-3661: Fixed an issue where system could get stuck during shutdown if a particular autofs & NFS configuration was used.
Miscellaneous enhancements and bug fixes.

Rapid Detection and Response Support

Requirements

RDR functionality requires the auditd service to be installed and running on the system. Please, see known issues below.

Licensing

Please, use "PSB Server Protection Premium + RDR" subscription in order to deploy Linux Protection with RDR.

Supported systems

The compatibility list is the same as for Linux Protection with exclusions. The following Linux distributives are not supported due to RDR sensor incompatibility:

SLES 12 SP 5
SLES 15
Ubuntu 20.04
Oracle Linux with UEK kernel

Known issues

It is required to install, enable and start the auditd package on your system before installing Linux Protection with RDR. Without auditd, RDR sensor installation will fail. If RDR sensor installation fails, an error like this will be printed to the system journal:

"Sep 29 14:07:37 localhost fsbg[6692]: update installation failed: /sensor/1601277158"

It is possible to fix the failed sensor installation by installing auditd and running the command

"/opt/f-secure/baseguard/bin/update $(/opt/f-secure/baseguard/bin/update --list | grep sensor | cut -d ' ' -f 1)";

On Debian 10 with SELinux enabled the RDR sensor and auditd can fail in some configurations
It is recommended to test the RDR sensor on the expected workload before deploying it into production, especially in network-heavy applications