Proventia Network Intrusion Prevention System 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010 README ======================================================================== Readme file for: IBM Proventia Network Intrusion Prevention System Firmware 4.5 AllModels-Hotfix Fixpack 10 Product/Component Release: 4.5.0.0 Update Name: 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010 PatchID: 1812 Platforms: Proventia G Publication date: June 26, 2013 Last Modification date: June 26, 2013 Copyright IBM Corporation 2013. All rights reserved worldwide. Please read this document in its entirety. ======================================================================== CONTENTS ======================================================================== * Description * Compatibility and Prerequisites * Known Issues * Installation information * Files included in this update * Contacting IBM Support * Copyright and trademark ======================================================================== DESCRIPTION ======================================================================== Corrects issCSF signal 11 crash because the response objects are not pr perly serialized Previous problems corrected --------------------------- Fixes an issue where new OCN format in keylib6 license key causes '[ERROR]OCN 'xxxxx.xxxxxxxx.x' is not a valid customer ID'. CSF: Correct issCSF segmentation fault due to lack of synchronization betwee the Global response configuration thread and the response thread CRM: Resolves a false positive with the "Snort is disabled but still running" health alert. At the exact moment that the CRM stat task is running on one thread to check the snort version, SPA is requesting agent info to send to SiteProtector from the CRM which checks whether the process is running. Also resolves a second condition, at the exact moment SPA is requesting agent info to send to SiteProtector from the CRM which checks the snort process, the CRM stat task is running on another thread to check the snort version. Adds the network-info (link state information) sections back to the agent status document (agent properties within SiteProtector) posted to SiteProtector. Engine: Resolves an issue with coalescer statistics events not functioning. Corrects a crash related to quarantine rules. Corrects a blocking issue on MORE_UPDATE events that were only intended to update information about an event within the coalescer. Corrects an issue with sensor statistics timing. Packet logger: Resolves an issue with the maximum number of files for the rolling packet captures. PPD: Prevents a signal 11 with the PPD process when the number of characters entered into a port list within an event filter is greater than 30 characters and extends the number of characters to 256. A policy inconsistency where although a WAP category may be disabled in the policy, certain signatures (those that X-Force would block by default) are enabled regardless. To address the latter issue, the enabled/disabled status of a WAP category now controls whether or not *ALL* checks in a WAP category are disabled or enabled instead of allowing a subset of signatures to be enabled regardless of the WAP category setting. Adds support for the below parameters. ppd.wap.override.disable Default: Override fix is on by default. Valid value: true Description: This parameter disables the previously mentioned WAP Override fix. It is recommended to leave the WAP Override fix enabled, default. ppd.wap. Valid values: "off" Description: Disables the signature. There is no On value. In order to disable the signature, the WAP category that contains the signature must be enabled. "block" Description: Turns blocking on for that signature. This will be useful in cases where the WAP category that contains the signature is enabled, but not set to block and you want to enable blocking for the one signature. "blockdisable" Description: Turns blocking off for that signature. This will be useful in cases where the WAP category that contains the signature is enabled, is set to block and you want to disable blocking for the one signature. ppd.wap.global. Valid values: Same as ppd.wap. Description: This parameter overrides cases when the signature has Enable In Global set to true from the feature category.xml file, and/or for the Client Side attacks category when the Enable Client Side Protection check box is checked in the Client Side attacks tuning. SecMgr: On analysis inspection crashes bypass the NPU. The 4.5.0.0-ISS-ProvG-GX7-Hotfix-FP0003 patch or later is required with this patch for this feature to work. Addes support for the below parameter, which might be useful in cases where an unused segment or interface is causing the IPS to report an unhealthy status in the SiteProtector Console agent view: Name: adapter.inuse.# Where # is the inspection interface number starting with 0, for port 1A. Valid value: false Default value: true Snep: Resolves a seg v crash when snort generates a large size event. Xerces: Correct problem of signal 6 (abort) in issCSF because of Xerces lib. Lum: Fixes an issue with the LMI showing License information expiring a day earlier in different time zones. ======================================================================== COMPATIBILITY AND PREREQUISITES ======================================================================== This update is only compatible with the IBM Proventia Network Intrusion Prevention System firmware 4.5. It can be applied on top of any previously installed patches. MD5 checksum calculation: - 1fa99036d17f72bf172ac605ce851e79 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010.tgz ======================================================================== KNOWN ISSUES ======================================================================== There are no known issues with this patch. ======================================================================== INSTALLATION INFORMATION ======================================================================== To copy the update to the Proventia appliance: 1) Using an SCP tool such as WinSCP, copy 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010.tgz to the "/root" folder on your Proventia G or GX appliance. 2) Use an SSH client such as PuTTY to log into your Proventia G or GX appliance as 'root'. 3) Execute the following commands: tar -xvzf 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010.tgz cd 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010 To install the update, execute ./install.sh To uninstall the update, execute ./install.sh -r ======================================================================== FILES INCLUDED IN THIS UPDATE ======================================================================== 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010.zip | |--4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010.tgz | | | |--iss-ppd-original.sigtgz | |--gx7/ | |--gx7/Xerces-c-32bit-original.rpm | |--gx7/iss-snep-original.sigtgz | |--gx7/iss-provg-pktlogd-new.rpm | |--gx7/iss-secmgr-original.rpm | |--gx7/iss-snep-new.sigtgz | |--gx7/iss-secmgr-new.rpm | |--gx7/iss-netengine-original.rpm | |--gx7/iss-secmgr-new.sigtgz | |--gx7/Xerces-c-new.rpm | |--gx7/iss-provg-pktlogd-new.sigtgz | |--gx7/Xerces-c-32bit-new.rpm | |--gx7/iss-netengine-original.sigtgz | |--gx7/iss-netengine-new.rpm | |--gx7/iss-snep-new.rpm | |--gx7/iss-netengine-new.sigtgz | |--gx7/iss-snep-original.rpm | |--gx7/Xerces-c-original.rpm | |--gx7/iss-secmgr-original.sigtgz | |--gx7/iss-provg-pktlogd-original.sigtgz | |--gx7/iss-provg-pktlogd-original.rpm | |--iss-snep-original.sigtgz | |--iss-csf-new.rpm | |--iss-provg-pktlogd-new.rpm | |--patch1812.info | |--iss-secmgr-original.rpm | |--iss-lum-original.sigtgz | |--iss-snep-new.sigtgz | |--iss-secmgr-new.rpm | |--iss-netengine-original.rpm | |--gx6/ | |--gx6/iss-secmgr-original.rpm | |--gx6/iss-secmgr-new.rpm | |--gx6/iss-netengine-original.rpm | |--gx6/iss-proventiag-crm-original.rpm | |--gx6/iss-secmgr-new.sigtgz | |--gx6/iss-netengine-original.sigtgz | |--gx6/iss-netengine-new.rpm | |--gx6/iss-netengine-new.sigtgz | |--gx6/iss-proventiag-crm-new.sigtgz | |--gx6/iss-secmgr-original.sigtgz | |--gx6/iss-proventiag-crm-new.rpm | |--gx6/iss-proventiag-crm-original.sigtgz | |--iss-proventiag-crm-original.rpm | |--iss-secmgr-new.sigtgz | |--iss-unified-lmi-original.rpm | |--Xerces-c-new.rpm | |--iss-provg-pktlogd-new.sigtgz | |--iss-csf-original.sigtgz | |--iss-csf-original.rpm | |--iss-unified-lmi-new.rpm | |--iss-ppd-new.rpm | |--iss-netengine-original.sigtgz | |--iss-netengine-new.rpm | |--iss-snep-new.rpm | |--iss-netengine-new.sigtgz | |--iss-snep-original.rpm | |--iss-proventiag-crm-new.sigtgz | |--Xerces-c-original.rpm | |--iss-csf-new.sigtgz | |--iss-lum-new.rpm | |--iss-secmgr-original.sigtgz | |--iss-provg-pktlogd-original.sigtgz | |--iss-lum-original.rpm | |--iss-ppd-original.rpm | |--iss-provg-pktlogd-original.rpm | |--iss-proventiag-crm-new.rpm | |--iss-ppd-new.sigtgz | |--iss-proventiag-crm-original.sigtgz | |--iss-lum-new.sigtgz | |--install.sh | |--4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP00010-Readme.txt ======================================================================== CONTACTING IBM SUPPORT ======================================================================== To Contact IBM Support Worldwide Phone: Call IBM Support by selecting phone number from this location: http://www.ibm.com/planetwide When prompted for type of support, select option 2 for Software Support You will need to provide your IBM Customer Number (ICN) Electronically: Go to http://www.ibm.com/legal/copytrade.shtml and open a new service request =========================================================================== COPYRIGHT AND TRADEMARK =========================================================================== Copyright and trademark information http://www.ibm.com/legal/copytrade.shtml Notices INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Microsoft, Windows, and Windows Server are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Other company, product, or service names may be trademarks or service marks of others. *THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION* Please see the license agreement for this product for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions: * the Excluded Components are provided on an "AS IS" basis * IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * IBM will not be liable to you or indemnify you for any claims related to the Excluded Components * IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components. ===========================================================================