Powertech Security Auditor

NOTE: Prior to version 4.2.1, Security Auditor was called Policy Minder.

October 2018

Version 4.2.1
New Feature
  • New Product Name. Powertech Policy Minder has been renamed "Powertech Security Auditor."
Fixes
  • Spring Framework dependency has been removed, addressing a security vulnerability (CVE-2018-1272).
  • Failure from collection of ACL information for protected system files on Windows 2008R2 and earlier has been addressed.
  • Default SMTP server support has been removed. Sending email from Security Auditor now requires a user-defined SMTP server on the Preferences page.
  • When adding a new server, Security Auditor no longer incorrectly shows "null" as part of a message.
  • When the Polling is successful, but Security Auditor fails to add a discovered Server, the AWS Accounts page no longer shows a "tick" for "Polling Status" indicating success.

July 2018

Version 4.2
New Feature
  • AWS S3 Bucket Policies. Policy Minder now allows you to inspect and monitor your AWS S3 bucket settings across many buckets using Shared Bucket Policy. A Shared Bucket Policy can be assigned to multiple buckets in one or more AWS Accounts. Exceptions to the Shared Bucket Policy settings can be specified for individual buckets and bucket categories using Private Bucket Policies.
  • AWS S3 Bucket Reports. The ability to report on AWS S3 Bucket Policy compliance has been added.
Enhancements
  • "Notices.txt" has been added for documentation of third part attributions.
  • Updates have been introduced to allow for SLES/SUSE 15 support.
  • Policy Minder now includes CIS Templates for RHEL Linux 7.
  • Policy Minder now includes CIS Templates for Oracle Enterprise Linux 7.
  • Policy Minder now includes CIS Templates for CentOS 7.
  • The ability to copy an AWS Account has been added.
  • A custom 404 (page not found) error page has been added.
  • Policy Minder now supports Ubuntu 16.04.
  • Policy Minder now supports Ubuntu 18.04.
  • The ability to delete expired licenses from the product License Manager has been introduced.
  • Support for Amazon AWS Linux 2 servers has been added.
  • Owner, Group, Permissions, and Check Sum attributes have been added to the Exported Directory compliance report.
  • When CheckIt processes multiple servers, an error processing a single server now fails the process immediately after occurring.
  • Stronger passwords are now required for Policy Minder administrators and user accounts for improved security.
Fixes
  • Issues updating the Tomcat web server during installation have been resolved.
  • The Jackson Databind utility used by Policy Minder has been updated.
  • Layout and styling changes to tables have been made in order to show additional data, and to address issues with tabbing, focus, and default actions.
  • On Windows, the fact that Policy Minder does not support running using a 32 bit version of java is now indicated correctly during the installation process.
  • The Policy Minder installer has been updated to require Java 1.8+ for the console server.
  • Validation has been added for adding/editing Managed Keys.
  • An issue displaying/closing the progress bar when adding a managed server has been resolved.
  • The following file processing warning messages no longer fail CheckIt processing: "No such file or directory", "is not the name of a known user", and "is not the name of an existing group".
  • Issues refreshing the parent (base) page following updates saved from a child maintenance dialog box have been resolved.
  • The Jetty utility has been removed for improved security.
  • Third party components have been updated to address CVE-2015-7940 and CVE-2014-3604 vulnerability.
  • An issue causing problems connecting to a server that had been rebooted, which would result in a Connection Pool Error, has been corrected.
  • Policy Minder updates no longer reset the Port back to default.
  • The Linux File Policy processing has been updated to ignore "Permission denied" errors on Linux if the path includes .gvfs (special files that are not allowed to be accessed).
  • Code has been removed that would skip restricted windows folders from processing. (Previously, the "C:Windows", "C:\$Recycle.Bin", "C:\Program Files", and "C:\Program Files (x86)" directories would be ignored when processing "C:\" sub-directories, or when processing them directly.
  • The Windows connection pool now uses a unique server ID in order to prevent name clashes when verifying newly added servers.
  • The maximum allowed runtime has been changed for some Windows Powershell commands. Most significantly, the command for retrieving a list of files and directories from a directory has been extended from 40 seconds to four minutes.
  • An issue preventing the compliance status from being represented properly for the Server Group level on the Manage Servers screen has been resolved.
  • A scroll bar calculation issue with tables has been resolved.
  • Existing Tomcat configuration files are now preserved during installation.
  • Policy Minder no longer leaves the progress window open if it fails to add a new Server due to no licenses being available.
  • The AWS EC2 Instance Filters no longer ignore leading and trailing spaces in the filter values.
  • Owner, Group, and Name values are now required for Windows File Policy Selection records.
  • Warning: If you upgrade or update Policy Minder while it is running in SSL Mode, the existing "server.xml" file will be renamed to include a timestamp ("server.timestamp.xml") and a new standard "server.xml" will be installed. As such, you will need to re-apply the changes to the "server.xml" to make it run in SSL Mode again.

February 2018

Version 4.1
  • Improved support for Amazon Cloud Services EC2 (Elastic Compute Cloud). Policy Minder can now monitor your cloud service and use filters to automatically discover new server instances and map them to new Managed Servers, where they can be checked against an existing Group Policy. This automatic polling process allows Policy Minder to respond to deployment of new cloud server instances without any intervention from an administrator. Servers that have been deleted from AWS can also be removed from Policy Minder automatically. For more details, see Adding, Monitoring, and Managing Cloud Services in the Policy Minder User Guide.

Video: Policy Minder 4.1 Feature Overview

October 2017

Version 4.0.1
Enhancements
  • Native support has been added for Amazon Linux servers.
  • Policy Minder now offers improved SSH support for adding managed servers (including AWS server instances).
    • A private key can now be used for authentication while adding a managed server.
    • Keys can be entered as text or using a .pem file.
    • A secured list of managed private keys can be created and maintained, and a key from this list can be selected while adding managed servers.
    • Managed keys can be easily reused to accommodate multiple servers that require the same key.
Fixes
  • Extra text in the tooltips for the pass_max_days, pass_min_days, and pass_warn_age policies has been removed.

September 2017

Version 4.0
Enhancements
  • Shared Policies. A group of servers can now be checked for compliance against a single shared policy.
Fixes
  • Applying FixIt after selecting all script policies no longer results in an error.
  • Tooltip errors have been resolved.
  • 'Greater than' and 'less than' characters (<>) in the policy's name/description no longer cause an incorrect title.
  • Edit has been added on the maintenance panel to allow mixed case (true, false, yes, or no) for the Boolean data type.
  • Headers for groups of attributes are now more apparent.
  • Missing report names have been corrected.
  • A CentOS user account policy error has been resolved.
  • System requirement errors in the documentation have been fixed.
  • The drop-down menu to select the date now defaults to the current month.
  • On a server the field for "ssh Port" now allows a value in the range 1-56645 (not 1 - 9999).
  • The server OS listing is now alphabetical.
  • An import "File not found" error has been resolved.
  • After installation, startup.pm no longer fails as it attempts to use path /bin/java.
  • The "Compliant" status shown on the "Fixit" server selection tab is now correct.
  • There is now help defined for the email server configuration tab.
  • Deleting a Group with a name that includes a quote or apostrophe no longer errors with 'Name is null'.
  • A login failure now returns a specific reason login failed.
  • The install process now specifies the "auto" JVM option in order to use the default JVM from the server.
  • Sudo info is no longer only written to /etc/sudoers file (even when an alternative sudoers file is given).
  • The process of adding a server using the sudo method has been improved.
  • Disabling CheckIt for Configuration policies no longer yields different results depending on how its initiated.
  • In the Create Reports Options panel, changing the format from PDF to CSV now changes the file extension.
  • The Owner, Group, Permissions, and Checksum attributes have been added to the Exported Directories Compliance report.
  • Long Script Descriptions no longer disrupt the page layout so that the text is difficult to read.

March 2017

Version 3.03

The process of adding servers has been simplified:

  • The Add New Server screen now offers the followng:
    • Variable support for:
      • “Name” field: {nameoripaddress}, {servertype}, {hostname}
      • “Description” field: {name}, {nameoripaddress}, {servertype}, {hostname}
      • “Name or IP Address”: {name}
    • Additional variables. The following new variables can be used in the fields outlined:
      • {nameoripaddress} This variable will use whatever is typed into the “Name or IP Address” field
      • {servertype} This variable will use whatever is selected for the “Server Type” dropdown
      • {hostname} This variable will use whatever the hostname of the server that is being logged into is
      • {name} This variable will use whatever is typed into the “Name” field will be replaced
  • A new Add Multiple Servers screennow acts very similar to the Add New Server screen, but allows for adding multiple servers (of the same OS) at once.
    • Variable support for (Description field only)
    • Servers to add are separated by semi-colons or newlines
    • Servers are specified either by DNS name or the following syntax: <servers-name>@<dns-or-ipaddress> (see inline help for specific examples)
  • For both the Add a New Server screen and the new Add Multiple Servers screen, the Save button adds the server, but keeps the screen open and the fields populated. New Save and Exit button saves and closes.
  • Canceling: With both features, a user can now cancel the add operation.When cancelled in the middle of adding a new server, Policy Minder will clean up after itself.
  • Performance improvement. The time required to add a non-windows server was reduced by half.

January 2017

Version 3.02.01
  • Attempting to add a server using sudo on SLES no longer causes a hang in some instances.
  • The User Guide option under the Help menu now links to the HTML help.
  • Initializing the configuration policy after adding multiple SLES servers no longer causes a null pointer exception.
  • Java code has been updated for SLES compatibility.
  • Using Policy Minder to rename a managed server with the same name but a different case no longer breaks the ssh key connection.
  • Permissions attributes are now included when exporting XNIX file policies.

December 2016

Version 3.02

Enhancements:

  • Support for Windows files policies.
    • File ownership - Verify files have ownership values consistent with your security policy for either individual or group owners.
    • File Attributes - Include attributes in your policy template to keep track of file attributes such as Archive, Compressed, Hidden, or Read Only.
    • Monitor Files - Monitor the owner, group, check sum, and attributes of files on your Windows servers.
  • Context Sensitive Help. Policy Minder now includes Context Sensitive Help for all screens and forms throughout the application. The help is now available in both PDF and HTML formats.

Fixes:

  • During export, output files are no longer created when 'Create output file' is unchecked.
  • Servers can now be organized by groups in the Servers tab of the FixIt dialog box.
  • The Count field within Compliance tab of policy templates no longer produces erroneous results under certain conditions
  • During Initialization, all Dameon policies are now initialized to the server's values.
  • The incorrect formatting of some error messages has been corrected. 
  • Identical Script policy names across servers are no longer restricted.
  • The Extended Permissions attributes section for Linux servers (on policies, compliance, and on reports) has been removed (as Policy Minder supports this feature on AIX only).
  • For AIX/Linux servers, unchecked User policy attribute field values no longer behave as if they were checked.
  • Within the Compliance Details popup for a Windows user account, if the list of groups gets too long, the compliance column is no longer pushed off the screen.
  • From the main Configuration Policy screen, if CheckIt has been disabled for an attribute, the compliance for that attribute is no longer marked "Not Checked".
  • When first creating a User Account Policy on AIX, the No Entry fields are no longer blank when first creating the policy.
  • Non-local users and groups are no longer erroneously retrieved on some Windows systems.
  • Clicking on the "Organize By" Category/List option on the Policy tab of the User Accounts dialog box no longer causes multiple requests to be sent to the server.
  • Within the Manage Users popup, the display is now updated when a user is deleted by clicking the garbage can icon (without requiring a close and reopen of the popup).
  • Null pointer errors with the DeleteData task in Schedule Jobs have been resolved.
  • The inability to use Console Tasks > Import to access the Import dialog box has been resolved.
  • Null pointer exceptions when running Files policies with RHEL have been resolved.
  • Errors displaying details of non-compliant directories on the Compliance tab of the Files Policy Template dialog box on AIX servers have been resolved.
  • Selecting multiple Daemons and accessing the Actions list no longer produces a "No enum constant com.skyview.pm.action.BaseActionBean.Actions.action" error in some cases.
  • The "No Entry" value in the User Compliance - Policy Value report is no longer inconsistent with the UI value ("Any Value").
  • A null pointer exception on CheckIt is no longer caused if the owner or group attribute of a File or Directory selector is left blank.
  • Errors exploring a File policy monitoring checksum on AIX/Linux directories have been resolved.
  • A problem causing a compliance report failure after creating a new User Account Policy Template has been resolved.
  • When a User Account export XML file is created, the Notes field is no longer populated with template name regardless of whether there was any other text in the field.
  • User Account and File templates are no longer unavailable for individual selection for export if CheckIt has been disabled on them.
  • The Ubuntu 14 Daemon attribute samba is now initialized to server's value after Initialization.
  • An inability to start Policy Minder when installed on SLES 12 has been resolved.
  • The inability to access menu items after creating a report has been resolved.
  • Errors when changing attributes of a copied User Account Policy have been resolved.
  • FixIt run on File Policy Monitoring attributes no longer erroneously indicate compliant.
  • AIX User Names are no longer limited to 8 characters.
  • Awkward changes in vertical page position caused by expanding a collapsed UI section have been resolved.
  • Linux command /sbin/chkconfig is no longer included in sudo for AIX.
  • When a Policy report is run, all of the information for the Attribute selector is now included in the report (including the owner, group, and name, as well as include/omit).
  • UI error messages clipped with an elipses have been corrected.
  • Incorrect Script descriptions on imported script policies have been corrected.
  • The 'etc-security' AIX policy template now selects the base directory correctly.
  • The 'etc-audit' AIX policy template now selects the contents correctly.
  • After installation, running commands on a managed Ubuntu 16 server no longer causes failure/sudo errors.
  • Inconsistencies initializing Daemons on CentOS servers with different locales have been resolved.

November 2016

Version 3.01
  • Support for Linux SLES 11 and 12 has been added.

August 2016

Version 3.0

New Features

  • Windows User Account Support. Policy Minder now supports local Windows user account policies. Define policy definitions (such as Days Inactive, Group Member, etc.), check remote systems for compliance, and fix compliance failures using Policy Minder's FixIt feature.
  • OS Identifier Icons. Easily identify the operating systems of managed servers using a convenient icon for each server.
  • Filter by OS Type or Family. The list of servers on the Manage Servers page can now be filtered to show all servers of a sepcific operating system, or all Linux operating systems.

April 2016

Version 2.13.01
  • The compliance status for each Category is now displayed for server Groups in the Manage Servers screen.
  • Several defects have been addressed:
    • A stuck value in the Create Reports screen has been resolved.
    • Default values no longer override custom values for some fields when defining email messages to be sent by Policy Minder.
    • Adding user accounts to the baseline in a User Account Policy Template, where existence is set to "Don't Allow New," no longer causes extra user accounts to be marked compliant.
    • Files Policy Templates no longer show non-compliant files that are set to omit.
    • The SVTX attribute has been fixed for Files Policy Templates.
    • An issue running bash scripts in Scripts Policy Templates has been resolved.
    • The error "Input parameter " for Server value invalid" while running CheckIt or FixIt on the AIX attribute ‘loginretries‘ has been resolved.
    • (AIX only) The error "3004-692 Error changing "expires" to "" : Value is invalid" while running FixIt on Configuration Policy Attribute 'expires' has been resolved.
    • (AIX with Java 5) Missing expired server license errors for CheckIt/FixIt actions have been restored.
    • The error "Unable to execute sudo command ‘/usr/bin/sudo /sbin/initctl list|sort.‘ Is there a sudoers config problem?" while initializing the Daemons Policy on a Ubuntu 15.10 server has been resolved.
    • Incorrect FixIt reports when Daemon Policies have not been initialized have been corrected.
    • Successfully executed scripts no longer appear to have failed in some instances (i.e. successful scripts are no longer written to stderr).
    • If a file is selected in multiple ways in a policy it will no longer be added multiple times.
    • Several 'null pointer exception' errors have been addressed.
    • When user selection is changed from include to omit, associated files are now deleted.

February 2016

Version 2.13
  • Rebranded to PowerTech (formerly known as SkyView's "Policy Minder Open").
  • A new, modern user interface has been added.

Back to Powertech Products