Release Notes for Open-AudIT v3.3.2

Released 2020-05-05

Linux SHA256: a65bbb5dfacb8c1abe25030a3de45f2b87b0869649951488d220864586dfc18b

Linux md5sum: 0c86c07f2e82c97cc43c979fe83642e1

Linux SHA256: d987dd5c4c21329dfc51a05b7a0660b50619f64ba48c7780ebd75773f17b5147

Linux md5sum: bc22f8ddd3902465419899bf9d4e3240


This release see's the refinement of User ↔ Org permissions based on the requested collection.

Certain collections should allow the user to request any ascendants items, like queries for example. If a user has permission on an Org further down the tree, traditionally they could not  see the Default Orgs queries (ie, the default queries supplied in the program). From 3.3.2 onward, users have the ability to see their ascendants items for: dashboards, discovery_scan_options, fields, files, groups, queries, reports, roles, rules, scripts, summaries, widgets. Users can still only see their specified Orgs (and their descendants) for applications, baselines, baselines_policies, buildings, clouds, clusters, collectors, connections, credentials, devices, discoveries, discovery_log, floors, integrations, ldap_servers, licenses, locations, logs, networks, orgs, rack_devices, racks, rooms, rows, tasks, users.

NOTE - ascendants does not mean all  items. Only their direct "in-line" parent, grandparent, etc.

This is not considered a change to access, more making it what it should always have been. For more information, see Users, Roles and Orgs - how does it work?

Don't forget you have granular control over what users can see and do using Roles in Enterprise.


VersionTypeCollectionDescription
CommunityImprovementGroupsDo not allow INSERT, UPDATE or DELETE in SQL attribute.
CommunityImprovementQueriesDo not allow INSERT, UPDATE or DELETE in SQL attribute.
CommunityImprovementWidgetsDo not allow INSERT, UPDATE or DELETE in SQL attribute.
CommunityImprovementAttributesHarden allowed type, name, value for attributes.
CommunityImprovementFilesHarden allowed value for path for files.
CommunityImprovementScriptsHarden allowed options values for scripts.
CommunityImprovementAllAdd user Org ascendants and descendants based on collection requested.
CommunityBugApplicationsFix SQL in m_applications::read_sub_resource to return correct device list.
CommunityImprovementDiscoveriesImproved fault tolerance detecting IIS websites.
CommunityBugHelpFix help::support directory parsing (use correct array offset).
CommunityBugDiscoveriesValidate correct character for subnet and exclude_ip attributes when running a discovery. CVE-2020-8813
CommunityImprovementConfigurationApply validation to config items for update.
CommunityBugDiscoveriesFix memory speed formatting.
ProfessionalBugInstallerRemove 'IF NOT EXISTS' from database user creation as Centos and old Debian do not have this ability.
ProfessionalBugDiscoveriesSort discoveries by correct column in discoveries_collection template.
ProfessionalBugDevicesFix link in Opmantek details of devices_read template.