Release Notes for Open-AudIT v3.3.2
Released 2020-05-05
Linux SHA256: a65bbb5dfacb8c1abe25030a3de45f2b87b0869649951488d220864586dfc18b
Linux md5sum: 0c86c07f2e82c97cc43c979fe83642e1
Linux SHA256: d987dd5c4c21329dfc51a05b7a0660b50619f64ba48c7780ebd75773f17b5147
Linux md5sum: bc22f8ddd3902465419899bf9d4e3240
This release see's the refinement of User ↔ Org permissions based on the requested collection.
Certain collections should allow the user to request any ascendants items, like queries for example. If a user has permission on an Org further down the tree, traditionally they could not see the Default Orgs queries (ie, the default queries supplied in the program). From 3.3.2 onward, users have the ability to see their ascendants items for: dashboards, discovery_scan_options, fields, files, groups, queries, reports, roles, rules, scripts, summaries, widgets. Users can still only see their specified Orgs (and their descendants) for applications, baselines, baselines_policies, buildings, clouds, clusters, collectors, connections, credentials, devices, discoveries, discovery_log, floors, integrations, ldap_servers, licenses, locations, logs, networks, orgs, rack_devices, racks, rooms, rows, tasks, users.
NOTE - ascendants does not mean all items. Only their direct "in-line" parent, grandparent, etc.
This is not considered a change to access, more making it what it should always have been. For more information, see Users, Roles and Orgs - how does it work?
Don't forget you have granular control over what users can see and do using Roles in Enterprise.
Version | Type | Collection | Description |
---|---|---|---|
Community | Improvement | Groups | Do not allow INSERT, UPDATE or DELETE in SQL attribute. |
Community | Improvement | Queries | Do not allow INSERT, UPDATE or DELETE in SQL attribute. |
Community | Improvement | Widgets | Do not allow INSERT, UPDATE or DELETE in SQL attribute. |
Community | Improvement | Attributes | Harden allowed type, name, value for attributes. |
Community | Improvement | Files | Harden allowed value for path for files. |
Community | Improvement | Scripts | Harden allowed options values for scripts. |
Community | Improvement | All | Add user Org ascendants and descendants based on collection requested. |
Community | Bug | Applications | Fix SQL in m_applications::read_sub_resource to return correct device list. |
Community | Improvement | Discoveries | Improved fault tolerance detecting IIS websites. |
Community | Bug | Help | Fix help::support directory parsing (use correct array offset). |
Community | Bug | Discoveries | Validate correct character for subnet and exclude_ip attributes when running a discovery. CVE-2020-8813 |
Community | Improvement | Configuration | Apply validation to config items for update. |
Community | Bug | Discoveries | Fix memory speed formatting. |
Professional | Bug | Installer | Remove 'IF NOT EXISTS' from database user creation as Centos and old Debian do not have this ability. |
Professional | Bug | Discoveries | Sort discoveries by correct column in discoveries_collection template. |
Professional | Bug | Devices | Fix link in Opmantek details of devices_read template. |