Release Notes for Open-AudIT v5.2.0
Released 2024-04-22
md5sum: 870200661e0835439aad37d660fb7bcc
sha256sum: 313116a73fdbec3fc1897c50dafb33ea72f49f177f2a6fb22fc2d539dba39904
Windows: Unreleased as yet.
Version | Type | Collection | Description |
---|---|---|---|
Enterprise | Bug | Integrations | Several bugs in the integrations code were found and addressed. |
Enterprise | Bug | Collectors | When sending a device from the Collector to the Server, not all component tables were included and some failed to import. This was the result of not removing the device_id field from these tables before sending. This has now been addressed. |
Community | Issue | Discoveries | When loading the snmp OID helper file (which is ~54k lines long) resource contention could occur. This mostly appeared in customers running Redhat. The result was when discovery runs, more processes than specified in the configuration (queue_limit, default 20) were being spawned and overwhelming the MySQL connection limit. We now no longer load this file - at all. If your SNMP devices do not have a manufacturer, please create a rule based on their snmp_oid. |
Enterprise | New Feature | Agents | Enterprise users can now deploy Agents to their Windows devices struggling with discovery. NOTE - Agents when audited will not retrieve installed server (IIS, SQL, et al) details. This is coming ASAP. |
Community | New Feature | Discoveries | Add config item for discovery_wmi_timeout (default set to 900 seconds). |
Community | Bug | Discoveries | Fix bug in the Ubiquiti SNMP specific file. |
Enterprise | New Feature | Executables | Enterprise users can now check their Redhat or Debian based machines for any executable files found that the package manager does not know about. Must be enabled in configuration. |
Community | New Feature | Audits | A new powershell script for Windows added. This is not used in discovery just yet - only for Agents. |
Community | Improvement | Discoveries | New Nmap command for initial ping scan. When executing a discovery, most of the time the first thing to do is ping the subnet and store those IPs responding. For a small subnet (/24) this change will not make a huge difference, but for larger subngets (say a /16) the difference is massive. Testing shows a time decrease from about 30 minutes to under 4 minutes. This is not the time to complete the discovery, only the initial ping scan. Once that has completed, individual device scans commence in parallel as per the queue_limit config item. |
Enterprise | Improvement | Configuration | When we upgrade our database, do not cause an error updating the EULA and hence do not show the "Something went wrong" banner on the following page. |
Community | Improvement | All | Composer library updates to latest where depends on PHP is still OK for PHP 7.4. |
Community | Improvement | Audits | Enable Audit My PC on the login page. |
Enterprise | Improvement | Tasks | Enable Tasks Import CSV. |
Community | Improvement | Groups | Show Execute button on groupsRead template. |
Community | Bug | Credentials | Fix credentialsRead to display correct selection in dropdown for authentication_protocol, privacy_protocol and security_level. |
Community | Improvement | Devices | Expand the partition.mount_point and bios.serial column sizes to stop false positive changes occurring. |
Community | Improvement | Discoveries | Disable ip change tracking and storage (config items create_change_log_ip and delete_noncurrent_ip) because discoveries create minimal and temporary (assuming more data is retrieved) entries, which in turn create a lot of false positives. If you must have this (which is most definitely not recommended) you will need to manually enable this via the config. |