CloudPassage Halo — 26 March 2015 Release
The 26 March 2015 Release of CloudPassage® Halo® includes support for pre-linked binaries in File Integrity Monitoring, additional character support for two configuration checks, and a corrected issue that was preventing repeated server moves requested through the Halo API.
New Features and Improvements
File Integrity Monitoring
Support for pre-linked binaries added
On a Linux system in which shared libraries in ELF format might be pre-linked, a file integrity scan by default can fail for an object that has been pre-linked, because pre-linking can cause a change in the object's signature.
To avoid the generation of these false-positive file integrity events, you can now specify, for any rule in a file integrity policy, whether the objects covered by that rule might be pre-linked. Then, when a Halo scan applies that rule, it retrieves the original (before pre-linking) signature of any ELF file that fails its integrity check. If the check passes with that original signature, no event is reported.
Note: Processing to account for pre-linking can cause the scan of an individual file to take 2 to 3 times longer on the agent. Do not select the Prelink checkbox if pre-linking is disabled or if no files within this target are likely to be pre-linked.
Process presence check supports additional characters in process name
You can now include spaces, parentheses, and colons in the process name field for the process presence configuration rule check. Any leading or trailing spaces in the name are ignored; only internal spaces are preserved.
Corrected issue preventing server moves made through the API
Customers have reported problems when automating Windows server administration with PowerShell scripts that call the Halo REST API. When moving servers between server groups, the HTTP PUT requests would stop working after a few calls, making further server moves impossible.
The issue has been corrected with this release; all server moves should now run successfully without limit.
Configuration checks now properly encode Unicode characters in the Windows registry
Previously, Halo configuration checks that access the Windows registry were filing with errors when encountering certain Unicode characters, such as curly quotes and bullet points, in registry settings. The checks now properly encode and handle such characters, and the errors are no longer seen.
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- IE8 not supported for Halo reporting. The Halo reporting service does not function for a user who has logged into Halo using Internet Explorer 8.
Workaround: Log in with a more recent version of IE or with a different browser, or use the Halo API to construct server searches.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.