Warning
Clients with equipment having one of the serial numbers available on this link are affected by the update referenced in the table. Other serial numbers are not affected.
Warning
For performance reasons, it is strongly recommanded to directly install version 2.5.3.104 of GCap
3. Patches¶
3.1. Updating the detection engine¶
The detection engine was updated to integrate the patches from the open-source solution’s editor.
3.2. Updating the container system¶
A number of sensitive applications that make up the GCap are placed in system containers. These were updated to include the latest security patches.
3.3. Reconfiguring the detection engine¶
During the detection engine’s reconfiguration, too much information was being logged. More actions are hence being logged and the information is more consistent.
3.4. Refreshing the interface status¶
The refresh button in the “Interfaces” menu now correctly updates the status of interfaces.
3.5. Setting up the password policy¶
It was possible to configure a password policy with values that were either negative or far too large. Minimum and maximum values were established.
3.6. Correcting the start and stop conditions of services¶
When restarting a GCap after a power failure, some services refused to launch, as they were being detected as already running. The management of temporary files was corrected to avoid this situation during unexpected restarts. The start sequence of the detection engine was also incorrect. Following a start-up involving an error, the engine would start up automatically when the error was resolved, instead of on demand.
3.7. RESET function¶
The ‘reset’ function was deleted.
3.8. Strengthening the network routing configuration¶
The network configuration was automatically modified by a system service. This modification weakened the strengthened routing rules that were established. The previous status did not have a significant impact because if flows were routed due to the lax configuration, they were stopped by the firewall. The system service responsible for the lax configuration was replaced by a less intrusive version. Routing is now properly strengthened.
3.9. ‘Unexpected’ error message¶
When the detection engine would stop, the logs recorded an inaccurate error message. The message indicated an “unexpected and exceptional” error whereas it was in fact “expected and tolerable”.
3.10. Stopping the synchronisation service¶
A sudden stoppage of the synchronisation service of the rules and configuration files between a GCap and the GCenter was possible. The problem was caused by multiple simultaneous attempts to delete the same temporary file. The deletion process was improved. Unexpected stoppages could also occur during connectivity problems or if files caused an error in the file type inference library. In addition, the service could sometimes take too long to stop, especially during network configuration changes. The service was optimised to shorten this timeframe.
3.11. Sending extracted files¶
The grace period before extracted files can no longer be transferred between a GCap and a GCenter was extended. This change enables improved compatibility with connectivity-limited networks.
3.12. Network interface names¶
Generating network interface names could be incorrect due to exceptional cases such as connecting SPFs not recognised by the kernel’s network drivers. The management was redesigned to correct this problem.
3.13. Generating fileinfo type events¶
Fileinfo type events were always generated, even if file extraction was disabled. Traffic generation was inconsistent with the requested configuration.
3.14. Netdata logs¶
It is possible to view the netdata logs from the “inspect” menu.
3.15. Extracting by file extension¶
The extensions to be extracted, defined from the GCenter web interface, are now extracted by the GCap.