WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
5 April, 2001
Enterprise Security Manager Security Update 7

File(s)
The files below have been obsoleted by a newer Security Update.

Download Security Update 7 Release Notes

Download Security Update 7 for Windows 2000
Download Security Update 7 for Windows NT 4.0 x86
Download Security Update 7 for HP-UX
Download Security Update 7 for NCR UNIX
Download Security Update 7 for AIX RS/6000
Download Security Update 7 for IRIX
Download Security Update 7 for Digital UNIX
Download Security Update 7 for Sequent x86
Download Security Update 7 for Solaris SPARC
Download Security Update 7 for RedHat Linux 6.2

Download Security Update 7 User Guide for Windows 2000 (PDF)
Download Security Update 7 User Guide for Windows NT 4.0 x86 (PDF)
Download Security Update 7 User Guide for UNIX (PDF)

Download Operating Requirements Document (PDF)

Note: If you are planning on upgrading to ESM 5.1 in the near future, we recommend that you install ESM 5.1 before applying SU7. ESM 5.1 contains SU4. If SU7 is installed to an older version of ESM it will need to be reapplied after ESM 5.1 is installed.

Description

Install Security Update 7 to upgrade the Windows 2000, Windows NT, and UNIX security modules on ESM 4.4, 4.5, and 5.x Agents. For detailed descriptions of new features and enhancements, download the ESM Security Update 7 Release Notes.

New Features and enhancements for Agents running on Windows systems include:

  • The Account Integrity module now outputs fully qualified ADS Names in a canonical format when the module runs on a system running ADS.

  • The Account Integrity module can now examine distribution groups in addition to the security groups that were examined in previous Security Update releases.

  • The OS Patches module now detects Windows 2000 or Windows NT patches by examining Registry settings, and/or by comparing file modification times or file version information.

  • The Dates field in the Files sublist of the Windows NT and Windows 2000 Patch templates now accepts either a file date or file version data as a valid value for checking installed patch files.

  • Security messages reported by the checks in the Windows 2000 and Windows NT Registry modules now contain the comments listed in the template.

New Features and enhancements for Agents running on UNIX systems include:

  • For the Account Integrity module:

    • The new Login Shell Owners check reports user accounts with login shells that are not owned by root or bin.

    • The new Login Shell Permissions check reports user accounts with login shells that have group or world write permissions.

    • The new Disabled Accounts check reports accounts that are disabled by disabling login shells or disabled passwords.

  • For the Login Parameters module:

    • The new Successful Login Attempts Not Logged check reports systems that do not log successful login attempts.

    • The new Unsuccessful Login Attempts Not Logged check reports systems that do not log unsuccessful login attempts.

    • The new Successful su Attempts Not Logged check reports systems that do not log successful su attempts.

    • The new Unsuccessful su Attempts Not Logged check reports systems that do not log unsuccessful su attempts.

    • The new Remote Root Logins check reports systems that allow root logins through rlogin or telnet.

  • For the Network Integrity module:

    • The new NFS Exported Dirs with Anonymous Access check reports NFS exported directories that can be accessed by anonymous users.

    • The new FTP Session Logging Disabled check reports systems where FTP session logging is not enabled.

    • The new FTP Debug Logging Disabled check reports systems where FTP debug logging is not enabled.

    • The new Print Servers check reports systems that are running as print servers.

    • The new Print Services Running Without Printers check reports systems that are running a print spooler without having defined any printers in the printer definition file.

  • For the Startup Files module:

    • New Services templates now cause the List Installed Services check to report the following daemons as forbidden processes: rlogind, rexec, rwho, rsh, remsh, admind, and telnetd.

    • The new Current Directory in Startup PATH check reports systems that set the PATH environment variable in startup scripts to include the current directory.

  • For the System Auditing module:

    • The revised Event Auditing check includes a new Events template, which lets you specify the events that are required to be audited by your security policy; replacing the Events Are Being Audited check in previous module releases.

    • The new System Call Mapping check verifies that system calls are mapped to the events specified in a new Event Maps template on AIX, HP-UX, and Solaris operating systems.

  • For the System Mail module:

    • The new Sendmail Log check reports a problem when critical sendmail messages are not logged.

    • The new Log Level Setting check reports a problem when the log level setting in the sendmail.cf file is less than the value set in your security policy.

    • The new Postmaster check examines the mail aliases file to verify that the postmaster alias is set to a valid user.

    • The new Sendmail Config File check examines the sendmail.cf configuration file for the noexpn, novrfy, and goaway settings.

  • For the User Files module:

    • The new Current Dir Not Allowed in PATH check reports user accounts with current directory entries ("." or "::") located anywhere in their PATH variables.

    • The new World Writable Dirs in PATH check reports world writable directories that are listed in user PATH variables.

    • The new Group Writable Dirs in PATH check reports group-writable directories that are listed in user PATH variables.
Last modified on: Friday, 24-Oct-03 22:49:51
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2009 Symantec Corporation