Netsweeper 7.2.3 EA is now available for early adopters with major improvements made for the Active-Active WebAdmin deployments. In addition, First Name and Last Name fields have been added to the WebAdmin Clients which are synchronized from Directory Sync allowing for Reports to be made using the users First Name and Last Name rather than the username.
The Netsweeper 7.2 release is available on both EL6 and EL8.
Over the course of the 7.2 release cycle, we will be finalizing the EL8 release. Moving forward to Netsweeper 8 releases, we will no longer be releasing new features for the EL6 builds. Netsweeper will continue to provide security fixes to the EL6 builds but will not provide new features to the EL6 based release. Customers are expected to plan a migration to EL8 between now and 2023 if they desire the new features we are introducing.
Netsweeper 7.2.3 New Features
Security
- Improved security of the Netsweeper installed product for the EL8 installation has been added with improved security features for the EL8 based Netsweeper installation
- OS level password reuse, expiry, and change requirements added
Clients
- First Name, Last Name, and Email have been added for the Client functionality (WebDB, Policy Service, WAgent, DirSync, Import/Export
Logging
- First Name, Last Name, Email, and Organization added to Logging and Reporting
- Logging can now extract the organization part from the Client name or Group name
APIs
- New arguments added to listmanager_add_list
- client_add and client_modify now include firstname, lastname, email, comments, and workstation
Change Log 7.2.3
| Ticket | Type | Description |
| 23343 | FEATURE | When importing a List, entries which do not match the List's allowed Types and Parts will not be imported. |
| 24759 | FEATURE | A new 'Comment' argument has been added to the listmanager_add_list API. This is a separator delimited list of comments or a single comment for all entries. |
| 24845 | BUG | When listing entries with no limit using the listmanager_list API, if more than the Maximum results per page setting would be displayed, an error will be returned before trying to get the results. In addition, listmanager_list_count will no longer exhaust memory for requests with a large number of entries. |
| 24870 | FEATURE | The listmanager_add_list API has a new 'ignorefail' argument that does not stop the list import due to duplicate entries. If ignore_fail is set, it will not stop and display an error if a failure occurs, all errors will be displayed at the end instead. |
| 24937 | SECURITY | For CIS, excessive MySQL user privileges would allow Arbitrary File Read and potential RCE via SQL Injections. |
| 25004 | SECURITY | Security related headers recommended by Mozilla Observatory have been added. |
| 25011 | FEATURE | The firstname, lastname, and email have been added to the client table. |
| 25012 | FEATURE | The 7.2.3 release for WebDB can now send the firstname, lastname, and email to the 7.2.3 releases and above. |
| 25013 | FEATURE | The Policy Service can now load and handle the new firstname, lastname, and email for dbip, dbsubnet, and and dbclientname. |
| 25014 | FEATURE | The new firstname, lastname, email, and orgid have been added to the logger, (protocol, and log files). |
| 25015 | FEATURE | The Reporter can now process firstname, lastname, email, and orgid. |
| 25016 | FEATURE | The Workstation Agent can now clone the firstname, lastname, and email attributes when the Group Lookup is based on 'Username'. |
| 25018 | FEATURE | Directory Sync for AD, Azure, and Gsuite can now sync the FirstName, LastName, and Email attributes. |
| 25019 | FEATURE | WebAdmin Client Import/Export now supports Firstname, Lastname, and Email. |
| 25021 | FEATURE | client_add and client_modify API arguments now include firstname, lastname, email, comments, and workstation. |
| 25022 | FEATURE | Logging can now extract the organization part from the Client name or Group name. Two new options have been added to the Policy Server configuration: orrgid_populate_from_clientname and orgid_populate_from_groupname. |
| 25023 | UPDATE | Security Labels have been updated to work for multiple WebAdmins. |
| 25031 | BUG | NSProxy was not trusting sites with multiple certs. Expired and invalid certs are now removed from the server when trying to complete the AIA download. |
| 25051 | FEATURE | Syslog now has FirstName, LastName, Email and Organization ID. |
| 25053 | FEATURE | The list_entry_delete_bulk API can now process either a list of ids or a listname, item, type, and part. |
| 25072 | SECURITY | For CIS, systemd mount points have been created. |
| 25073 | SECURITY | CIS 1.1.21 all world writable directories removed from our install to avoid setting sticky bit. |
| 25074 | SECURITY | USB Storage has been disabled for CIS 1.1.23. |
| 25076 | SECURITY | Sudo log files have been added in CIS 1.3.3. |
| 25077 | SECURITY | For CIS, default system sysctl settings have been created for security. |
| 25078 | SECURITY | For CIS, the iptables have been enabled by default in the EL 8 release with some default rules. |
| 25079 | SECURITY | rsyslog default file permissions have been configured for CIS 4.2.1.3. |
| 25080 | SECURITY | Permissions on all log files are configured and all log files are properly rotated. |
| 25081 | SECURITY | SSH access is now limited to the admin user in CIS 5.2.2. |
| 25082 | SECURITY | SSH max sessions is now set to 4 or less in CIS 5.2.19. |
| 25084 | SECURITY | A new authselect profile, along with password length, age, and other requirements, has been configured. |
| 25085 | SECURITY | For CIS, OS level password reuse requirements for the admin are now set and a new password cannot be the same as previous 5 passwords. |
| 25086 | SECURITY | For CIS, the OS level password now must expire in 90 days and the admin cannot change it again within 7 days. |
| 25087 | SECURITY | For CIS, the default user shell timeout is now 900 seconds or less. |
| 25088 | SECURITY | For CIS, log files are now properly rotated. |
| 25102 | BUG | The empty screenshot field contained corrupt data when added to syslog. |
| 25106 | BUG | The remotereporter config did not load Up2Date settings. |
| 25107 | BUG | The Account Permissions List showed the permissions as though the permission templates were applied in reverse order. |
| 25125 | BUG | Stopping the Database service on a remote server in the WebAdmin would prevent remote admin authentication. |
| 25127 | BUG | The 'Edit Config' link for the Up2Date service in the 'Services' page was not displaying. It now displays on all servers including the primary WebAdmin. |
| 25129 | BUG | Removed database queries made by nsup2d modules so that all information is loaded using webdb for remote database setups. Fixed some php errors and added error logging. |
| 25142 | BUG | Clicking the server name in the Services > Host window, opened the old 'Server Manager' page. |
| 25147 | UPDATE | For remote databases, the WebAdmin service in EL 8 does not require mariadb. |