Downloads |
Table Of Contents
Release Notes for Cisco Security Auditor 1.0
Installing Security Auditor 1.0 with CiscoWorks Common Services 3.0 SP2
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco Security Auditor 1.0
These release notes are for use with Security Auditor 1.0. They contain the following sections:
•
Installing Security Auditor 1.0 with CiscoWorks Common Services 3.0 SP2
•
Product Documentation
Table 1 describes the product documentation that is available.
Table 1 Product Documentation
Release Notes for Security Auditor 1.0
•
Installing Security Auditor 1.0 on Windows
Includes the supplemental license agreement for the product.
•
•
•
Using Security Auditor 1.0
•
•
http://www.cisco.com/en/US/docs/security/security_management/security_auditor/1.0/user/guide/ug.html
•
Supported Devices and Software Versions for Security Auditor 1.0
•
Policy Reference for Security Auditor 1.0
•
•
Context-sensitive online help
Click the Help button in a window or dialog box.
Installing Security Auditor 1.0 with CiscoWorks Common Services 3.0 SP2
Security Auditor 1.0 includes CiscoWorks Common Services 3.0 Service Pack 1. If you already have installed CiscoWorks Common Services 3.0 Service Pack 2, installation of Security Auditor 1.0 fails during the backup phase. (To determine if you have installed SP2, see the setup\cdone.info file in the Common Services installation directory.)
To avoid this problem, you must install Security Auditor using the nobackup option to prevent the Common Services backup during installation. When you install Security Auditor, use these commands instead of the ones described in the installation guides:
•
setup.exe -nobackup
When prompted to select packages to install, only select Security Auditor 1.0. Do not select Common Services 3.0 SP1.
Note
•
./setup.sh nobackup
When prompted to select packages to install, only select Security Auditor 1.0. Do not select Common Services 3.0 SP1.
Note
Important Notes
This section includes information that did not make it into the Security Auditor documentation:
•
•
•
•
•
•
•
•
Known Problems
Table 2 describes problems known to exist in this release.
Note
Table 2 Known Problems in Security Auditor 1.0
CSCee36600
Security Auditor cannot retrieve the PIX configuration file if no password is configured on the device.
If you do not configure a password on a PIX firewall, Security Auditor cannot retrieve the configuration file from the device. Ensure that you configure passwords on all PIX devices if you intend to have Security Auditor retrieve configuration files from them.
CSCee83114
The policy "Forbid BOOTP Server" fails on devices that do not support BOOTP servers.
This policy checks for the no ip bootp server command. Some devices do not support BOOTP servers, so the command is not supported in the configuration. This policy will always fail for these devices. Do not audit this policy on devices that do not support the ip bootp server command.
CSCee85821
The policy "Use Defined Timeout for Login Sessions" allows you to audit console settings on FWSM devices.
FWSM devices do not have console settings, but this policy allows you to audit console settings on FWSM devices. If you choose to audit console settings, and FWSM devices are included in the audit, the policy will always fail. Do not audit console settings on FWSM devices.
CSCeh78089
Japanese operating system: cannot create, modify, or schedule audits.
The Windows version of the product does not work correctly on the Japanese version of the operating system. A patch is available to fix this problem. A patch is not required for the Solaris version of the product.
CSCeh78350
Reimporting devices manually does not update credentials.
If you use the use the Security Auditor interface to import a device manually, and the device already exists in the inventory, device credentials such as user name and password are not updated, even if you select Use Data from Import Source as the conflict resolution option. If you need to change the attributes of a manually-imported device, edit the device from the Managing Devices page.
CSCsa48768
The clock and NTP policies do not work on PIX 7.x and ASA devices running in multiple context or transparent modes.
PIX 7.x and ASA devices running in either the multiple context or transparent modes do not support the commands audited by the clock and NTP policies. Do not audit these devices with the clock and NTP policies.
CSCsa56446
Uninstall does not remove all files.
The uninstall program might leave some files remaining in the installation folder. Manually delete them after uninstalling the product.
CSCsa72586
Java applets do not load when you use Windows 2003 Enterprise Server and Internet Explorer 6.0.3790.
A bug in Sun's Java plug-in causes this problem. Do not use this IE version if you are running Security Auditor on Windows 2003.
CSCsa80582
Clicking on the "Completed with Info" status on the Reports page opens an empty audit log report.
In this release, Security Auditor does not add informational messages to the audit log. The Completed with Info status means that only informational messages were generated in the audit, so the log will be empty.
CSCsa80837
The policy "Use Unicast Reverse Path Forwarding" does not work on PIX 7.x and ASA devices running in transparent mode.
PIX 7.x and ASA devices running in transparent mode do not support unicast RPF. Do not audit these devices with this policy.
CSCsa80965
All VPN policies fail when audited on PIX 7.x and ASA devices running in multiple context or transparent modes.
PIX 7.x and ASA devices running in multiple context or transparent modes do not support the commands audited by the VPN policies. Therefore, the policies always fail the audit. Do not audit these types of devices with the VPN policies.
CSCsa82534
The policy "Use Defined Fixup Settings" does not work on FWSM for the h323 h225 setting.
Do not use this policy to audit the h323 h225 fixup setting on FWSM devices.
CSCsa82558
The banner policies do not work on PIX 7.x and ASA devices running in multiple context or transparent modes.
Do not audit the banner policies on PIX 7.x and ASA devices running in multiple context or transparent modes.
CSCsa84072
Only the user who creates a device group can delete it.
The device group is tied to the login name of the user who created the group, and you can delete the group only if you log in using the same account. Authorization levels are not considered.
CSCsa89779
The "Use IKE" policy does not work with FWSM devices running in transparent mode.
Do not audit this policy on FWSM devices running in transparent mode.
CSCsa89891
Traffic filtering policies are skipped on transparent mode FWSM devices if you audit all interfaces.
If you audit any of the traffic filtering policies on FWSM devices that are running in transparent mode, and you configure the policy to audit all interfaces on the device, the FWSM devices are skipped during the audit for these policies.
CSCsa90344
The two OS version system policies do not work correctly on FWSM, PIX 7.x, and ASA devices running in multiple contexts.
The policies for using or forbidding specific OS versions do not work correctly on FWSM, PIX 7.x, and ASA devices that are running in multiple context modes. These devices include context information in the OS version field. Policies failures include the string "<context>" in the details for failures.
CSCsa90457
On Cisco 7600 series routers, the policy "Bind RADIUS Service to Loopback Interface" only works when a RADIUS server is configured on the device.
The command audited by this policy only appears in the configuration for Cisco 7600 series routers if you also configure a RADIUS server for the device. Audit this policy on this model only if you also configure a RADIUS server address.
CSCsa91113
The Collect Additional Data from the Network feature does not work for audits using the FTP server data source.
If you create an audit to audit configuration files hosted on an FTP server, you can elect to obtain additional data from the network during the audit to obtain the OS version and image name information. This feature does not correctly retrieve the OS version information.
If you need this feature, before you run an audit on the FTP server data, first create and run an audit that uses the Network data source, a policy group that contains a single policy, and a device group that contains all of the devices that will be audited by the FTP audit. This will update the Security Auditor database with the latest version and image name information.
CSCsa95602
DNS lookup does not always work.
When importing devices, you can have Security Auditor use DNS to look up the IP address for device host names. This feature only works if you configure the Windows TCP/IP settings on the Security Auditor server to include the domain name of the imported device.
CSCsb21447
Trend graphs might have poor formatting
In the Windows version of the product, in some cases the labels for the Y axis might be truncated.
CSCsb26277
The Use Defined Authentication Failure Rate behaves differently in the Windows and Solaris versions of the product.
This policy behaves differently in the Windows and Solaris versions of the product. For Windows, the policy passes if the maximum retries defined on the device is less than or equal to the one defined in the device configuration. For Solaris, the policy passes only if the maximum retries in the policy and the device configuration are equal.
CSCsb27208
Unclear audit log messages for OS version mismatches or missing image file names.
On the Windows version of the product, if you elect to collect additional information from the network when auditing off-line configuration files, there can be a mismatch between the OS version and image name defined in Security Auditor and the ones on the device. In this case, the audit log does not clearly indicate the mismatch problem.
CSCsb30777
Audits cannot complete when a single device configuration has greater than 25,000 ACL entries when auditing the Use Defined ACL policy.
Do not use Security Auditor to audit devices that have more than 25,000 ACL entries in the configuration. This limitation is per device, not per audit. The limitation occurs only when auditing the Use Defined ACL policy.
CSCsb33901
You cannot filter audit results using some audit statuses.
On the Reports page, you can filter the reports to show only those audits that meet the filter criteria. However, if you filter on audit status, you cannot filter on one of the "Completedwith" statuses, such as CompletedwithWarning. If you try to filter on one of these statuses, only audits with the "Completed" status are shown.
CSCsb50384
Installing Security Auditor on a CiscoWorks Common Services 3.0 SP2 server fails during backup.
If you are installing Security Auditor on a system that already has CiscoWorks Common Services 3.0 SP2 installed, you must use the nobackup option when starting the Security Auditor installation program. For detailed information, see Installing Security Auditor 1.0 with CiscoWorks Common Services 3.0 SP2.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the "Product Documentation" section.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2004-2005 Cisco Systems, Inc. All rights reserved.
