~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Agent 8.0 Service Pack 2 Patch 2, Deep Security Relay 8.0 Service Pack 2 Patch 2, and Deep Security Notifier 8.0 Service Pack 2 Patch 2 for Linux(TM) Deep Security Agent Platforms: Linux Red Hat(TM) 4 (32-bit and 64-bit) Red Hat 5 (32-bit and 64-bit), Red Hat 6 (32-bit and 64-bit), CentOS 5 (32-bit and 64-bit), CentOS 6 (32-bit and 64-bit), SuSE(TM) 11 Service Pack 2 (32-bit and 64-bit), SuSE 10 Service Pack 3 (32-bit and 64-bit), Amazon Linux (32-bit and 64-bit), Deep Security Relay Platforms: Red Hat 5 (64-bit), Red Hat 6 (64-bit), CentOS 5 (64-bit), CentOS 6 (64-bit), SuSE 10 (64-bit), SuSE 11 (64-bit) Kernel Support: Please refer to the 8.0 kernel support document for the appropriate platform. Agent-based Anti-Malware not supported on: Red Hat 4 (32-bit), Red Hat 5 (32-bit), Red Hat 6 (32-bit), CentOS 5 (32-bit), CentOS 6 (32-bit), SuSE 10 (32-bit), SuSE 11 (32-bit), Amazon Linux (32-bit) Date: January 24, 2014 Release: 8.0 Service Pack 2 Patch 2 Build Version: 8.0.0.2197 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center web site: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security Agent 8.0 Service Pack 2 Patch 2 for Linux 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security Agent 8.0 Service Pack 2 Patch 2 for Linux ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Agent 8.0 Service Pack 2 Patch 2 for Linux resolves several issues in Deep Security Agent 7.0, 7.5, and 8.0. 1.2 Who Should Install this Release ===================================================================== You should install Deep Security Agent 8.0 Service Pack 2 Patch 2 for Linux if you are currently running Deep Security Agent 7.0, 7.5, or 8.0. 1.3 Support Expiration Notice ===================================================================== Deep Security Agent 8.0 Service Pack 2 Patch 2 for Linux supports updates from versions 7.0, 7.5, and 8.0 only and does not support updates from version 6.1 or any older version. Trend Micro strongly recommends upgrading to the most recent version to take full advantage of the new features and improved performance. Please visit the Trend Micro Download Center web site to download the latest releases at: http://downloadcenter.trendmicro.com/ 2. What's New ======================================================================== For major changes in Deep Security 8.0 Service Pack 2 from previously released versions of Deep Security, please read the "What's New in 8.0 SP2" section of the Deep Security "Administrator's Guide" or the Deep Security Manager on-line help, available for download from the Trend Micro Download Center. 2.1 Enhancements ===================================================================== There are no enhancements for this Patch. 2.2 Resolved Known Issues ===================================================================== Deep Security Agent 8.0 Service Pack 2 Patch 2 for Linux resolves the following issues: Issue 1: Deep Security Agent 8.0 does not support DES encryption on 64-bit Linux machines. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch enables Deep Security Agent 8.0 to support DES encryption on 64-bit Linux machines. Issue 2: The "service-network-stop" process stops responding in a Linux-bonded interface environment. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch enables Deep Security Agent 8.0 to correctly calculate the reference count of MAC addresses of physical interfaces. This resolves the issue. Issue 3: An "Illegal Character in URI" false detection occurs beyond the end of packet data. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hot fix resolves this issue. Issue 4: When a virtual machine's network is bonded, Deep Security Manager generates the wrong network interface change event ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch resolves an issue in the network interface monitoring logic of Deep Security Agent to help ensure that Deep Security Manager generates the correct network interface change event when a virtual machine's network is bonded. This solution requires users to install a related hot fix or the corresponding patch to Deep Security Manager to resolve the issue completely. 3. Documentation Set ======================================================================== In addition to this readme, the documentation set for this product includes the following: o Deep Security 8.0 SP2 Getting Started and Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 8.0 SP2 Administrator’s Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance and ESX Filter Driver. o Supported Linux Red Hat Kernels -- list of Deep Security Agent 8.0 Supported Linux Red Hat Kernels o Supported Linux CentOS Kernels -- list of Deep Security Agent 8.0 Supported Linux CentOS Kernels o Supported Linux SUSE Kernels -- list of Deep Security Agent 8.0 Supported Linux SUSE Kernels o Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security 8.0 SP2 Getting Started and Installation Guide". 5. Installation/Uninstallation ======================================================================== See the "Deep Security 8.0 SP2 Getting Started and Installation Guide" document available for download from the Trend Micro Download Center. For CentOS you can use the Red Hat 5 rpm; for CentOS 6 use the Red Hat 6 rpm. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this Patch. 7. Known Issues ======================================================================== - Deep Packet Inspection (DPI) is not supported over SSL connections when using IPv6. - If you wish to use Point To Point Tunneling Protocol (PPTP) with Deep Security, you must modify some of the advanced settings. To modify the settings for PPTP: a. Log on to Deep Security Manager and go to "System Settings > Network Engine". b. Check the "Advanced Settings" check box and set the following: Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels Maximum Tunnel Depth: 4 Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". [Deep Security 8.0 Tier 2-00200] - You may see the following messages while installing Deep Security Agent 8.0 on Ubuntu: update-rc.d: warning: ds_filter start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (3 5) update-rc.d: warning: ds_filter stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 1 2 6) These messages can be safely ignored. [Deep Security 8.0 Tier 2-00230] - Because the Deep Security Relay server does not support a component rollback, if a rollback is performed on a Deep Security Relay, the components listed in the Deep Security Manager may not match the actual versions available on the Deep Security Relay Server. The next update of components will re-synch the component versions displayed in Deep Security Manager. [Deep Security 8.0 Tier 2-00180] - SYN Flood protection is supported only on versions 7.5 or earlier versions of the Virtual Appliance and not supported on version 7.5 Service Pack 1 or later versions of the Virtual Appliance. It is not supported on any version of the Linux or Solaris Agents. - CentOS uses the Red Hat 5 Agent installer. Therefore, it shows up as Red Hat in Deep Security Manager. - Firewall and IPS event log entries for OUTGOING traffic show zero MAC addresses. - In certain situations when you are protecting a computer with an in-guest Agent as well as the Deep Security Virtual Agent and you attempt to activate the in-guest Agent, you may see that the Virtual Agent is activated but not the in-guest Agent. This may occur when the hostname of the computer you are protecting cannot be resolved. Adding an entry to the Deep Security Manager hosts file or updating the DNS entry for the host can resolve this issue. [10930] - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status becomes "Stand By" but the Deep Security Virtual Appliance is actually online and will still be able to generate DPI and firewall events when rules are triggered. [10948] - Log Inspection events have a size limitation of 6000 characters. 8. Release History ======================================================================== - 8.0.0.1630 March 12, 2012 - 8.0.0.1733 April 30, 2012 - 8.0.0.1770 August 17, 2012 - 8.0.0.2119 January 8, 2013 (Service Pack 2) - 8.0.0.2151 June 14, 2013 (Service Pack 2 Patch 1) Hot Fix 2180 Issue: Deep Security Agent 8.0 does not support DES encryption on 64-bit Linux machines. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix enables Deep Security Agent 8.0 to support DES encryption on 64-bit Linux machines. Hot Fix 2175 Issue 1: "service-network-stop" stops responding in a Linux bonded interface environment. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix enables Deep Security Agent to correctly calculate the reference count of MAC addresses of physical interfaces. This resolves the issue. Issue 2: An "Illegal Character in URI" false detection occurs beyond the end of packet data. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix resolves this issue. Hot Fix 2171 Issue: Sometimes, an exception error causes the Deep Security Relay service to stop unexpectedly while the service checks new security components. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix corrects the handle on the iAU module to prevent the exception error and ensure that the Deep Security Relay service can check new security components without issues. Hot Fix 2168 Issue: Some DPI events are not displayed when users enable the "DPI Events" page of "dsa_config.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix increases the internal buffer that "dsa_config.exe" uses to read the "dsa_mpnp" log to 8 KB. Since the maximum size of the log file is only 4 KB, this solution can help ensure that all Deep Packet Inspection events can now be displayed. 9. Files Included in this Release ======================================================================== This release is a complete installation. Use one of the following files, depending on your installation platform: - Agent-RedHat_2.6.9_22.EL_i686-8.0.0-xxxx.i386.rpm - Agent-RedHat_2.6.9_34.EL_x86_64-8.0.0-xxxx.x86_64.rpm - Agent-RedHat_2.6.18_8.el5_i686-8.0.0-xxxx.i386.rpm - Agent-RedHat_2.6.18_8.el5_x86_64-8.0.0-xxxx.x86_64.rpm - Relay-RedHat_2.6.18_8.el5_x86_64-8.0.0-xxxx.x86_64.rpm - Agent-RedHat_EL6_i686-8.0.0-xxxx.i686.rpm - Agent-RedHat_EL6_x86_64-8.0.0-xxxx.x86_64.rpm - Relay-RedHat_EL6_x86_64-8.0.0-xxxx.x86_64.rpm - Agent-SuSE_2.6.16_i586-8.0.0-xxxx.i586.rpm - Agent-SuSE_2.6.16_x86_64-8.0.0-xxxx.x86_64.rpm - Agent-SuSE_2.6.32_i586-8.0.0-xxxx.i586.rpm - Agent-SuSE_2.6.32_x86_64-8.0.0-xxxx.x86_64.rpm - Agent-Solaris_5.10_U5_i386-8.0.0-xxxx.x86_64.pkg.gz - Agent-Solaris_5.10_U7_i386-8.0.0-xxxx.x86_64.pkg.gz For Amazon Linux, use either the Red Hat 6 Agent package 32-bit or 64-bit) or the SuSE ll Agent package (64-bit), depending on the kernel derivative used by your Amazon AMI. Please refer to the Supported Red Hat and SuSE Linux Kernels documents for a list of Amazon supported kernels. 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, go to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen will display. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security, and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Deep Security Agent also makes use of the following software. 3rd party binary distributions: Expat (http://expat.sourceforge.net/) fksec (http://win32.mvps.org/) IP Filter (http://coombs.anu.edu.au/~avalon/) SQLite (http://www.sqlite.org/) WxWidgets (http://www.wxwidgets.org/) zlib (http://www.zlib.net/) 3rd party source: GMTime (http://www.jbox.dk/sanos/source/lib/time.c.html) Tree (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/sys/tree.h) The 3rd party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Public domain source code licenses are available here: SQLite - http://www.sqlite.org/copyright.html fksec - http://win32.mvps.org/license.html Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2014 Trend Micro Inc. All rights reserved. Published in Canada.