Date: 2019-04-12 OS: Windows/Linux Etrack Incidents: 3974571 Errors/Problems Fixed: CFT-1895 - Incorrect audit counts in case of Blacklist and Whitelist Policies for certain scenarios CFT-1901 - IndexCheckJob fails after upgrade to 6.1RP4 CFT-1868 - X-XSS-Protection HTTP Header missing on port 443 vulnerability reported by customer CFT-1800 - Need information if DI is vulnerable to http-options-method-enabled and http-delete-method-enabled This hotfix provides fixes for following issues: 1) While processing an audit_* file containing "checkout" event, the process gen_rt_alerts creates an empty alerts file. 2) Alerts generated for real-time Blacklist/Whitelist policies audit count is inaccurate for specific scenarios. 3) After upgrade to 6.1.4, IndexCheckJob fails with message: V-378-1312-715: IndexCheckJob failed. One or more databases were found to be corrupt. 4) Data Insight is vulnerable to http-options-method-enabled and http-delete-method-enabled. 5) Data Insight is vulnerable due to missing X-XSS-Protection HTTP Header. Applies to: Data Insight servers with version 6.1 RP4. Install/Uninstall Instructions: Apply this hotfix to all Data Insight servers with version 6.1 RP4. This hotfix can be applied to Data Insight version 6.1 RP4 only. FILE AFFECTED BY THIS PATCH: Windows: INSTALL_ROOT\bin\gen_rt_alerts.exe INSTALL_ROOT\bin\policies_report.dll INSTALL_ROOT\bin\mpolicy.dll INSTALL_ROOT\bin\idxcheck INSTALL_ROOT\tomcat\conf\web.xml Linux: INSTALL_ROOT/bin/gen_rt_alerts INSTALL_ROOT/lib/libmpolicy.so INSTALL_ROOT/lib/libpolicies_report.so INSTALL_ROOT/bin/idxcheck INSTALL_ROOT/tomcat/conf/web.xml By default, value of INSTALL_ROOT on Windows is "C:\Program Files\DataInsight". By default, value of INSTALL_ROOT on Linux is "/opt/DataInsight". Steps: Log into Data Insight Server and perform the following steps: 1. Unzip the patch files to a temporary folder. In this folder, locate the "patches" folder. This folder contains all files for help application. Example: If you unzip hotfix to C:\temp, it will create the following folder under C:\temp: C:\TEMP\ +---README +---patches +---RHEL6 +---RHEL7 +---Windows 2. Stop all Data Insight services: From the command prompt, issue the following command: For Windows: net stop DataInsightComm net stop DataInsightCmisService net stop DataInsightWeb net stop DataInsightConfig net stop DataInsightFpolicy net stop DataInsightFpolicyCMod net stop DataInsightCelerra net stop DataInsightWinnas net stop DataInsightGenericCollector net stop DataInsightWorkflow net stop DataInsightWatchdog net stop DataInsightPortal net stop DataInsightVICServer net stop DataInsightVICClient For Linux: INSTALL_ROOT/bin/DataInsightComm stop INSTALL_ROOT/bin/DataInsightConfig stop INSTALL_ROOT/bin/DataInsightWatchdog stop 3. Install required classification binaries using following steps: For Windows, if you are patching Data Insight node installed at "C:\Program Files\DataInsight": a. Copy and replace all the files from "patches\Windows\bin\" to "C:\Program Files\DataInsight\bin\" b. Copy and replace all the files from "patches\Windows\tomcat\conf\" to "C:\Program Files\DataInsight\tomcat\conf\" For RHEL6 Linux, if you are patching Data Insight node installed at "/opt/DataInsight": a. Copy and replace all the files from "patches/RHEL6/bin/" to "/opt/DataInsight/bin/" b. Copy and replace all the files from "patches/RHEL6/lib/" to "/opt/DataInsight/lib/" c. Copy and replace all the files from "patches/RHEL6/tomcat/conf/" to "/opt/DataInsight/tomcat/conf/" For RHEL7 Linux, if you are patching Data Insight node installed at "/opt/DataInsight": a. Copy and replace all the files from "patches/RHEL7/bin/" to "/opt/DataInsight/bin/" b. Copy and replace all the files from "patches/RHEL7/lib/" to "/opt/DataInsight/lib/" c. Copy and replace all the files from "patches/RHEL7/tomcat/conf/" to "/opt/DataInsight/tomcat/conf/" 4. For Linux, modify permission for modified files: chmod 744 INSTALL_ROOT/bin/gen_rt_alerts 5. Start Data Insight services: From the command prompt, issue the following command: For Windows: net start DataInsightComm net start DataInsightCmisService net start DataInsightWeb net start DataInsightConfig net start DataInsightFpolicy net start DataInsightFpolicyCMod net start DataInsightCelerra net start DataInsightWinnas net start DataInsightGenericCollector net start DataInsightWorkflow net start DataInsightWatchdog net start DataInsightPortal net start DataInsightVICServer net start DataInsightVICClient For Linux: INSTALL_ROOT/bin/DataInsightComm start INSTALL_ROOT/bin/DataInsightConfig start INSTALL_ROOT/bin/DataInsightWatchdog start Additional Notes: 1. Apply this hotfix to Data Insight 6.1.RP4 only. 2. If a new Data Insight node is added later, this hotfix needs to be applied.