Release notes for version 1.3.528.1303
No Type Description --- ----- ---------------------------------- 1 CHECK Ticket #910458. The check Default Directory Objects in the Auditor Pre-Emptive policy has been corrected to deal with the case where no default directory objects are found. 2 INSTALL Ticket #452511. 5 new rows added to the PFCL.config to allow the rows of data to be limited for duplicate privileges, role granularity, grants to Oracle, object changes and programming checks. 3 CHECK Ticket #452511. Check USP00018 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "limit rows from duplicate privileges" 4 DOC Ticket #452511. The documentation has been updated to include an explanation of the limits on some queries controlled by PFCL.config. The options section in the "Advanced Topics" section has been updated to cover this. 5 CHECK Ticket #452511. Check USP00015 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "limit rows from duplicate privileges" 6 CHECK Ticket #452511. Check USP00017 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "limit rows from duplicate privileges" 7 CHECK Ticket #452511. Check USP00019 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "limit rows from duplicate privileges" 8 CHECK Ticket #452511. Check USP00020 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "limit rows from role granularity" 9 CHECK Ticket #452511. Check USP00022 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "Limit rows from grants to customer/Oracle" 10 CHECK Ticket #452511. Check USP00023 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "Limit rows from grants to customer/Oracle" 11 CHECK Ticket #452511. Check USP00024 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "Limit rows from grants to customer/Oracle" 12 CHECK Ticket #452511. Check USP00025 in the Audit User Privilege policy has been changed to limit the number of rows returned based on the PFCL.config entry for "Limit rows from grants to customer/Oracle" 13 CHECK Ticket #452511. Check FOR00005 in the Forensic policy has been changed to limit the number of rows returned based on the PFCL.config entry for "Limit rows from object changes" 14 CHECK Ticket #452511. The code analysis DBA Source library check in code.pfp has been ammended to limit the number of rows returned based on the PFCL.config entry for "Limit rows from programming checks" 15 CHECK Ticket #452511. Check PRG00024 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 16 CHECK Ticket #452511. Check PRG00025 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 17 CHECK Ticket #452511. Check PRG00026 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 18 CHECK Ticket #452511. Check PRG00027 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 19 CHECK Ticket #452511. Check PRG00028 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 20 CHECK Ticket #452511. Check PRG00029 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 21 CHECK Ticket #452511. Check PRG00030 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 22 CHECK Ticket #452511. Check PRG00031 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 23 CHECK Ticket #452511. Check PRG00032 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 24 CHECK Ticket #452511. Check PRG00033 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 25 CHECK Ticket #452511. Check PRG00034 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 26 CHECK Ticket #452511. Check PRG00035 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 27 CHECK Ticket #452511. Check PRG00036 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 28 CHECK Ticket #452511. Check PRG00037 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 29 CHECK Ticket #452511. Check PRG00038 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 30 CHECK Ticket #452511. Check PRG00039 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 31 CHECK Ticket #452511. Check PRG00040 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 32 CHECK Ticket #452511. Check PRG00041 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 33 CHECK Ticket #452511. Check PRG00042 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 34 CHECK Ticket #452511. Check PRG00043 in the Programming policy has been ammended to limit the number of rows returned by adding the pre-requisite for "Limit rows from programming checks" for the code analysis DBA Source check in the code.pfp library. 35 INSTALL The default password list supplied with PFCLScan has been updated to now include 1535 known default passwords for Oracle. 36 INSTALL oracle.dict common passwords/dictionary file updated to include more passwords 37 DOC Documentation updated to credit Mark Burnett (xato.net) for use of his top 10000 most popular passwords in our list 38 DOC The sample EULA has been updated in the documentation 39 INSTALL 10,000 word list from Mark Burnett (xato.net) included in the oracle.dict file. We already had 834 of these passwords. 40 INSTALL 370 twitter list added - assumed open source as on hundreds of websites none of which include any license. Only 11 new passwords from this list are actually added to our list though 41 INSTALL 4 new passwords from the Adobe hack top 100 added to our list. We had the other 96 already 42 INSTALL 10,000 password list from drop box included. Only 4 new passwords added. 43 INSTALL password list increased to @25K from numerous files and websites collected over many years. All were collected where they had no license restrictions obviously shown. The additonal words are added to oracle.dict2 so both files can be used; 10K list and 25K list 44 CHECK Deep 2 policy. New check added to test for the same passwords assigned to more than one user account in the database. 45 DOC Ticket #596883. Documentation has been updated around the use of Lua in PFCLScan checks where the syntax ]] is used. This would normally be with embedded table indexing. 46 DOC The use of PFCLObfuscate in PFCLScan has been clarified. 47 DOC The inclusion of the PFCLObfuscate manual has been updated to include the latest PFCLObfuscate documentation 48 CHECK Checks USP00018, USP00015, USP00017, USP00019, USP00020 and FOR00005 changed to use embedded sub-select.