SecHard
RELEASE NOTES
Version 3.5.0 - Released 2023-09-09
Features
Addition of editable mail template for 2FA QR code
Adding the Account Info Report Network Devices report - Account Info Report OS
Adding Active Directory Groups Last Sync Info information
When AD Group users are imported with the sync feature, the imported user type change is detected and the users in the system are moved to that type.
Addition of AD and LDAP discover OU restriction
Adding Asset Group Settings Critical High Medium Low values
Changing Asset scripts names
Adding Auth Method column as hidden to the right of Account column on Resources page
Adding CIS NGINX Benchmark v2.0.1 - 06-15-2023 to the system
Adding Compliance custom recipe
Editing the compliance overview page
Creation of compliance reports
Adding the Compliance page and creating the checklist structure
Organizing the compliance structure
Compliance, SAMA Addition of Saudi Arabian Monetary Authority Compliance report
Compliance, CIS v8 Addition of Compliance report
Compliance, addition of CMMC Compliance report
Compliance, ECC: SAUDI ARABIA'S ESSENTIAL CYBERSECURITY CONTROLS Adding the Compliance report
Compliance, creating severities in NIST compliance with AI
Compliance, NIST SP 800 - 53 Addition of Compliance report
Adding CTRL+v ^v character in Console connection
Adding Custom Vault and granting user-based permission
If the discovered resources have fqdn information, they should be able to save without ip
In the discovery phase, only Kerberos is tested, for windows platforms that are not members of the domain, Kerberos should be checked after Basic control in vmware and other discovery phases. Only Kerberos should be scanned from AD
Discovery Exist warning should be checked
Deleting MS Only recipients in Domains and DC Only recipients in Servers
Checking the default value in Recipe runs with Field
Addition of Fortigate Radius integration
Setting Fortinet Firewall Default Benchmark to CIS
Grafana Alertmanager integration
Moving Grafana rolls to code
GUI default Admin user first login password change
Receiving hardening diff report
Creating a baseline by comparing Hardening Recipe Group Resource. Having remediation and rollback options in the baseline.
Removing the list limit in the "Hardening Zone" section
Hardening, exclude / hidden recipients report with reason
Hardening, security cake % status display
Historical receipt of revision report in Hardware and Software asset information
Adding _cmdline-mode on account optional options during the first login phase in HP Comware5 1920 switches
Addition of Hyper-V Discover feature
Adding LDAP Discovery feature
Linux /tmp asset script delete and permission control
Adding HTML rendering in mail notification.
Main Dashboard - Hardening Highest Scores widget update
Metrics Recive Status data from queue
Adding navigation menu headings
PAM - Adding Account Associate TAG structure
Adding Source IP field to PAM session system event logs
Adding personal vault token expiration time to system settings
Adding Ping, Connection, Account, Last Changed information
Closing pop-up notifications after timeout
Immediate activation of changes in queue management
Preventing Radius AD Group Users from failing during caching
Making the Radius package ready for redhat, centos, oracle
Recipe Execution bug fixes and improvements
Adding polling to recipe execution queue job, eliminating race condition
Displaying as recipe group title bar
Shortening the refresh token duration and setting it to 12 hours
Saving the last value before remediation in the database, providing an option in rollback
Adding information about who deleted the resource deleted mail
After the resource is added, it should verify and queue
Adding note on Resource and showing it with popup
Send files to linux servers with SFTP / SCP
SFTP role should be disable by default
SIEM log improvements
SSH Key integration
Adding SSH key integration. Adding key generation, manual key fields.
Adding SSH key integration to PAM access.
Adding the machine name as a column in the TACACS Log section
Adding tftp server ip address field field.
Adding User Management Info information and user last session ip and date information
Addition of User Management user ip restriction and the ability to write more than one ip
Pulling Resource information in User role by looking at name group permissions. Automatic control for Administrators and Remote Desktop Group
Using Vault accounts in PAM Conncetion
Fixing null pointer error during VNC connection
Vulnerability OWASP ZAP Integration
Vulnerability Tenable Nessus integration
Adding the ability to add white list feature based on resource
Adding field and range information to Windows rollback recipients
Adding field and range information to Windows rollback recipients
Adding Test Path to Windows Server 2008 R2 Rollback commands
Adding Test Path to Windows Server 2008 Rollback commands
Adding Test Path to Windows Server 2012 R2 Rollback commands
Adding Test Path to Windows Server 2012 Rollback commands
Adding Test Path to Windows Server 2016 Rollback commands
Adding Test Path to Windows Server 2019 Rollback commands
Testing all items Bulk remedition, Confirm message, Service restart in Windows
Changing the name of Windows User Report to Resource User Report
Extending Database Operations on Windows
Version 3.4.0 - Released 2023-05-15
Features
Addition of Alert SMS support.
Addition of TOTP SMS support.
Adding Radius Server otp SMS support.
Windows Server 2022 Confirm Messages.
Addition of Hp Comware 5 support.
Queue backup jobs memory leak arrangement.
Discovery Exist warning should be checked.
Send files to linux servers with SFTP / SCP.
Organizing MS Only recipients in domains.
Organizing DC Only recipes on servers.
Addition of Personal Vault feature.
Addition of Custom Shared Vault feature.
Addition of PAM bidirectional Approval mechanism feature.
Using Vault accounts in PAM Conncetion.
Adding polling to recipe execution queue job, eliminating race condition.
Immediate activation of changes in queue management.
Recipe group feature has been added.
Recipe schedule feature has been added.
PostgreSQL 15 Hardening Benchmark has been added.
PostgreSQL 14 Hardening Benchmark has been added.
PostgreSQL 13 Hardening Benchmark has been added.
PostgreSQL 12 Hardening Benchmark has been added.
Added Docker CIS Compliance Hardening.
Putting Password and Account expire on the Alarm page.
Increasing the number of acceptable jobs in Bulk config.
Updating the Create Custom Recipe field field. Number of lines and width.
Feeding resource-asset name and hostname information from a single field.
Added Hardening Critical, High, Medium, Low levels in Web Browsers.
Added Hardening Critical, High, Medium, Low levels in Microsoft SQL Databases.
Added Microsoft SQL Server 2022 Hardening Benchmark.
Added Microsoft SQL Server 2019 Hardening Benchmark.
Microsoft SQL Server 2017 Hardening Benchmark has been added.
Microsoft SQL Server 2016 Hardening Benchmark has been added.
Microsoft SQL Server 2014 Hardening Benchmark has been added.
Microsoft SQL Server 2012 Hardening Benchmark has been added.
Microsoft SQL Server 2008 R2 Hardening Benchmark has been added.
Added Web Browser Google Chrome Hardening Benchmark.
Added Web Browser Microsoft Edge Hardening Benchmark.
Web Browser Mozilla Firefox Hardening Benchmark has been added.
RemoteApplication Auto Login feature has been added.
Service Password Change AD User feature added.
New Asset reports have been added.
Asset script structure and file names have been edited.
Cisco switch and router backup structure moved to tftp.
Docker swarm yml files have been updated.
Web upload feature has been added.
Version 3.3.0 - Released 2023-01-10
Features
Added Hardening Critical, High, Medium, Low levels to Windows servers.
Hardening Critical, High, Medium, Low levels have been added to Linux servers.
Hardening Critical, High, Medium, Low levels have been added to Switch, Router, Firewall resources.
Added Hardening Critical, High, Medium, Low levels to applications.
Azure Hardening Benchmark has been added.
Aruba Wireless Controller Hardening Benchmark has been added.
Aruba OS Switch WC Hardening Benchmark has been added.
RemoteApplication feature has been added.
Service Password Change feature has been added.
New Asset Monitor prescriptions have been added and listed on the dashboard.
Asset script structure and file names have been edited.
Cisco switch and router backup structure has been moved to tftp.
Docker swarm yml files have been updated.
Persistent Volumes moved to data folder.
Web applications were moved behind Nginx Proxy.
VNC install and uninstall packages were prepared and sent through the system.
WMI install and uninstall packages were prepared and sent through the system.
Web download feature added.
Improved TOTP support for SSH, Telnet, RDP.
Snmpv3 support was added in Discover module.
Added snmpv3 support in performance monitor module.
Hardening hidden rciples were only shown in hidden filtering.
Hardening excluded rciples were shown only in exclude filtering.
Windows Server 2016 Hardening Benchmark has been updated.
Windows Server 2019 Hardening Benchmark has been updated.
Windows Server 2022 Hardening Benchmark has been updated.
Windows 10 Hardening Benchmark updated.
Windows 11 Hardening Benchmark has been updated.
Added Turkish character support on Reason page.
Port page CSV export added.
It has been ensured that the port lists that have not been used for x days are mailed daily.
User Management Gender field combo box Male / Female feature has been added.
Asset pages moved to new page.
Sytem Event moved to new page.
CSV Export module has been improved.
The tag feature has been improved on the Resource page.
Tag structure added to Account page.
Rersources Bulk Update was enabled to be done from the CSV Import page.
Double-sided continuity (Job<->Discovery-methods) has been provided in Discovery jobs.
Log format and content updates were made in QRadar and Logsign SIEM options.
Multiple condition and multiple action features have been added in Rule settings.
SSL Certificate export to csv page, list and vulnerability report have been added.
Resource User Group report has been added.
Version 3.2.0 - Released 2022-11-15
Features
accessory asset checkin (95919a0)
accessory assets (13de248)
accessory assets checkout (e25c484)
add events on asset actions web (fc559b4)
add ip page on resource assets (8cdd00b)
api routes and pub sub functions (a21b52c)
asset dashboard permissions (c034055)
asset model links (04b75fd)
asset model settings (a80c55b)
asset routes (c04f513)
asset services (60868f2)
asset settings module (0071d98)
asset status component (6ea8975)
asset status links (47968b9)
asset status routes and model (247b78f)
category asset routes (8f238e9)
category asset settings and form pages (b832d3c)
checkout component assets (e692d29)
company asset settings (8bfe31a)
company links (70b8a90)
component asset checkin (6abdf86)
component asset checkin quantity (a744c28)
component assets components (f79dce6)
component assets routes and model (989d7c0)
create 'dns' asset script (2991c1b)
create 'route' asset script (9102475)
create 'software-key' asset script (9dc74d4)
create 'software' asset script (aa44ec2)
create 'user' asset script (4c011bc)
create 'variable' asset script (e274d93)
create benchmark.score and recipe.status models (a191f57)
custom asset checkin (ee7052c)
custom asset checkout (db43d4c)
custom asset permissions (0d6f21e)
custom assets (d0cf752)
custom hardening regex key higlight (8677136)
deaprtment links (e3ccfb4)
department asset list page and form component (b596bd9)
department asset model and api routes (ef06ecf)
department asset settings refs (afc2002)
domain controller scripts (f7d62c0)
domain controller scripts and recipes (adc01f8)
download needed audit files from sechard-api/files endpoint (0cb5a43)
hardening comparison reports (cc85545)
hardening executive summary report (233f20b)
hardening reports initial commit (64e61eb)
hide resource table when hardeing charts are selected (e969270)
huawei router (ef21c81)
initial custom assets (cf90aa0)
initial manufacturer-asset-settings (5bb9a5b)
license asset checkin (08e8cdc)
license asset checkout (b8ad5cf)
license asset page and form component (ecb5b65)
license assets routes and model (233e57c)
location asset refs (c156a32)
location asset settings page and services (316d134)
location asset settings routes and model (400b805)
location links (01e231e)
manufacturer asset links (94333cf)
manufacturer asset settings (1cfc338)
netstat paging (e7a9961)
partition page on resource assets (4e1c805)
people asset count fields (a286ed4)
people assets (93a4915)
people links (7a2766e)
reports page hardening resource filters (21ee079)
resource task page (5a120b4)
turk telekom hardening reports (5057235)
win processor scripts and recipes (7d6e434)
windows 'log' scripts and recipes (21c0c1b)
windows 'monitor' recipes (e6a9968)
windows 'monitor' scripts (a8c67b4)
windows 'netstat' scripts and recipes (c1e5a5a)
windows 'pagefile' scripts and recipes (26e2fb2)
windows 'service' scripts and recipes (e6a8747)
windows 'sound' scripts and recipes (f67e54f)
windows 'user groups' recipes (4eb1dc2)
windows 'user groups' scripts (04330bb)
windows bios monitoring recipes (eef0314)
windows bios scripts (a45a08c)
windows ip scripts and recipes (443cc09)
windows partition scripts and recipes (fe785c5)
windows task scripts and recipes (ecc7c2b)
windows video scripts and recipes api (23bf4b9)
windows video scripts and recipes queue (f7f5c39)
Bug Fixes
api shared-files (1ae95cb)
asset score (1ed0bf2)
backup operator (0f48d30)
blank asset score after recipe sync execute (6c16036)
check lenght on objects that are not arrays (19d1697)
hardening top menu item should show if custom hardening exists (75c0ef4)
hardening-reports (dd62351)
lint (a26a9a7)
lint (01fd4b9)
merge conflict (e0393ec)
merge conflict (1d5f8b7)
merge conflict (9c1b688)
merge conflict (675ea06)
queue recommended value (48dfb86)
queue resource toObject bug (53aa3d0)
queue windows 10 script paths (6b95b00)
recipe migration upsert recipes (04a1276)
remediation, rollback and audit score calculating on hardening page (2131cc3)
require is not defined on reports (0671826)
resource-edit (d7ee6ff)
score-cal (05f6d21)
set mongo image version to 4.4.6 (b9a52d1)
show 'highlight audit' button on 'Switch, Router' resource types (4152ba9)
show hardening top menu item if custom hardening exists (df345e7)
Version 3.1.0 - Released 2021-8-21
Features
add target-handler.js (adad297)
Bug Fixes
Grafana datasource (39a7735)
queue separate process (84a0910)
recipeQueueCron settings (3cc563d)
recipeQueueCron settings (9a793ef)
winrm result parse (e83fc70)
Version 2.1.0 - Released 2020-12-5
Features
add active directory groups dropdown to user management page (5d2d7b3)
add benchmark tag field to hardening recipes (95a4367)
add CBDDO benchmark option to device hardening page (bebfe99)
add CBDDO benchmark option to export device hardening pdf page (945f844)
add CBDDO benchmark option to reports page (dd40f31)
add cbddo tag to windows hardening recipes (19f9c7f)
add default time-out field to system model (2dbe321)
add idle time-out setting to user settings page (63aa3a9)
add new created devices to prometheus targets.json (14f5309)
add ocr enable setting to system settings page (050f7ae)
add ocr setting to user module (1709186)
add ocr update endpoint (56f0d7b)
add patch and get routes for idle-timeout (be23c45)
add remote desktop permission field to user model (1b1a321)
add remote desktop to top menu items (29509fc)
add sechard_agent_ip field to system models (e4814c8)
add tag field to recipe model (f8cd12b)
add targets.json to prometheus.yml (5e02dca)
add windows and linux grafana dashboards (380e07a)
allow get requests to idle-timeout endpoint (0488974)
check if OCR is enabled before starting the OCR process (6ba702c)
get sechard_agent_ip from db or redis and set it as environment variable on queue worker (351eefc)
select tag field of the device recipe (3e3770e)
set sechard_agent_ip field on db (512d239)
show different icon when ocr is disabled and ocr is in progress (a6507e0)
show rdp or console buttons on devices list only if user has required permissions (f2e3902)
show remote desktop top menu item only if user has required permissions (5dfd4b0)
time-out idle users after a while (401485e)
ui enhancement on session records page (d17904e)
use cgroups to limit cpu usage to 25% (343291b)
winrm kerberos auth (4ccd43f)
Bug Fixes
'Windows' devices bugs in queue (2ff09f6)
add else statement if writeFile fails (a26291b)
blank ad auths (0c25b3c)
catch EHOSTUNREACH error if ad is unreachable (b92a250)
cbddo client side filtering on export hardening page (99bcaea)
cbddo client-side filtering (4762f47)
cbddo client-side filtering on reports page (71e3146)
dashboard uids (5f83cfc)
delete unnecessary files from remote destkop (50cf5cb)
edit ad auth settings even if new password is not provided (50e1ac5)
group recipes by level on detailed and summary hardening report page (6a3a056)
handle remote desktop alarms and mails on api (7a85c53)
hide management and monitoring top menu items on firewall devices (00820b9)
if ocr is not enabled remove encoded files after conversion to .mp4 (7b842ec)
lint (437bf1a)
list devices and sort server-side on report page (eff9e4d)
local users missing password field (18907ff)
ng lint (d2c723f)
pingDevices handler.bind is not a function (d916328)
recipe queue concurrency option (b9bf804)
redirect to user types page when edit user types button is clicked on user management page (71bc07d)
remote desktop container logs (e4f9f93)
remove unnecessary model files (3caf95e)
select only timeoutseconds field from system (a70d482)
show remote desktop menu item on Windows devices (52c9fa9)
undefined recipeQueueCron (a1fc554)
update session time-out seconds from user settings (3c45ada)
update windows scripts (8d06be4)
when time-out ends log user out from any other open tabs (1e85915)
winrm connection & custom recipe (b42dfc4)
winrm device host (ed247e8)
winrm hostname (33e171b)
Version 3.0.0 - Released 2020-6-3 Priorities
Features
add status field to user model (02071d2)
add status route to update status on login (fd5d153)
add user login hours restriction option when creating and editing users (604ef4d)
add user online status and logged in duration on user management page (36347e2)
dashboard module (6945047)
front-end of uploading files to server (b521980)
upload files server-side (d57af4f)
user login hours restriction server-side (3d87e91)
add different conversion depending on color scheme setting (948ed0c)
add necessary fields and routes for color scheme setting (7d3dd9b)
add session record color scheme sytem setting (648a49d)
docker dashboards (153c288)
remote desktop session records OCR (e5186b8)
search session records by keyword using OCR (efe4893)
session record page encoding and ocr search progress (38e5bc0)
Bug Fixes
add control to check if login restriction is enabled before adding or editing a user (08a01ce)
dash scores (e63c3e7)
dash scores & queue bugs (17f2d0d)
Dashboard Exceeds maximum line length of 140 (52fc74f)
isOnline and isEnabled should be checked first on user management page (38df668)
users without status field should be listed as offline (394a95e)
do not complete job if 'command timeout' happens & undefined oldRunningConfig (9434f92)
downgrade ssh2shell package version & create job per device in update-devices queue (ab676b6)
enable rdp font smoothing (8ff7b00)
merge conflict (601c860)
recipe-queue update cron settings function (21c1c33)
security score top menu item not visible (cfe31de)
top menu items not showing on generic devices (2ef9b93)
SecHard