Whatsnew Service Pack 319 for Artica 4.30.000000

FIX

  • ERROR: Can`t create temporary directory /var/lib/clamav/tmp during the Clamav databases update.
  • Compatibility issue for Active Directory DNS Cache with French Active Directory server.
  • Incompatibility with DNS Cache service and nis system configuration.
  • Could not handshake: An unexpected TLS packet was received for APT manager when using SSL with an Internet upstream Proxy.
  • Direct acls objects to deny using proxy parents are not applied to the proxy configuration.
  • Artica did not clean postgresql trace files.
  • Memcached was handled by systemd and was not started using correct parameters.
  • Unable to reset the Gold License.
  • Sometimes Artica generates error Helper: Generic [ArtCategories] issue! [action=emergency!]
  • Cannot display the Certificate signed Request content in the certificate center.
  • MySQL error for default values when using PowerDNS during new domain creation.
  • Increase performance and visibility on Security Reputation Network.
  • Masquerade interface are not applied when not using any proxy or firewall service.
  • Backup to NAS use the same parameters when using the cluster configuration.
  • Bad property warnings found in proxy events
  • statscom-error.log file was not cleaned and consume disk space.
  • PDF proxy reports stucks at 5% of progress.
  • Unable to upgrade system packages caused by clamav-freshclam and clamav-daemon
  • HotSpot template was not builded that cause guest clients was not redirected to the splash screen.
  • Artica is unable to stop and restart proxy service.
  • statistics Inconsistencies related to the MAC address which can be masked by the routers.
  • Artica did not checks Proxy ports after defines global parameters.
  • Unable to connect to VPN PPTP service using Artica as gateway ( see more information here )
  • Missing dependency of libbrotlicommon.so.1 for ICAP Scanner.
  • Too few processes for MacToUid proxy rule.
  • Import a certificat using a zip file did not import the certificat request and the private key.
  • Bad understanding between importing a specific Artica certificate backup file and importing the real certificate: change the buttons method to avoid this behavior
  • Upgrading the system did not upgrade the notification of softwares that must be upgraded.
  • Security hole discovered by Rheinmetall Cyber Solutions GmbH company. Using the Web-filtering page service allows to read any file on the system
  • Improve the progress task of install/uninstall in features section.
  • Unable to start NtopNG because new version 4.x require full installation paths.
  • nics_virtual table was not created.
  • exec.syslog-engine.php still try to connect to MySQL server.
  • Missing field AuthParentPort in proxy ports table
  • SPAN Interface is not visible as real ok STATUS and displayed as a specific interface.
  • TailScale Interface can be modified using the unix console.
  • TailScale network starts before the main network that break the network configfuration.
  • TailScale section is not protected by the VPN Manager privilege.
  • Certificate Center did not import CSR and Private Key in some cases.
  • Certificate Center did not parse CSR data (if provided ) in order to import correct certificate information.
  • Certificate center did not import RSA PRIVATE KEYs
  • Unable to Install DWAgent Service.
  • Artica did not clean /var/log/conntrackd-stats.log
  • Crash of SMTP events parser ( see more information here )
  • Too many events timeout on read select() in syslog according to Artica Category cloud.
  • Bungled in misstyped or missing outgoing interfaces in proxy acls.
  • Enforce syslog log file checking - remove if size exceed 1GB
  • Many logs : delay_pool 0 has no delay_access configured
  • ACLS checker notice the ALL object as empty that is expected.
  • Too much memory eating by exec.squidMins.php
  • Artica did not display memcached version.
  • Change Security Network feature to The Shields ( see more information here )
  • Issue in SMTP TLS while creating the private key - special thanks to Peter Sikkes ( see more information here )
  • Reload ICAP service will stop the service after few seconds, switch it to restart quickly.
  • Call to undefined function posix_getuid() in class.unix.inc
  • Unable to query correctly ICAP threats in the search engine.
  • Unable to search entry inside Proxy DNS cache table
  • Cache DNS Troubles when using the redis memory database. caused by records never removed, added a task that remove periodically the redis database
  • Reload command make the C-ICAP stop, now Artica use a quick stop/start for reload task
  • progress bar stuck when disabling SSL emergency
  • Cannot access to the Gold License section.
  • Web-filtering service consider as whitelist all sites if there an empy line in the whitelist database.
  • Rebuild the authenticator for RDS Proxy
  • A warning - outdated RDS proxy version - is displayed after upgrading to 9.x Proxy RDS Version.
  • Internal Error 379 on reverse RDS proxy service when using Active Directory.
  • Proxy bandwidth limiting was not correctly understood by administrators ( see more information here )
  • The Shields block some webistes categorized as Apple, Microsoft, Web plugins and Science Computing
  • Some website categories are not displayed in the realtime access events.
  • Maximum fildescriptors parameter is not always understood by the proxy service.
  • Artica did not check the Active Directory IP address parameter for an Active Directory connection
  • Several bugs for RDS Proxy service with Active Directory settings caused by python3 migration
  • Serveral customers forget to add networks in RDS Proxy rules. Add an explicit red text for this case
  • Possible bugs on top-right notifications icon about new available versions.
  • Upgrading RDS Proxy version did not compile again parameters that cause the authenticator not working.
  • minor bugs on RDS Proxy service authenticator
  • Cannot authenticate trough the RDS proxy login screen.
  • Not all PostgreSQL events are sent to syslog
  • Consolidate ACLs objects interface gameplay
  • Unable to download Maxmind GeoIP databases ( see more information here )
  • Webfilter client crash when proxy did not send its local port
  • Web filter client crash evertytime after the SP319
  • Sometimes the logfile tail service is not running
  • Minor data table issue on failover service
  • Sometimes the proxy did not authenticate kerberos users caused by an upgrade from 3.x
  • Postpone crowdsec support
  • Down the level of FATAL: Proxy is unable to connect to xxxx on port xxxx
  • Issue on callback shutdown on Proxy Watchdog service.
  • The Shields deny requests when Artica put websites into cache
  • Some option in The Shields feature are not saved.
  • Unable to send test SMTP in Web filtering rules.
  • No backup watchdog for log viewer service.
  • In some cases the proxy refuse any connection because the final rule is deny by default.
  • Minor bug fixes in the failover feature.

ADD

  • Possibility to Add a Caching Active Directory records From an Active Directory Connection ( see more information here )
  • Dedicated menu console for SSH service.( see more information here )
  • Monitoring and compatibility of Microsoft Hyper-V virtualization.
  • Security Reputation Network beta 1 (see more information here )
  • Possibility to list all open ports on the Artica server ( see more information here )
  • Possibility to display Proxy statistics daily disk usage ( see more information here )
  • Dedicated section for the log files and statistics retentions ( see more information here )
  • Possibility to import or export Proxy statistics database ( see more information here )
  • Possibility to manually remove statistics data by retention. ( see more information here )
  • Possibility to display events about log files cleaning and retention data cleaning.
  • Possibility to exclude reverse PTR resolutions and queries to specific domains in DNS statistics.
  • Possibility to install/uninstall userspace ARP daemon
  • New wizard "Gateway mode" to allows installing Artica on limited hardware ( see more information here )
  • Watchdog on cgroups php limitation.
  • Possibility to created a simplified and quick DHCP service by Network interface ( see more information here )
  • Possibility to bridge network interfaces using Proxy ARP method ( see more information here )
  • Possibility to add multiple network addresses in SNMPv2 network limitation.
  • New feature Dynamic routing as OSPF protocol support ( see more information here )
  • move URLHaus and NoTrack feature to the SRN feature.
  • Possibility to global exclude domains from the use of any parent proxies. ( see more information here )
  • 2FA authentication for both SSH service and Artica Web console. ( see more information here )
  • Double verification for clone detection.
  • function that scan suspcious files for malwares scanning on the ArticaBox itself.
  • Possibility to send Proxy realtime events to several syslog servers ( see more information here )
  • Beta of TailScale VPN feature.
  • Beta of Synology backup client.
  • Support of Synology Active Backup for Business client ( see more information here )
  • New Proxy ACLs Checker ( see more information here )
  • Possibility to change the name of the certificate in the certificate center section.
  • Possibility to modify the TCP Keepalive Timeout on proxy port ( see more information here )
  • Possibility to link Artica Proxy to Kaspersky Web traffic Security ( see more information here )
  • Possibility to switch to Proxy version 5.x or 4.x branch
  • Display ACLs rule names in realtime proxy events ( see more information here )
  • Notification of new memcached version on the dashboard.
  • New memcached v1.6.10 available for both Debian 9 and Debian 10
  • New Squid Cache v5.1 available for both Debian 9 and Debian 10
  • Automatic install of new Debian package unrar and p7zip
  • More statistics for The Shields graphs section.
  • Possibility to perform fast stop,start,restart proxy service in proxy status section
  • Release of Kasperksy SandBox integration ( see more information here )
  • More description / Information on Host Forgery issue ( see more information here )
  • The Shields can be switched to be an object of ACLS rule ( see more information here )
  • Improve Proxy SSL initialize task
  • Ensure compatibility with the new version 9.x of the RDS Proxy, older versions will be not compatible.
  • Community Artica version on the RDS proxy service will limited to maximum simultaneous connections.
  • Possibility to quickly connect to the RDP target ( see more information here )
  • Possibility to turn the RDP service and the Authenticator in debug mode.
  • Possibility to disable the RDS Proxy login screen ( see more information here )
  • The Shields is upgraded to 10.0 version this new version stores more than 25 000 trackers sites in local cache.
  • Possibility to see more information here that passed trough the bandwith limitation ( see https://wiki.articatech.com/proxy-service/monitoring/monitor-bandwidth-rules )
  • Now RDS Proxy service is able to query directly Active Directory DNS in the case of the Artica server did not have the target Active Directory as primary DNS server
  • Possibility to create a bandwidth rule without any limitation in proxy bandwidth limitation acls
  • Top-right notification on new RDS Proxy service version.
  • Possibility to perosonalize RDS proxy error messages.
  • Status in RDS Proxy status page
  • DNS Firewall feature alpha 1
  • DNS Firewall Feature alpha 2
  • Possibility to launch installation of mandatories modules in status
  • Failover support.
  • DNS Firewall Feature Beta 1
  • DNS Monitoring tool for better help proxy performance DNS settings.
  • Support of use-caps-for-id in DNS Cache service. ( Feature called Increased DNS Forgery Resistance )
  • DNS Firewall feature RC1
  • Possibility to download the "The Shields" events logfile
  • Possibility to set a default page inside a reverse-proxy site ( see more information here )
  • Rebuild the ITCharter internal engine for better performances
  • ITCharter is now Cluster aware
  • Handle k5start error getting credentials: Preauthentication failed in syslog
  • ITCharter with Active Directory Filter feature release candidate 1
  • Whitelisted adservice.google.* in The Shields when allowing Google Advertising option.

MOVE

  • Proxy SSL cache directory to /etc/squid3 for more stability