Information about the IMPEX release 5.0.1

Release date: 2024-12-16

The IMPEX 5.0.1 release

This is a patch release for the 5.0.0 release. For the customers who have migrated, this contains an important fix for the new AV engine, Trend Micro. It was not updating its AV definitions correctly after installation.

Important For those planning to perform the controlled upgrade (i.e., pull, not automatic push upgrade) from the Impex 4.1.x branch, this is the ISO file to use as the basis for that migration.

ICC fixes

  • Trend Micro signature status was missing in the station view engine listing and in the operations view.
  • Hostname validation in the station card was too strict, not allowing hostnames without domains.
  • Fixed the retire station command to not validate all fields in the station object when invoked

Station fixes

  • Trend Micro AV upgrade script was not pulling new updated signatures due to an incorrect Last-Modified header check.
  • Changing the station’s network from manual to auto (DHCP) failed due to missing code updates after the move to Sysctl Linux.

Repo changes

  • Reposervice now synchronises three Sysctl Linux versions at a time needed for the 6-month OS upgrade cycle to be seamless.
  • Trend Micro AV repo was incorrectly configured on separate REPO installations.

Repo fixes

  • Sysctl Linux polkit rules for the impex-repo user were too strict, blocking other polkit requests.

Datalock changes

  • Datalock was missing some dependencies that could cause out-of-order install problems on new installations.
  • The integration with OpenSSH was changed so that Datalock has its own sshd configuration file in /etc/ssh/sshd_config.d/60-datalock.conf. This might change rule evaluation order that might affect existing installations and procedures. For example: the datalock settings file sets PasswordAuthentication to no globally. If any installation require SSH root login to be allowed we recommend to use the station token from the ICC to login to the Datalock console and create a /etc/ssh/sshd_config.d/70-customer.conf file with content “AllowUsers root” and then add a ssh-key to the root user’s authorized_keys-file.

Information

Documentation

  • This release contains newly written upgrade instructions. All 5.x.x versions will automatically get the new version.

SBOM

  • The ISO and VHD releases have a software bill of materials (SBOM) to make introspection of the release easy to integrate with a number of security tools.

Sysctl portal

https://portal.sysctl.se/

Sysctl RSS/Atom

https://sysctl.se/feed.xml