Release Notes Trace (Version 2.0.1)
Thank you for choosing Tanium. This document is intended to document changes between releases of Tanium Trace.
Tanium Trace 2.0.1.24
Release Date: February 17, 2017
Enhancements
- Reduced CPU usage in the Linux Recorder.
- Added support for Sysmon v6.0.
Resolved Issues
- Fixed an issue where, in some cases, the Tanium Trace Status Sensor was not properly reporting Install Needed.
- Fixed an issue where unsupported audit rules were being installed on some operating systems, including Ubuntu 14, which prevented the audit daemon from starting.
- Fixed an issue where Sensor results were not properly displayed for endpoints using double-byte languages.
- Fixed an issue where some types of suite licenses were not being accepted, causing the installation to fail.
- Increased the command timeout of the Distribute Tanium Trace Tools for Linux Package to 15 minutes to match Windows and allow more time for endpoints on slower connections.
- Changed the message that is displayed by Sensors when the Trace endpoint tools are not installed to be consistent across Linux and Windows.
- Fixed an issue where a small number of process events could have large, inaccurate create times.
- Fixed the Trace Database Health Sensor to be consistent across platforms and also to report database sizes in larger groups to reduce string counts and allow better display by tools such as Tanium Trends.
- Fixed an issue where the Distribute Tanium Trace Tools Package or Tanium Trace Status Sensor could fail if the installed Linux Recorder was not functional.
- Increased the configured buffer sizes in the audit daemon and dispatcher to handle a larger rate of incoming events.
- Fixed an issue in the Linux Recorder, where the driver events did not have the Signed field populated.
- Fixed an issue in the Linux Recorder, where it was not properly handling max database sizes larger than 2 GB.
Additional Information
Known Issues and Workarounds
If the Security-Enhanced Linux (SELinux) kernel module is installed on the endpoint, it could limit the Trace Recorder functionality or prevent the Trace Recorder from launching. We currently support SELinux in “Enforcing” mode on RHEL/CentOS for versions 5, 6, and 7. This Trace release includes policies built for several versions of SELinux for each of these platforms. If you experience issues with the Trace Recorder, use the Trace Status Sensor for more information. You can also reach out to your TAM for support. Future releases will continue to improve the installation process to support more distributions and platforms.
For more information about SELinux, see https://en.wikipedia.org/wiki/Security-Enhanced_Linux.