Просмотреть исходный

Version 1.1.1

Added

Display of the node name that processed the request in RADIUS / TACACS+ connection logs
Management of PostgreSQL Replication Manager parameters via Ansible playbook variables

Improved

Added support for restoring data from version 1.0 backups in version 1.1.1
Added support for running Ansible playbooks on Astra Linux 1.8 and RedOS 8
Added documentation describing the need to re-fetch groups and update their settings when using an LDAP external identity source after upgrading from version 1.0

Fixed

Issue where roles created/edited on one NAICE node in a high-availability setup were not applied on the second node
Issue where Last Name, First Name, and Email fields were cleared when saving changes for users from external identity sources
Display of test events when attempting to send data to an unavailable log collector
Issue where access to RADIUS policies required granting access to TACACS+ policies in the role
Issue where an error occurred when attempting to log in to the web GUI after a NAICE server reboot
Issue with granting database permissions on ursus to user phoca after upgrading from version 1.0
Issue where the login page was not displayed after administrator logout in a high-availability setup
Issue where reopening the login page was required after changing the authentication source

Added

Some system settings are now available in the NAICE web interface, significantly simplifying configuration and reducing the need to use environment variables
Password policies: configurable requirements for user password complexity
Integration with an SMTP email server (notification gateway) for sending notifications when system users are created or their credentials are changed:
- support for uploading trusted SSL/TLS certificates via the web interface
Login to the NAICE web interface using accounts from external identity sources (MS AD and LDAP):
- support for assigning roles in the NAICE web interface based on attributes from external sources
Support for LDAPS when working with external identity sources:
- support for uploading trusted SSL/TLS certificates via the web interface
CA certificate validation when sending SMS via an HTTPS notification gateway
- support for uploading trusted SSL/TLS certificates via the web interface
Integration of NAICE with Peeper 0.8 (Eltex software monitoring system)
Distribution as a QCOW2 image
Distribution as OVA/QCOW2 images based on RedOS as the operating system
Ansible playbook for deploying NAICE in a high-availability setup without VRRP

Improved

Management of user accounts from external identity sources (MS AD and LDAP) moved to a separate service to eliminate interaction between RADIUS and TACACS+ services
Substitution of the RADIUS user password with a value from a custom attribute in external MS AD and LDAP sources
Cloning of RADIUS and TACACS+ authentication and authorization policies
Endpoint counting (license enforcement): reduced dependency on mandatory attributes to support a wider range of devices
Added an event for failed system user authentication in the logs
Added support for storing personal account settings: selected language and time zone
Dashboards now display storage usage and retention periods for RADIUS and TACACS+ logs, including:
- RADIUS session
- TACACS+ session
- TACACS+ accounting

Fixed

Added

Updated public certificate naice-radius used for EAP-PEAP authentication
Added an Ansible playbook for replacing naice-radius certificates used for EAP-PEAP and EAP-TLS authentication

Added

Improved

Fixed

Added

Role-based access control (RBAC) model
Integration with SIEM systems, including security event logging
User activity logging in the system
Logging and storage of endpoint sessions in the database
Distribution as an OVA image with a web panel for quick and easy NAICE configuration

Improved