changelog.rst

Change Log

upcoming (2015/02/21 20:11 +00:00)

• #553 Use the MAKEBIN variable instead of hardcoded make (@ddpbsd)
• #551 Output alerts.json, newline delimited json, beside the alerts.log file. (@jondb)
• #547 Feature/nfs exclusion v2 (@reyjrar)
• #549 Fixed typo (@gustavo-gomez)
• #548 Fix misspelling of 'source' (@DazWorrall)
• #546 several Coverity fixes (@cgzones)
• #545 remove coverity plugin from travis, because it does not work properly (@cgzones)
• #537 fix most gcc -Wall -Wextra warnings in windows build (@cgzones)
• #544 Correct some spelling, and update based on ossec-docs (@ddpbsd)

2.9.0-beta03 (2015/02/09 14:01 +00:00)

• #536 analysisd: fix compiler warnings (@cgzones)
• #542 Coverity fixes (@cgzones)
• #508 enable web attack detection for IIS with status code 200 (@ChristianBeer)
• #539 Coverity travis (@cgzones)
• #538 Remove unused windows build (@awiddersheim)
• #533 add information about matched and expected decoders to logtest (@ChristianBeer)
• #528 Add contributors and remove white space (@awiddersheim)
• #530 Remove old build files that are no longer used (@awiddersheim)
• #531 Rename vista_sec.csv to vista_sec.txt (@awiddersheim)
• #534 increase timeout for md5sha1 testcase, reported in #532 (@cgzones)
• #529 Fix potential uninitialized value (@awiddersheim)
• #526 possible fix to vista_sec.csv (@ChristianBeer)
• #527 fix rule 18138 (@martindiv)
• #512 exit on single unit test failure (@cgzones)
• #516 add decoder for ossec-logcollector messages (@ChristianBeer)
• #511 remove unknown code (@cgzones)
• #513 merge windows buildlogic into main makefile (@cgzones)

2.9.0-beta01 (2015/01/31 23:35 +00:00)

• #515 fix some Coverity issues (@cgzones)
• #514 fix warnings (@cgzones)
• #510 clean up analysisd/output and fix #488 (@cgzones)
• #509 fix compilation without libssl-dev and libz-dev installed (@cgzones)
• #506 Freebsd inotify (@ddpbsd)
• #502 Giant code-formatting patch (@wclarie)
• #501 Add support for FQDN in csyslogd (@ccooke)
• #500 Travis builds (@jrossi)
• #499 less sloppy indenting (@ddpbsd)
• #494 Fix for issue #463 (rule overwrites causing a segfault) (@ddpbsd)
• #496 Fixes to event channel code (@awiddersheim)
• #497 Fix the wrong ARGV0 defined for authd causing the init script to fail (@nixfloyd)

snapshot/20150112 (2015/01/11 13:57 +00:00)

• #493 Remove install message to email Daniel Cid for all languages (@sexybiggetje)
• #491 nginx tests - without false positives (@dangarthwaite)
• #492 Fix cleanup code in mkstemp_ex() for Windows (@awiddersheim)
• #482 Whitespace/pep8 and option to run just one test (@dangarthwaite)
• #476 Add new rule to proftpd ruleset (@ChristianBeer)
• #485 Update msauth_rules.xml (@hyn172)
• #486 Test web appsec rules (@dangarthwaite)
• #489 match failed authentication at OSX login window (@mikedowney01)
• #477 Fix incorrect declaration (@awiddersheim)
• #474 Sudo rule fix and sample log (@ddpbsd)
• #439 Cleanup more makefile and some standardization for output. (@jrossi)
• #457 Fix windows event channel (@awiddersheim)
• #465 Added src/dst IP and username to the email if it exists in the alert_data. (@reyjrar)
• #468 os_auth/main-server.c won't compile without any headers (@reyjrar)
• #460 bitrig uses gmake. (@ddpbsd)
• #458 Fix log message during client startup (@awiddersheim)
• #456 Update README.md (@jeffreyjackson)
• #452 catching PHP Notices in Apache 2.4 error log (@ChristianBeer)
• #450 fix to sshd rules (@ChristianBeer)
• #451 Apache tests added (@ChristianBeer)
• #449 Fix include order warnings when compiling win32 (@awiddersheim)
• #448 Fix manage agents error message compile warning (@awiddersheim)
• #441 Fix csyslogd-config XML syslog location definition (@mikey-austin)
• #440 Format breakout format options into small bit of code (@jrossi)
• #435 Installation (@ddpbsd)
• #436 Build (@ddpbsd)
• #433 fix compiler warnings reported in #421 (@cgzones)
• #428 fully integrate Apparmor rules (@ddpbsd)
• #427 Zmq (@ddpbsd)
• #424 More decoder testing (@jrossi)
• #426 fixes #425 moves srandom before chroot (@jrossi)
• #423 Zeromq (@ddpbsd)
• #412 [os_csyslogd] fix some compiler warnings (@cgzones)
• #411 fix #409 (@cgzones)
• #414 standalone script for firewalld on Linux (@ChristianBeer)
• #413 Decoder fix for Apache 2.4 (@ChristianBeer)
• #408 adding -Werror flag (@cgzones)
• #401 syscall errors (@cgzones)
• #407 rename memset_s to memset_secure (@cgzones)
• #397 enabling rule tests (@jrossi)
• #406 fix uid/gid conversions (@cgzones)
• #400 fix remaining -Wextra issues (@cgzones)
• #402 use memset_s on sensitive data (@cgzones)
• #403 update ar command (@cgzones)
• #404 fix recent coverity warnings (@cgzones)
• #405 make map not-static, so it is not instantiated in every translation unit (@cgzones)
• #398 Cppcheck cleanup (@jrossi)
• #396 enabling apparmor for new installs (@jrossi)
• #395 moving srandom_init before chroot (@jrossi)
• #385 os_auth (@cgzones)
• #393 remove obsolete Makeall script (@cgzones)
• #392 correctly setup slack+travis based on ossec/ossec-hids (@jrossi)
• #389 Fix formatting of chmod() and ErrorExit() params (@awiddersheim)
• #377 seed random with a real random data (@jrossi)
• #383 [client-agent] fix compiler warnings (@cgzones)
• #388 fix chmod error message (@cgzones)
• #387 [reportd] fix compiler warnings (@cgzones)
• #386 [remoted] fix compiler warnings (@cgzones)
• #384 [monitord] fix compiler warnings (@cgzones)
• #382 [os_auth] force usage of TLSv1.2 (@cgzones)
• #380 Lua loading paths (@jrossi)
• #336 Fix manage agents keys (@awiddersheim)
• #379 Remove unused files and moved files into correct location. (@jrossi)
• #378 integrations into slack (@jrossi)
• #376 Merge test makefile (@cgzones)
• #374 agentlessd (@cgzones)
• #373 My Old code cleanup (@jrossi)
• #368 rootcheck (@cgzones)
• #367 syscheck (@cgzones)
• #372 addagent (@cgzones)
• #371 util (@cgzones)
• #361 logcollector (@cgzones)
• #364 better file handling on update (@cgzones)
• #363 [tests] set timeout for OS_GetHost() tests to 10 seconds (@cgzones)
• #360 Fix compile warnings printing size_t (@awiddersheim)
• #357 Fix build settings (@awiddersheim)
• #359 os_execd (@cgzones)
• #356 Permission fix (@cgzones)
• #355 Conversion fix (@cgzones)
• #354 fix displaying settings after build (@cgzones)
• #352 fix several -Wextra warnings (@cgzones)
• #353 fix compilation color (@cgzones)
• #351 display defaults for PREFIX and MAXAGENTS in make help (@cgzones)
• #350 Update log.c (@jrossi)
• #345 Makefile tweaks (@ddpbsd)
• #346 Output settings after doing a build (@awiddersheim)
• #347 clean up .gitignore (@cgzones)
• #349 fix spelling (@cgzones)
• #343 gnu make fallout (@ddpbsd)
• #344 fix spelling for clean-internals (@cgzones)
• #334 Makefile need love too (@jrossi)
• #341 fix several Coverity issues (@cgzones)
• #338 Fix include order warnings when compiling win32 (@awiddersheim)
• #339 Remove unused variable (@awiddersheim)
• #324 Better differentiation between web-access and pure-transfer logs (@bchavet)
• #337 Fix compile warnings printing size_t (@awiddersheim)
• #335 fix compilation without ssl (DEFAULT_PORT is not defined) (@cgzones)
• #333 fix postgres (@cgzones)
• #332 os_dbd (@cgzones)
• #331 - Add CIS 1.3 benchmark for RHEL/CentOS 6 (@atomicturtle)
• #330 Decoder and Rules for apache-2.4 error logs (@bchavet)
• #326 use global variable __local_name instead of macro ARGV0 in libraries (@cgzones)
• #328 [os_regex] do not use static maps (@cgzones)
• #329 Update cis_rhel5_linux_rcl.txt (@atomicturtle)
• #325 fixing compiler warnings with "-O2 -Wall" (@cgzones)
• #323 derp, forgot that the domains end in a . (@ddpbsd)
• #322 extra_data doesn't seem to be a supported field for cdb lists. (@ddpbsd)
• #214 adding heloserver name to the options for email (@jrossi)
• #319 test searchAndReplace() with different sizes for search and replace string (@cgzones)
• #316 update postgresql.schema (@sechacking)
• #317 os_maild (@cgzones)
• #318 fix searchAndReplace() (@cgzones)
• #315 Fix host deny (@ddpbsd)
• #313 fix 312 (@cgzones)
• #309 fix for time.h time_t on macosx. (@jrossi)
• #306 I have created a output dir in analysis to move some of the output plugins into. (@jrossi)
• #304 os_net fixes (@cgzones)
• #273 shared review (re-up) (@cgzones)
• #274 config review (re-up) (@cgzones)
• #302 [os_crypto] fix random value (@cgzones)
• #300 Do not truncate OS information in agent_control (@awiddersheim)
• #249 mysql changes - all the mysql related patches from the atomic spec (@jrossi)
• #287 [os_crypto] change timestamp type to time_t (@cgzones)
• #286 [or_regex] fix clang analyzer warning (@cgzones)
• #285 [os_crypto] fix compiler warnings (@cgzones)
• #297 Fix manage_agents help (@awiddersheim)
• #296 [os_csyslogd] fix pull request #246 (@cgzones)
• #291 Fix for CVE-2014-5284 which allows for root escalation via temp files (@jrossi)

2.8.1 (2014/09/09 02:03 +00:00)

• #246 About feedback of data loss and lack of GEOIP (@rhelfter)
• #288 [os_regex] remove unimplemented declaration of 'OS_Match3' (@cgzones)
• #289 [os_xml] remove unused and obsolete debug code (@cgzones)
• #284 [os_xml] update examples (@cgzones)
• #283 [os_regex] update examples (@cgzones)
• #282 reportd outsourcing (@cgzones)
• #272 Unbound (@ddpbsd)
• #279 Remove syscheck-baseline.c (@awiddersheim)
• #280 Remove extract-win-el.c (@awiddersheim)
• #281 Fix help for ossec-rootcheck (@awiddersheim)
• #277 Add defaults to help output (@awiddersheim)
• #270 Remove shared help (@awiddersheim)
• #275 keep repo clean after make all (@cgzones)
• #266 travis (@cgzones)
• #262 remove windows build related file on make clean (@cgzones)
• #261 os net unit tests (@cgzones)
• #264 2.7.1 to 2.8 (@ddpbsd)
• #257 Misc rules (@ddpbsd)
• #259 Random decoders rules (@ddpbsd)
• #260 run unit tests with valgrind (@cgzones)
• #231 Lines sent to SMTP server need to be terminated with , not . (@ibatten)
• #256 More openbsd (@ddpbsd)
• #255 More pam (@ddpbsd)
• #253 Apparmor ini2 (@ddpbsd)
• #252 [tests] fix buffer overflow (@cgzones)
• #251 remove CPATH as it's not used by ossec build, but use used gcc (@jrossi)
• #250 Fix windows builds on travis. (@jrossi)
• #240 os_ crypto (@cgzones)
• #242 os_crypto unittest (@cgzones)
• #243 Apparmor (@ddpbsd)
• #237 Fixing hard-coded paths (@mstarks01)
• #241 fix comment in decoder.xml (@cgzones)
• #233 Fix/accumulator null check (@reyjrar)
• #232 fix crash in is_simple_http_request (@navtej)
• #229 Updated help.txt for Windows (@awiddersheim)
• #227 Fix Windows Installed Date (@awiddersheim)
• #226 Fixes to make.sh for Windows (@awiddersheim)
• #221 [os_regex] set as the inverse of (@cgzones)
• #220 [os_xml] fix 209 (@cgzones)
• #205 Certificate verification for ossec-authd and agent-auth (@mweigel)
• #198 New Feature - Accumulator (Multiline logs with consistent IDs) (@reyjrar)
• #217 regex correction by Christian Hettler (@Nukama)
• #216 Allow + in valid_email_addresses in installer.sh (@Nukama)

v2.8.0 (2014/05/22 13:10 +00:00)

• #208 bug fix of eventchannel timestamp (@jrossi)
• #202 fix active-response on mac os installation (@jknockaert)
• #203 Align eventchannel log format with eventlog, fixes #155 (@gaelmuller)
• #200 os_net fixes (@cgzones)
• #197 Fixes #194. Checks for both paths of openssl (@harshilmathur)
• #195 os_regex review (@cgzones)
• #191 os_regex unit tests #2 (@cgzones)
• #189 Windows agent UI version and Copyright update (@jbcheng)
• #188 os_regex unit tests (@cgzones)
• #187 [tests] explicit enable branch coverage for new version of lcov (@cgzones)
• #186 [os_xml] fix possible array underflows: see coverity (@cgzones)
• #185 Avoid a crash of agentd on Solaris. (@danpop60)
• #173 os_xml refresh2 (@cgzones)
• #180 Use the environment for the CC binary (@jrossi)
• #179 Fixes to win32 installation (@awiddersheim)
• #176 Fix windows agent compile error/warnings #define ENOBUFS, ALERT_SYSTEM_ERR (@jbcheng)
• #175 Moving ossec-lua back to posix so that we do no have a libreadline dep (@jrossi)
• #159 Fixes to win32 (un)installation process (@awiddersheim)
• #160 Added #include for errno.h in os_net.c (@denied39)
• #163 Added more Vista+-associated event IDs for existing rules (@mstarks01)
• #157 Removing event ID 676 (@mstarks01)
• #142 os_xml review (@cgzones)
• #150 Added option to ossec.conf (additional email header) (@dopefish)
• #151 Remove event ID 672 (@mstarks01)
• #145 Fix make.sh files for win32 (@awiddersheim)
• #144 Continue removing the bro-ids stuff (@ddpbsd)
• #120 ossec-lua lua interpreter (@jrossi)
• #139 Unittest os regex (@jrossi)
• #136 Fix compile warnings with win32 (@awiddersheim)
• #134 Remove win32 service start and stop executables (@awiddersheim)
• #133 os_zlib update (@cgzones)
• #132 enable full clang support and remove gcc dependencies (@cgzones)
• #121 removing deploy from travis-ci (@jrossi)
• #131 Added error checking to ossec.conf installation (@awiddersheim)
• #129 Fixes to win32 services (@awiddersheim)
• #125 Fixes to ossec-installer.nsi (@awiddersheim)
• #124 SetDateSave off in ossec-installer.nsi (@awiddersheim)
• #126 Use file command in ossec-installer.nsi (@awiddersheim)
• #130 Show details during win32 installation (@awiddersheim)
• #127 Update manage_keys.c (@awiddersheim)
• #128 Added /? as a parameter to ossec-agent on win32 (@awiddersheim)
• #123 Grandstream ATA decoder (@mstarks01)
• #122 A simple script to calculate OSSEC events-per-second (@mstarks01)
• #119 Fixing route-null active response on Windows (@mstarks01)
• #96 Remove annoying win32ui dialog box (@awiddersheim)
• #118 Remove ui.nsi (@awiddersheim)
• #117 Fixes to ossec-installer.nsi (@awiddersheim)
• #102 Remove debug messages it src/win32/ui/common.c (@awiddersheim)
• #107 Make manage_agents.exe work on win32 (@awiddersheim)
• #116 Fixes to ossec-installer.nsi (@awiddersheim)
• #103 Free install_date pointer (@awiddersheim)
• #115 add eventchannel (again) with proper build (@gaelmuller)
• #108 enable geoip in travis build (@cgzones)
• #114 remove unused source code files (@cgzones)
• #111 Fix win32 ARGV0 names (@awiddersheim)
• #92 fix problem with umlaut in date string when pre-decoding the log message (@ChristianBeer)
• #98 Add install date to win32ui (@awiddersheim)
• #106 Remove os_auth from win-files.txt (@awiddersheim)
• #100 Fix permissions and privilege detection (@awiddersheim)
• #97 Add better version handling to win32ui (@awiddersheim)
• #94 Fix win32 OS detection (@awiddersheim)
• #113 Remove local file additions in setup-win.c (@awiddersheim)
• #109 fix clang -Wall warnings (@cgzones)
• #110 simplify cJSON makefile (@cgzones)
• #104 Fix win32ui messages (@awiddersheim)
• #99 Fix win32 setup log message (@awiddersheim)
• #93 Fix the client status exit code (@pdrakeweb)
• #95 Add to .gitignore (@awiddersheim)
• #105 Adding a new sshd rule for bad packet lengths (@joshgarnett)
• #87 Fix comment in win32/ui/common.c (@awiddersheim)
• #86 OpenBSD deluser rule and remove bro-ids garbage (@ddpbsd)
• #85 fix to segfault introduced by pull request #81 (@ChristianBeer)
• #81 fix resource leaks in active-response.c (@ChristianBeer)
• #68 ignore warning about assignment in condition (@cgzones)
• #82 fix gcc wall warnings seen on travis (@cgzones)
• #71 fix missing returns reported by eclipse (@cgzones)
• #72 surround binary expression with parenthesis (@cgzones)
• #73 fix missing breaks (@cgzones)
• #74 remove unused declarations (@cgzones)
• #75 rename syscheck config struct (@cgzones)
• #76 rename global agent struct (@cgzones)
• #77 fix cyclic header relationship mem_op.h <-> shared.h (@cgzones)
• #80 fixing gcc -Wall warnings (@cgzones)
• #78 exit on error during making zlib or cJSON (@cgzones)
• #69 fix buffer overflow (@cgzones)
• #79 fix spelling preventing building geoip support (@cgzones)
• #66 fix spelling (@cgzones)
• #67 remove static cJSON library on make clean (@cgzones)
• #70 remove complete bin directory on make clean and ignore failure by removi... (@cgzones)
• #65 ignore eclipse project files (@cgzones)
• #61 correct deploy to s3 so that we can test win32 agents. (@jrossi)
• #59 Readme update (@jrossi)
• #58 Make remoted.debug in internal_options.conf work (@awiddersheim)
• #57 removing hg files (@jrossi)
• #56 Cherry-picking in @cgzones geoip clean (@jrossi)
• #55 Merging in changes from @cgzones (@jrossi)
• #53 Travis ci build windows and fix for setenv not being available on win32 (@jrossi)
• #49 Use cJSON instead of writing a custom JSON output format. (@reyjrar)
• #44 Feature: activeresponse with filename (@reyjrar)
• #45 Disable /var/ossec/queue/diff/*state.$epoch files, they were not used. (@reyjrar)
• #43 Adding some additional sshd rules (@joshgarnett)
• #16 Allow NIX agent to use "-f" option and run in foreground (@jrossi)
• #11 Fix the removal of start menu shortcuts for windows agent (@jrossi)
• #8 Add remove agent cmd line option to manage_agents (@jrossi)
• #7 Fix potential infinite loop when adding new agent using file input (@jrossi)
• #9 Add TimeGenerated to the output of Windows Event Logs (@jrossi)
• #21 HandleClient should try to open the m_queue in WRITE mode instead of READ (@jrossi)
• #20 Labrown remoted child pid (@jrossi)
• #17 Fix timeout comment in receiver-win.c (@jrossi)
• #40 eventchannel: fix bug with bookmarks (@gaelmuller)
• #34 better install for eventchannel support (now only 1 installer) (@gaelmuller)
• #38 Output unformatted JSON and include the file path for syscheck alerts in ZeroMQ JSON output (@justintime32)
• #35 Removed keepalive message from win_agent.c when not in debug (@awiddersheim)
• #33 Fix debug level message used by NIX daemons to be more clear (@awiddersheim)
• #14 Make syscheck.debug in internal_options.conf work (@jrossi)
• #13 Awiddersheim fix ossec agent debug internal option nix (@jrossi)
• #18 Make analysisd.debug in internal_options.conf work (@jrossi)
• #2 ZeroMQ Json Output (@jrossi)
• #4 fix openssl operations on non blocking socket (@jrossi)
• #28 add eventchannel support for ossec agent on windows vista or greater (@gaelmuller)
• #25 Validate if a file is readable text when report_changes is set (@northox)
• #12 Made the command line debug level take precedence over what is specified (@jrossi)
• #6 agent_config profiles for windows (@jrossi)