source: trunk/docs/Changelog@ 92

Last change on this file since 92 was 92, checked in by rainer, 18 years ago

Move fd closing more towards program start. Fix OpenBSD 4.0 compatibility for kernel check.
File size: 72.1 KB
RevLine 
[89]12.3.2:
[92]2 * move file descriptor closing more towards program startup
3 * fix samhain_hide module (in-)compatibility with recent kernels
[89]4 * fix regression in full stealth mode (incorrect comparison of
5 bytes read vs. maximum capacity), reported by B. Fleming
6
72.3.1a (21-01-2007):
[87]8 * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used
9 (reported by zeroXten)
10
112.3.1 (21-01-2007):
[85]12 * fix bug that my cause accidental closure of yule TCP socket
13 (problem reported by B. Masuda)
[83]14 * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann)
[79]15 * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump
16 (reported by B. Masuda)
17 * rm report.pl from rules.deb.in (reported by B. Masuda)
18 * samhainctl(): longer timeout (bad status reporting at startup,
19 reported by Phil and by Dan Track)
[78]20 * sh_portcheck.c: make connect errors more descriptive
21 * sh_portcheck.c: fix ignored setting of PortCheckActive
22 * sh_processcheck.c: add statvfs, and wrap for EINTR
23 * sh_portcheck.c: add wrappers for EINTR
24 * report user and executable for hidden processes
25 * fix update failure if reportonlyonce = false (reported
26 by D. Strine)
[76]27 * fix compile error in sh_portcheck.c (problem on cygwin
28 reported by J. D. Fiori)
29 * check filenames ending in space (also for utf8 spaces)
30 * check and escape csv formatted db listing
31 * cache results of sl_trustfile_euid()
32 * trustfile: use 4096 for MAXFILENAME, switch to strncpy
33 * CL option -v|--version for info on version and compiled-in options
34
[78]352.3.0a (01-11-2006):
[75]36 * fix compile failure with portcheck + stealth (reported by lucas)
37
382.3.0 (01-11-2006):
[68]39 * fix concurrency for inserts in oracle db
40 * add acl_(new|old) to database schema
41 * check for selix attributes and/or posix acl
42 * new option UseSelinuxCheck (bool)
43 * new option UseAclCheck (bool)
44 * regression tests for above
45 * add module to check for open ports
46 * add module to check processes (hidden/fake/missing)
47 * use const char* for argument of module configuration callbacks
48
[73]492.2.6 (31-10-2006):
50 * fix missing support for MacOX X init script (reported
51 by Daniel Kowalewski)
[65]52 * fix error about non-readable file with no checksum required
53 * fix server warning about 'no server name known'
54 * fix 'make deb' makefile target
55 * fix default export severity for server
[68]56
[65]572.2.5 (05-10-2006):
[63]58 * fix broken Install.sh, reported by Alexander Kraemer
[61]59 * workaround for glob(3) sillyness on MacOS X (reported by David)
60 * fix for broken resorce fork check (reported by David)
61 * fix for broken compilation on cygwin (reported by Elias)
62
632.2.4 (03-09-2006):
[60]64 * add regression test for the GrowingLogFiles issue to test suite
[59]65 * fixed sh_unix.c: bug in database init if GrowingLogFiles used
66 with signed database (reported by Timothy Stotts)
67 * bug in manual fixed (incorrect documentation of --enable-user,
68 noticed by M. Brown)
69 * rc.subr compatible init script for FreeBSD/NetBSD
[58]70 * improve routine to find rpm after build
[57]71 * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip)
72 * fix error in manual (location of lock file)
[55]73 * fix bug with SuidExclude (files in directory were still checked)
74
[59]752.2.3 (31-07-2006):
[53]76 * fix samhainadmin.pl: check for gpg-agent running if use-agent is set
77 (ticket #28 by anonymous)
[52]78 * fix stealth mode (regression in parser), problem reported by
79 Joschi Kuphal
[54]80 * fix minor typo in sh_database.c (compile problem reported by
81 Joschi Kuphal)
[52]82
[51]832.2.2 (17-07-2006)
84 * minor fixes for regression test scripts
85 * minor updates to the manual (suggested by Brian A. Seklecki)
86 * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+
87 (problem reported by Leonhard Maylein)
88 * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM
89 is not defined
90
912.2.1c (11-07-2006)
[49]92 * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early
93 (Solaris 8 build failure reported by Jesse)
94 * fix sh_unix.c: wrong prototype for sh_unix_mlock()
95 if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by
96 Jonathan Kaufman)
97
[48]982.2.1b (20-06-2006):
99 * fix compile error on SuSE 10.1 (reported by Leonhard Maylein)
100
1012.2.1a (15-06-2006):
[47]102 * fix compile error on i686/MacOS X (reported by Andreas Neth)
103
[48]1042.2.1 (13-06-2006):
[46]105 * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808)
106 * fix compiling with Oracle (noticed by Colapinto Giovanni)
107 * fix configure.ac for most recent autoconf version
108 (debian bug #369503)
[42]109 * fix a regression that would make impossible local updates w/clients
110 * fix a few missing '\n' in sh_getopt.c
[41]111 * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem
[40]112 * fix Solaris package creation
113 * recognize Solaris doors and event ports
114 * fix the idmef_inode_t patch: provide required info to avoid stat()
115 * fix bug on database update: fill in dev and rdev fields
116 * fix get_file_infos() in sh_prelude.c: avoid premature return
117 * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK
[38]118 * deploy.sh: allow to set a group for hosts upon installation
[36]119 * patch by Yoann: fix an issue when setting the idmef_inode_t object
120 * fix memory leaks in error paths in sh_prelude.c
121 * fix concurrent inserts with postgres in sh_database.c
122 * code cleanup
[47]123 * fix manual version in spec file, first noticed by Imre Gergely
[34]124
[48]1252.2.0 (01-05-2006):
[30]126 * patch by Jim Simmons for samhainadmin.pl.in
127 * fix testsuite portability problems
128 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700
129 * fix potential NULL dereference in sh_utmp_endutent()
[29]130 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)
131 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)
132 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)
133 * fix bug in sh_utils_obscurename (check isascii)
134 * scan h_aliases for FQDN if h_name is not
[27]135 * add copyright/license info to test scripts
136 * add copyright/license info to deployment system scripts
137 * support server-to-server relay
[29]138 * new CL option --server-port
[27]139 * minor improvements in manual
[25]140 * patch by Yoann Vandoorselaere for sh_prelude.c
[22]141 * allow --longopt arg as well as --longopt=arg
[29]142 * verify checksum of growing log files (up to previous size)
[22]143 * rewrite of the test suite
[18]144 * added a bit of unit testing
145 * minor optimizations in various places
146 * optimized implementation of tiger checksum algorithm
147 * read in 64k blocks (faster than 4k)
148 * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux
149 file attribute code
150 * kern_head: fix compilation of kernel check module on OpenBSD
151 * updated samhainrc.linux, samhainrc.freebsd
152 * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..)
153 * sh_files.c: fix missing use of flag_err_info
154 * sh_tiger0.c: remove repetitive use of mlock
155 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
156 add function sl_read_timeout_prep
[3]157
[25]1582.1.3 (13-03-2006):
159 * fix compile problem in slib.c (reported by Lawrence Bowie)
160 * fix bug with combination of one-shot update mode and file check
161 schedule (reportedby Dan Track)
162 * improved the windows howto according to suggestions by
163 Jorge Morgado
164 * fix samhain_hide kernel module for new linux kernel versions
165 * fix minor problem with dead client detection (problem reported
166 by Michal Kustosik)
167
[18]1682.1.2 (10-01-2006):
169 * fix startup error with combination of gpg+prelude
170
[5]1712.1.1a (22-12-2005):
172 * fixed a stupid bug in sh_files.c (break if file = dir)
173
1742.1.1 (21-12-2005):
[3]175 * sh_calls.c: protect sh_calls_set_bind_addr against overriding
176 * comINSTALL, updateDB: use locking
177 * samhainadmin.pl: use locking
[1]178 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts)
179 * improve zAVLSearch (remove redundant strcmp)
[3]180 * use AVL tree in sh_files.c instead of linked list (better scaling)
[1]181 * fix bug with suidcheck (no update/check in one-shot mode with
182 schedule instead of check interval; noticed by R. Rati)
183 * fix for problem with '-t update -i' if daemon mode (problem report
184 by Peter van der Does)
185 * fix for bug in sh_util_ask_update (two returns were required ...)
186
1872.1.0 (31-10-2005):
188 * minor fix for cross-compiling with --with-kcheck
189 * sh_forward.c: handle bad fds in the select() fd sets
190 (reported by hmy)
191 * sh_extern.c: fix debugging code
192 * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME
193 (reported by Gabor Kiss)
194 * makefile.in: fix for solaris package creation
195 * sh_mail.c, sh_readconf.c: mail filtering options
196 * sh_database.c: Oracle reconnect on connection failure
197 (bug report by Alexander A. Sobyanin)
198 * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable
199 (problem reported by Peter)
200 * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix
201 * fixes for gcc 4.0.2 compiler warnings
202 * ability to use daemon mode together with update
203 (wishlist Yoan Vandoorselaere)
204 * fixes for debugging
205
2062.0.10a (22-08-2005):
207 * fix for overlapping directory check specification (reported by Bub)
208
2092.0.10 (21-08-2005):
210 * fix for segfault (free() on a constant string) with libprelude
211 (problem reported by Grae Noble)
212 * upgrade FreeBSD kernel check to 5.4, minor fixes
213 * useful script for users of Linux kernel check
214 (contributed by marc heisterkamp)
215 * documentation improvements (suggested by Brian Seklecki and Robby)
216
2172.0.9 (25-08-2005):
218 * samhain_erase.c: add #define for NULL
219 * sh_suidchk.c: fix incorrect use of escaped filename
220 * sh_prelude.[ch], sh_readconf.c: configurable mapping from
221 samhain severity to prelude severity
222 * sh_unix.h: second arg of gettimeofday should be NULL
223 * sh_files.c: fix checking of directory special file (use specified
224 policy, not that of parent dir, problem found by Brian A. Seklecki)
225 * sh_entropy.c: longer timeout for entropy collector
226 * sh_socket.c, sh_forward.c: allow probing of clients for
227 necessity of configuration reload
228 * yulectl: minor fixes, option -v (verbose), new command PROBE
229 * fix 'File not found' messages for files flagged with IgnoreMissing
230 * sh_database.c: strip newline from oracle error messages
231 * sh_files.c: fix rsrc fork issue with MacOS X Tiger
232 (reported by A. Koren)
233 * never compute checksum if not checked (problem report by D.Hughes)
234 * sh_prelude.c: cleanup and bugfix by Yoann
235 * sh_hash.c: for prelude, make sure mode is supplied with user/group
236 and vice versa
237 * sh_prelude.c: provide proper FileAccess objects (bug
238 report by Mihai Ilinca)
239
2402.0.8 (03-07-2005):
241 * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than
242 $LIBPRELUDE_CFLAGS (bugfix by Yoann)
243 * samhain.spec.in: remove support for chkconfig (it's too buggy).
244 Strangely, if invoked as install_initd it behaves sanely ...
245 * src/sh_err_log.c: fix key input (this time for real)
246 * fix --with-altlogserver (bug from 2.0.7b)
247 * remove server socket in start/stop script
248
2492.0.7e (not released):
250 * Makefile.in: introduce a total of 6 sec delay for 'make' utilities
251 that use 1 sec resolution, and consider target out-of-date if
252 timestamp(target) = timestamp(dependency) ...
253 * src/sh_err_log.c: fix key input
254 * another fix for yulectl (use pwent->pw_dir)
255 * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH
256
2572.0.7d (not released):
258 * one more fix for the spec file (stupid rpm finds tags in comments!!!)
259
2602.0.7c (not released):
261 * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH
262 * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes
263 * samhain-install.sh.in: fix test -z $verbose
264 * sh_hash.c: speedup database reading
265 * Makefile.in: fix the problem that BSD make would make too much
266 * deploy: yulerc.clients -> yulerc.install.db, provide
267 $defdatabase for backward compatibility
268 * deploy: allow for comma in client_install_date
269
2702.0.7b (not released):
271 * hp_ux.psf.in: fix psf file
272 * dsys/comINSTALL: fix $yule_date -> $yule_data
273 * Makefile.in: fix 'make depot'
274 * sh_tools.c, sh_unix.c: fix detection of open file limit
275 * sh_readconf.c: reset read_mode after reading conf file
276 * yulectl.c: better error messages, use homedir from getpwuid(geteuid)
277 * init/samhain.startLSB.in: fix misleading message in lsb init script
278 * sh_forward.c: better display for nonce u in debug mode
279 * sh_tiger*.c: fix checksum for HP-UX 64bit
280 * samhain.c: don't fetch database twice
281 * configure.ac: accept nodename for --with-logserver=...
282 * samhain_setpwd.c: return proper exit status for samhain_setpwd
283 * respond to SIGTERM on initializing
284 * fix problems with samhainadmin.pl
285 * sh_utils.c: fix bug with AddOKChars (found by Karol)
286
2872.0.7a (not released):
288 * remove 'df' from entropy gatherer (NFS may hang)
289 * modify va_copy check (doesn't work with HP-UX PA64 compiler)
290 * fix compile warnings in sh_database.c
291 * samhain-install.sh.in: check for /usr/bin/false in /etc/shells
292 * fix install-boot on HP-UX
293 * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE
294
2952.0.7 (11-06-2005):
296 * yet another fix for the spec file (use internal dependency generator)
297 * sh_error.c, sh_prelude.c: init libprelude after open fds are closed
298 * error message if queue is full
299 * fix two compiler warnings on HP-UX
300 * fix sh_mail.c for Interix (no resolver routines)
301 * fix sh_unix_initgroups2() if no initgroups() function (bug reported
302 by Geries Handal)
303 * remove references to 'struct timezone' (Interix; problem
304 reported by Geries Handal)
305 * init/stop for prelude on SIGHUP
306 * sh_cat.h: fix a stupid bug with messages classes
307 * manual: new section on nagios (with help from kiarna),
308 more on prelude
309 * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere)
310 * default prelude profile name now is 'samhain' (lowercase)
311 * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere)
312 * remove obsolete check for linux/module.h, linux/unistd.h
313 * remove dependency on virtual/glibc in gentoo ebuild
314 (problem reported by Willis Sarka)
315
3162.0.6 (01-03-2005):
317 * sh_prelude.c, configure.ac, aclocal.m4: support for
318 libprelude 0.9 (Yoann Vandoorselaere)
319 * sh_html.c: fix bug with entry.html template (reported by
320 Stephane Sanchez)
321 * Install.sh: fix mandir option (reported by Rodney Smith)
322 * Fixed Linux/64bit bug in definition of EUIDSLOT
323 * New targets 'make depot', 'make depot-light' (HP-UX, untested)
324 * Use sstrip for RPMs and DEBs (automatic stripping disabled)
325 * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al.,
326 problem noticed by Yoann Vandoorselaere)
327 * Modify samhain.spec.in to disable automatic stripping upon install
328 * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb'
329 for '--with-khide' (problems reported by Mark)
330 * Fix compile error in sh_tools.c on HP-UX 10.20
331 (problem reported by Dennis Boylan)
332 * Runtime configuration of server listening port (wishlist)
333 * Runtime configuration of server listening interface (wishlist)
334 * Ignore SIGTTIN (consistency)
335 * Use SIGTTOU to force file check (wishlist)
336
3372.0.5b (01-04-2005):
338 * Fix build problem b/o timestamp on stamp file
339
3402.0.5a (16-03-2005):
341 * Fix problem with 'make rpm' (reported by Dirk Brümmer)
342
3432.0.5 (02-03-2005):
344 * Fix bug with partial reads from clients in server
345 (bug report by Brian)
346 * Support gpg checksum bootstrap with yule
347 * Support mount option check on HP-UX
348 * For MAIL FROM, use 'example.com' as domain part if
349 hostname is numeric (problem reported by Eric Raymond)
350 * The HOWTO-write-modules has been updated.
351 * Convenience functions to insert data in database have been
352 added.
353 * Use int0x03 only on i386 in sh_derr() (portability problem
354 reported by John Mandeville)
355
3562.0.4 (09-02-2005):
357 * Fixed broken 'make deb' (problem report by olfi)
358 * Fixed minor bug in test scripts (detection of gmake vs. make)
359 * Fixed Tru64/OSF compile warnings (reported by B. Terp)
360 * Normalize list parsing to allow comma, space, and tab as separators
361 * Some more descriptive error messages in kern_head.c
362 * Absolute path to utilities in init/samhain.startLinux.in
363 * Fixed is_root variable in deploy.sh
364 * Fixed 'deploy.sh info'
365 * Fixed 'deploy.sh install' client startup
366 * Fixed 'make tbz': don't remove ebuild scripts in 'make dist'
367 (issue reported by W. Sarky)
368
3692.0.3 (14-12-2004):
370 * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith)
371 * Fix missing sys/time.h include in slib.c (reported by Jonas)
372 * Workaround for file closing problem with Prelude+GPG
373 * Fixed memory leak with Prelude.
374 * Fixed bug in samhain_stealth (PGP signature not correctly
375 retrieved from hidden configuration; report and patch by V. Tuska)
376 * Added Perl script to concatenate file signature database files
377 * Fix compile error with combination of --enable-nocl and
378 --enable-stealth (reported by Zdenek Polach)
379 * Fix bug in dsys/initscript with --enable-nocl
380 * Fix declaration of sh_kern_timer()
381 * Fix missing Mounts+Userfiles options in appendix of manual
382 * Updated the README (bug report by H. Franzke)
383 * Fix some compiler warnings
384
3852.0.2a (09-11-2004):
386 * Fixed OoM condition when client rc file not found (reported by Eilko)
387
3882.0.2 (08-11-2004):
389 * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code)
390 * Fixed uninitialized variable in sh_mail_msg() (problem reported
391 by Michael Milvich)
392 * Fixed potential NULL pointer dereference in sh_hash_compdata()
393
3942.0.1 (01-11-2004):
395 * Fixed compilation bug reported by jue (--with-kcheck broken).
396 * Fixed start option (bug reported by sanek). Behaviour wrt.
397 environment variables depended on the way the daemon was started.
398
3992.0.0 (31-10-2004):
400 * The deployment system has been rewritten from scratch in
401 a cleaner and more modular and extensible way. Deployment
402 of native packages is supported now.
403 * The build system has been revised. Building outside the source
404 directory is supported now.
405 * Support for checksumming of prelinked executables / libraries
406 has been added.
407 * The configure script now checks for the SSP/ProPolice patch in GCC,
408 and enables it if present.
409 * The install-boot option in samhain-install.sh has been fixed
410 (use absolute paths for sbin utilities).
411 * A nagios plugin (scripts/check_samhain.pl) has been added.
412 * The LSB (Linux Standard Base) init script has been fixed (the output
413 was incorrect).
414 * Fetching of built binary packages has been
415 fixed ($(PACKAGE)->@install_name@).
416 * For files in proc, the timeout has been reduced, and no error
417 messages are issued upon timeout.
418 * A function has been added to print out full details for missing
419 files if encountered while in sh_files().
420 * The reporting for SuidCheck has been fixed (incorrect policy
421 noticed by JiM).
422 * On Linux, SuidCheck does not report on files marked as candidates
423 for mandatory locking (group-id bit set, group-execute bit cleared).
424 * Fix for oracle init script (by Matt Warner)
425
4261.8.12b (11-10-2004):
427 * fix bug in MSG_MSTAMP (%ld -> %lu)
428 * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL,
429 mkdir mode for quarantine directory
430 * fix the fix for modlist_lock search in System.map
431
4321.8.12a (01-10-2004):
433 * fix bug in samhain-install.sh.in (only occurs on Solaris), reported
434 by J. Roland
435
4361.8.12 (27-09-2004):
437 * fix compile bug with --enable-static + --with-database=postgresql
438 * fix search for modlist_lock in System.map
439 * password auth for yule command socket (request by D. Kocic)
440 * more info about pending/sent commands to clients
441
4421.8.11 (30-08-2004):
443 * fix static linking on Linux by use of replacement routines from
444 uClib - however, this means, there is no NIS support anymore
445 * new option AddOKChars=... to modify the set of characters for
446 filenames considered 'obscure'
447 * new option HardlinkOffset=... to specify an offset from the canonical
448 hardlink count for a directory
449 * fix some warning with HP 11.23 native compiler
450 * fix minor OpenBSD portability problems (EIDRM, compiler warning)
451 * samhainrc.5, samhain.8: updated the man pages
452 * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name'
453 for AllIgnore
454 * sh_kern.c: fix 'update' to display modifications
455 * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized
456 fields)
457 * stealth kernel modules: fix for linux 2.6, fix
458 redefine of KERNEL_VERSION
459 * warn about stealth kernel module problem with 2.6 in manual
460 * sh_unix.c: remove some cruft
461 * fix a typo in the manual (noticed by J. Rubin)
462 * configure.ac: re-order output from libprelude-config (required
463 for static linking - problem reported by E. Neber)
464 * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel
465
4661.8.10b (13-07-2004):
467 * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported
468 by Pat Smith)
469
4701.8.10a (13-07-2004):
471 * depend-gen.c: fix for FreeBSD 'make' which does not understand
472 the dependencies ... (problem reported by David Thiel)
473
4741.8.10 (13-07-2004):
475 * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy
476 (bug report by VZoubkov)
477 * fix some warnings (unreachable statement) with HP-UX native compiler
478 * kern_check.c: silence warning about 'sendfile' for 4.10
479 (noticed by Ryan Beasley)
480 * modify depend-gen.c to ignore sh_gpg_chksum.h
481 * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h)
482 * .. and for fingerprint
483 * sh_suidchk.c: fix some compiler warnings on solaris
484 * allow commas to separate multiple entries in a RedefXXX= directive
485 * replace sleep/usleep with nanosleep wrapper function
486 * replace alarm() for read timeout with select() in sl_read_timeout
487 (should fix bug reported by Scott Kelley)
488 * increase lstat/open timeout to 6 sec
489
4901.8.9 (16-06-2004):
491 * made 'no action specified' error message more informative
492 (suggested by Stephen Gill)
493 * fix memory leak in mysql sh_database_query() (bug report by Dejan)
494 * remove some cruft from the code
495 * sh_files.c: check MacOS X resource forks (idea from Osiris)
496 * sh_files.c: no hardlink check for MacOS X
497 * sh_util_ask_update: fix bug with no terminal in non-interactive mode
498 (report and debug data by Kris Dom)
499 * manual refactored
500 * fix redundant messages when updating with suidcheck
501 * allow interactive update for suid files
502 * don't remove the TZ environment variable to guard against
503 misconfigured hosts
504 * also use gethostname if uname returns possibly truncated name
505 * fix improper file descriptor handling in sh_mail.c (bug report
506 by Alex Weiss)
507 * cleanup MBLK cruft
508 * use SH_ALLOC/SH_FREE in sh_prelude.c
509 * update sstrip to Version 2.0
510
5111.8.8 (25-05-2004):
512 * fix compilation problem on AIX 5.2 (nameser_compat.h; report by
513 Tim Evans and Ian McCulloch)
514 * don't check for trusted paths on Cygwin
515 * add Windows HOWTO written by Kris Dom
516 * kern_check.h: extend FreeBSD syscall table for 5.x
517
5181.8.7a (03-05-2004):
519 * sh_mail.c: fix subject length
520 * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom)
521 * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug
522 (compile problem reported by Kris Dom)
523
5241.8.7 (01-05-2004):
525 * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing
526 empty mails (introduced with segfault fix in 1.8.6, report
527 by Kris Dom)
528 * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal,
529 try to reopen on controlling terminal if not
530 * sh_utmp.c: fix order of options (problem report by Uri)
531 * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop
532 (may cause segfault on null dereference for missing files)
533 * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type,
534 sh_unix_getinfo_attr)
535 * don't use dh_installmanpages in 'make deb' (samhain/yule conflict
536 reported by xavier)
537 * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c
538 (suggested by Kris)
539 * include nameser_compat.h in sh_mail.c (for MacOS X,
540 suggestion by jna)
541 * sh_utmp.c: fix time for logout events (reported by Erich
542 van der Velde)
543
5441.8.6 (15-04-2004):
545 * add CL option to set threshold for prelude and RDBMS
546 * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer
547 dereference; reported by Micha Silver)
548 * fix compiling with --disable-encrypt (reported by Pat Smith)
549 * fix minor problem in scheduler (don't return before all schedules
550 are tested, to set last_exec correctly)
551
5521.8.5 (05-04-2004):
553 * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD
554 problem (endless loop; report and debugging aid by Joe MacDonald)
555 * fix hardlink check (null dereference in error message, segfaults
556 on solaris - noticed by Bob Bloom)
557 * sh_suidcheck: don't truncate quarantined file if nlink > 1
558 * fix Install.sh (no --seperate-output with --radiolist); patch by
559 Greg Kimberly
560
5611.8.4 (17-03-2004):
562 * add Prelude patch by Patrice Bourgin
563 * add license statement to sh_mounts.c, sh_userfiles.c after
564 receiving a clarifying e-mail from Cian Synnott
565 * support UsePersistent = no for Oracle (problem spotted and fix
566 tested by Michael Somers)
567 * fix bug in samhainadmin.pl
568 * sh_gpg.c: describe type of gpg error (if any)
569 * fix persistent connections with postgresql (reported by
570 Erwin Van de Velde)
571 * prelude: local 'meaning' shadows global in sh_prelude_alert
572 (spotted by David Maciejak)
573 * uname: workaround for cases where nodename would be a possibly
574 truncated FQDN (problem reported by Cian Synnott)
575 * re-write parts of sh_kern.c, store kernel info in baseline database
576 -> no need to recompile after kernel upgrade
577 * modify timeouts in sh_unix_getinfo, add timeout warning
578 * change handling of dangling symlinks (store in db)
579 * fix typo with MSG_FI_OBSC2 (double slash)
580 * remove redundant operation in sh_utils_safe_name
581 * fix occasional random start bytes of long messages in
582 sh_error_string (sl_strlcat -> sl_strlcpy)
583 * provide details for missing files (as for added files)
584 * remove duplicate message for no such group/user
585 * add fixes for samhain.oracle.init (supplied by Michael Somers)
586 * fix date insertion for Oracle (fix by Michael Somers)
587 * manual: fix incorrect statement about RPM (noticed by
588 Lars Kellogg-Stedman)
589
5901.8.3 (02-02-2004):
591 * add a HOWTO-client+server-troubleshooting document
592 * fix another bug with SIGUSR2 (suspend mode)
593 * new option SetBindAddress (--bind-address=...) to force
594 interface for outgoing connections on multi-interface box
595 * don't link against libgmp if not required (i.e. standalone)
596 * test for ext2fs/ext2_fs.h or linux/ext2_fs.h
597 * new make targets 'emerge' and 'tbz2' for gentoo
598 * update rules.deb.in based on the Debian package
599 by Javier Fernandez-Sanguino
600 * updated config.guess, config.sub to version 2002-09-05
601 * external command: report failure only once
602 * console: reset failure status after success
603 * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility
604 * use persistent connection to database by default
605 * option UsePersistent=no to switch off persistent connection
606
6071.8.2 (19-01-2004):
608 * sh_userfiles.c: new option UserfilesCheckUids (requested)
609 * sh_error.c: server: don't log to logfile before dropping root
610 * new script scripts/samhainadmin.pl (administrative tasks for
611 signed config/database files)
612 * add changes code to log_msg for reports on modified files
613 * change default log threshold to 'mark', as 'none' tends
614 to confuse new users
615 * faster response time for SIGUSR2
616 * revised (mostly backward-compatible) message classes
617 * fix missing check of mailTime in server select loop
618 * add support for libprelude (version 0.8.10)
619 * fix format for MSG_E_GRNULL (reported by Stefan Hudson)
620 * fix Bourne shell incompatibility (export) in samhain-install.sh
621 (first reported by David Thiel)
622 * fix typo in spec file (first reported by Christian Vanguers)
623 * remove some cruft (signal handler, memory handling)
624 * return from sigterm handler, rather than exit directly
625 (re-entrancy problem causes more problems than it's worth)
626
6271.8.1 (03-12-2003):
628 * fix gmp detection (problem pointed out by Nix)
629 * fix/improve the error message if test compiling with mysql fails
630 * new CL option --interactive for interactive db update
631 * fix some compiler warnings from IRIX MIPS compiler
632 * kern_head.h, kern_head.c: option to disable IDT check
633 * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6)
634 * sh_utmp.c: count number of logins (request by Erwin Van De Velde)
635 * change username -> userid, remove (long) userid (bug noticed
636 by Erwin Van De Velde)
637 * emit ADDED message for new SUID/SGID files
638 * add trailing slash to excluded directory if there is none
639
6401.8.0a (04-11-2003):
641 * sh_error.c: remove two debug printf's
642
6431.8.0 (31-10-2003):
644 * manual: make ps file fit on both a4 and letter paper
645 * sh_socket.c, sh_socket.h, sh_forward.c: socket interface
646 to send (quit/reload) commands to clients
647 * sh_forward.c, configure.ac: enable build with libwrap
648 (Wietse Venema's TCP Wrappers library)
649 * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c:
650 new option to suppress messages for new and/or deleted files
651 * samhainrc.aix5.2.0: contributed by Christoph Kiefer
652 * samhain.c: fix compile warning on solaris (noticed by Ian Hunt)
653 * sh_database.c: undef debug code for oracle
654 * samhain.oracle.init: contributed by Joern Michael Krueger
655 * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c,
656 sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h:
657 check-mounts and userfiles modules contributed by eircom.net
658 * sh_utils.c: fix off-by-one bug in sh_util_compress()
659 * sh_forward.c, sh_tools.c, configure.ac:
660 version 2 client/server protocol
661 * sh_mail.c: add %S to include severity in subject (user request)
662 * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD
663 * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline
664 for --enable-ptrace
665 * samhain.c: lower priority for 'uninitialized module' message
666 * sh_entropy.c: lower priority for message if /dev/random blocks and
667 /dev/urandom is available
668 * improved error messages in sh_readconf.c
669 * print system error message for getpwuid, getgrgid
670 * fix missing module init after SIGHUP (noticed by Cian Synnott)
671
6721.7.12 (13-10-2003):
673 * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10)
674 thanks to bug reports by Jason Martin and Matthew P. Cox
675
6761.7.11 (01-09-2003):
677 * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h:
678 - change SIG_USR1 to switch between dbg on/off
679 - change SIG_USR2 to switch between suspend on/off
680 - fix CLT_ILLEGAL to actually work
681 - introduce new state CLT_SUSPEND
682 - force reauthentication after suspend
683 * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024
684 * sh_suidchk.c: better AIX fs detection (Christoph)
685 * sh_entropy.c: increase buffer size for unix entropy gatherer
686 (problem reported by D. Danielson)
687 * default config files: add lots of comments, list more options
688 * sh_error.c: set default severities to 'crit'
689 * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config
690 file syntax, issue warnings (triggered by C. Kiefer)
691 * Makefile.in: handle depend-gen errors more gracefully
692 * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens)
693 * configure.ac: workaround for mysql_config weird output
694 (reported by G. Faron)
695 * sh_unix.c, sh_tiger0.c: check IO limit during read of large files
696 * depend-gen.c: close streams before attempting to rename (Cygwin)
697 * Makefile.in: fail gracefully if depend-gen fails
698 * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER
699
7001.7.10 (27-07-2003):
701 * FreeBSD init script: define $pidfile (reported by D. Thiel)
702 * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2
703 * sh_schedule.c: fix bad array size
704 * samhain.c: fix pid_t <> int casts
705 * sh_kern.c: fix repetitive messages
706 * configure.ac: try to bootstrap if TIGER192 not supported by gpg,
707 provide a detailed error message
708 * configure.ac: try harder to locate mysql
709 * docs/Changelog: retroactively add release dates, if known
710 * sh_mail.c: fix potential message truncation in mailer
711 * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable
712 * sh_readconf.c: fix segfault (dereference of uninitialized pointer)
713 if --with-gpg and --enable-stealth are used together (reported
714 by Anthony Caetano)
715 * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive
716 error messages (larger GLOB_LEN, stat fills aud_err_message)
717
7181.7.9 (30-06-2003):
719 * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory),
720 problems with SIGABRT noticed by Brian and Alf B Lervåg
721 * deploy.sh.in: fix some bugs (found by Alf B Lervåg)
722 * scripts/chroot.sh: fix typo (found by Alf B Lervåg)
723 * configure.ac (khide): search also for 'd sys_call_table' (noted by
724 cuek_saja)
725 * strip whitespace before checking gpg checksum (noted by D. Thiel)
726 * manual (faq section): explain how to stop console output
727 * Makefile.in: fix re-naming of yule with --enable-install-name
728 * HOWTO-client+server.html: fix typo (noted by xavier renaut)
729 * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1)
730
7311.7.8 (28-05-2003):
732 * sh_unix.c: new mlock implementation with reference count
733 and page alignment (fix for solaris problem)
734 * kern_head.c: search also for 'xxxxxxxx d sys_call_table'
735 * sh_html.c: write status comment (for Beltane 2)
736 * add CL option --delimited for comma-delimited signature database dump
737 * sh_mail.c: check exit status of push_list to fix counting bug
738 (bug reported by Alan Moore)
739 * configure.ac: add error message to --with-libs
740 * fix spelling of $DAEMON in init script (noted by C. Grigoriu)
741 * fix missing initgroups()
742
7431.7.7 (06-05-2003):
744 * sh_forward.c: fix bug if compiled with --enable-udp, but disabled
745 in config file (found by Andy OBrien)
746 * sh_database.c: sh_database_entry(): size -> c_size (two places)
747 to fix writing of '\0' to arbitrary places :(
748 (problem pointed out by Stefan Giesen)
749 * profiles/*/configopts: fix --with-base -> --enable-base
750
7511.7.6 (24-04-2003):
752 * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen
753 * fix samhain_hide for the O(1) scheduler used by RedHat:
754 configure.ac, acconfig.h: check for next_task in struct task_struct
755 samhain_hide.c: use find_task_by_pid if no next_task in task_struct
756 * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning
757
7581.7.5 (15-04-2003):
759 * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag
760 * manual: point out the bmaxdata problem on AIX in faq section
761 * trustfile.c: don't check symlinks (permissions of directory count)
762 * sh_schedule.c: fix problem with daylight saving switchover
763 * sh_samhain.c: close all open fd's >2 before reading the conf file
764 * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing
765 user
766 * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error
767 * sh_forward.c: place timestamp code before select() timeout handler
768 * fix incorrect class of timestamp messages (conflict with manual)
769 * sh_readconf.c, sh_forward.c: new config option SetStripDomain
770 * configure.ac: add warning if /lib/modules/`uname -r`/build/include
771 not found
772 * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table
773 address from System.map)
774 * sh_err_syslog.c: fix for Solaris
775 * samhain.spec.in: strip REQ_FROM_SERVER from config file install path
776
7771.7.4 (21-03-2003):
778 * configure.ac: fix bug in defargs (--with-base > --enable-base)
779 * aclocal.ac: detect unsupported options
780 * kern_check: add syscalls, skip unused syscalls
781 * fix Manual (--enable.../--with... inconsistency)
782 * add two HOWTOs (signed files, server/client)
783 * moved manual into new subdirectory docs/
784 * add admin scripts by S.Bailey/M.Redinger
785 * option to have a version string in db file
786
7871.7.3 (23-02-2003):
788 * samhain-install.sh: use yule user key for signing on install
789 * fix a bug in sh_err_console.c (attempted write to const char)
790 * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg
791 * Makefile.in: make target 'trustfile' depend on config.h
792 * configure.ac: don't use install_name before it is defined ...
793 * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2
794 * samhain.c: make sure daemon cannot be forced into 'update' mode
795 * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile)
796
7971.7.2 (04-02-2003):
798 * sh_kern.c: use sys_call_table address from System.map
799 * fix for reserved SQL keyword 'group'
800 * add AC_SYS_LARGEFILE to configure.ac
801 * allow separate client-specific log files for server
802 * sstrip.c: compile sstrip code only for i386
803 * sh_unix.c: closeall: don't close trace file
804 * slib.c: don't trace sl_is_suid (leads to recursion in trace handler)
805 * samhain-install.sh.in: fix detection of LSB compliant systems
806 * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks
807 * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd
808 (may block otherwise, for no good reason apparently ...)
809 * samhain.spec.in: replace %configure with ./configure
810 * sh_unix.c: re-write signal handling (use __malloc_hook et al. to
811 check whether we are in the middle of a free/malloc/realloc/memalign)
812 * sh_unix.c: use new safe_logger() function to log from signal handler
813 * sh_err_log.c: fix xml
814 *
815 * fix Makefile.in to exit non-zero on compile failure
816 * database init: create index on log_host, entry_status
817 * sh_suidchk.c: fix path building
818 * sh_tiger0.c: read larger blocks
819 * sh_hash.c: cast inode to UINT32
820 * sh_tools.c: check that config/database files size fits in uint
821 * sh_error.c: export flag_err_debug to avoid unnecessary calls
822 * sh_unix.c: save the open() call in sh_unix_getinfo_attr()
823 * profiles/redhat_i386/bootscript: add # description field
824 * deploy.sh.in: set owner + permissions for files in yule_filedir
825 * profiles/debianlinux_i386: fix bootscript
826 * Makefile.in: fix deploy file lists and targets (include init+scripts)
827 * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE
828 * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h)
829 * sh_err_syslog.c: split long messages rather than truncating
830 * sh_error.c: allocate msg to fix truncation limit
831 * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited
832 filedescriptors may exceed FOPEN_MAX, causing problems in
833 sl_open_file)
834 * sh_err_console.c: avoid stdio
835 * trustfile: dirz: make swp[] static
836 * slib.c: speed up sl_strlcat
837 * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX)
838 * remove some unused code
839 * slib.c: support long long int in the snprintf replacement
840 * configure.ac: new configure macro to check whether sa_sigaction works
841 * Makefile.in: make sstrip, encode dependent on config.h
842
8431.7.1a (08-01-2003):
844 * fix a syntax error in samhain-install.sh.in
845
8461.7.1 (07-01-2003):
847 * search runlevel scripts in ./init or ./
848 * handle all distro-specific Linux runlevel script issues
849 within a single script
850 * support install-boot on Yellow Dog Linux and Slackware
851 * samhain-install.sh: fix a bug for unknown Linux
852 ('"' not closed, DVER not set)
853 * samhain-install.sh: check for /etc/yellowdog-release
854 * sh_database.c: fix missing entry for 'userid' in attr_tab[]
855 * fix debian.rules.in (disable sstrip)
856 * update make targets: 'srpm', 'srpm-dist', 'rpm'
857 * check for zlib if mysql is used
858 * workaround for NetBSD bug with libresolve
859 * fixed problems with spec files
860
8611.7.0 (22-12-2002):
862 * improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>)
863 * sh_unix.c: fix a dereferenced static pointer in tf_trust_check
864 * runlevel scripts: remove pid file after stop
865 * make the data directory read-only for the daemon
866 * treat 'localhost' specially in MX resolver
867 * sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail>
868 * deploy.sh.in: fix quoting (fix by Simon Bailey)
869 * slib.c: make sl_get_euid et al. behave well if uids not stored
870 * trustfile.c: use euid = uid(SH_IDENT) if server
871 * sh_mail.c: include an MX resolver
872 * Makefile.in: install-user routine for user installation
873 * have yule drop root
874 * sh_tools.c: open_temp use logdir if server
875 * unified options for runlevel script
876 * HP-UX, IRIX runlevel scripts
877 * AIX inittab entry
878
8791.6.6 (13-12-2002):
880 * configure.ac: solaris cc -O2 -> -xO2
881 * sstrip.c: avoid alpha architecture
882 * profiles/solaris/configopts: no --enable-static
883 * sh_forward.c: sh_forward_req_file: copy argument to local array
884
8851.6.5 (04-12-2002):
886 * sh_utmp.c: set userlist = NULL in sh_utmp_end ()
887 * sh_unix.c: do not assume that environ is sane
888 * exit handler: write </trail>
889 * sh_log_file(NULL): test sh.flag.log_start != S_TRUE
890 * FreeBSD rc script does not blindly accept content of pid file
891 * configure.ac: allow 'localhost' for log server
892 * sh_calls.c: retry_connect: ntohs (port)
893 * testrun_2[abc].sh: --with-logserver=localhost for client
894
8951.6.4 (12-11-2002):
896 * sh_tools.c: fix error when escaping '=<'
897 * fix the 'make srpm' target
898 * deploy.sh.in: avoid that client is named 'yule'
899 * define memset to sl_memset
900 * fix type cast of uid_t, gid_t
901
9021.6.3 (31-10-2002):
903 * fix options for Sun/Solaris native compiler
904 * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error
905 * test sstrip on freebsd
906 * default config file for freebsd
907 * make target to build .deb packages
908 * sh_readconf.c: fix bug in error message
909 * samhain.c, sh_suidchk.c: fix initialization of suidchk
910 * samhain-install.sh.in: don't remove config file by default
911 * samhain-install.sh.in: support complete de-installation
912 * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris
913 * samhain-install.sh.in: check more paths
914 * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue]
915 * sh_calls.c: save error message in retry_lstat()
916
9171.6.2 (04-10-2002):
918 * make target to build rpms
919 * update samhain.spec.in, samhain.startRedHat
920 * support DESTDIR, as in 'make DESTDIR=/what/ever install'
921 * explicitely set -fno-omit-frame-pointer b/o gcc bug
922 * mv configure.in to configure.ac to benefit from autoconf wrapper
923 * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP
924 * slib.c: fix debug messages (no msgs for dlogActive <= 1)
925 * sh_schedule.c, samhain.c, sh_suidchk.c:
926 scheduler may accept multiple schedules
927
9281.6.1 (04-09-2002):
929 * sh_schedule.c: bugfix (executes only after first day)
930 * rm obsolete WITH_TRACE stuff
931 * new dlog() function for debug logging
932 * some more descriptive error messages
933
9341.6.0 (27-08-2002):
935 * omit the -fomit-frame-pointer option (bugs in some gcc versions ?)
936 * sh_error.c: fix escape mode when logging to database
937 * sh_forward.c: fix error (twice escape) in recv_syslog_socket
938 * sh_tools.c: change escape mode for server-received data
939 * sh_mem.c: change ulong -> size_t in sh_mem_malloc()
940 * configure.in: fix localstatedir if --prefix=USR
941 * sh_hash.c: snprintf() -> sl_snprintf()
942
9431.5.5 (07-08-2002):
944 * sh_err_log.c: fix incorrect xml syntax for client messages
945 logged by server
946 * sh_err_log.c: fix incorrect '</trail>' entries on client EXIT
947 * sh_files.c: introduce file_class_next
948 this fixes the problem that a policy for the directory
949 inode erroneously becomes a policy for the directory itself.
950
9511.5.4 (17-07-2002):
952 * sh_hash.c: fix buffer overflow with (micro-)stealth
953 * sh_database.c: set path[] 1024 -> 12288
954 * sh_database.c: set query[] 2048 -> 16383
955 * sh_database.c: set values[] 1024 -> 16383
956 * sh_forward.c: larger limit for message size (16 kB)
957 * trustfile.c: set MAXFILENAME 2048 -> 4096
958 * fixed a bug in the handling of filenames with embedded newlines
959 * sh_files.c: fix missing sh_util_safe_name() in debug output
960 * --with-sender can specify a full address
961 * fix xml log in a backwards compatible way
962
9631.5.3 (03-07-2002):
964 * fix combination of stealth and sql logging
965 * fix some more places where invalid UIDs/GIDs trigger errors
966
9671.5.2 (01-07-2002):
968 * include solaris config file from (sean [at] boran d.o.t com)
969 * test for files/dirz defined twice in the configuration file
970 * option to disable reverse lookup on outbound connections
971 * option to use socket peer as client name (with name resolving)
972 * sh_html.c: fix an HTML bug (twice </head><body>)
973 * sh_suidchk.c: fix warning on AIX b/o dirname()
974 * allow logging server -> syslog if yule is NOT configured to
975 receive syslog messages
976 * define PRIi64 to "lld" if undefined
977 * invalid UIDs: use gid/uid as name, error level SeverityNames
978 * minor fixes for connect_port
979 * sh_hash.c: flush output of db listing before _exit()
980 * configure.in: fix incorrect default ${install_name} for server
981 * configure.in: try harder to find mysql.h / libpq-fe.h
982 * sh_files.c: sh_files_checkdir:
983 closedir() early to not exhaust OPEN_MAX
984
9851.5.1a (30-05-2002):
986 * fix missing LSB init script
987
9881.5.1 (27-05-2002):
989 * fix '-t update' option
990
9911.5.0a (23-05-2002):
992 * fix configure.in
993
9941.5.0 (22-05-2002):
995 * include solaris nosuid patch from (nathoo [at] co d.o.t ru)
996 * similar fix for bsd nosuid
997 * speed up -t update
998 * convert manual to DocBook, distribute html and ps
999 * fix some more problems with configure.in, Makefile.in
1000 * fix testsuite, add tests for udp, mysql
1001 * MSG_TCP_MSG: host -> remote_host
1002 * convert to autoconf 2.53
1003 * make c_bits.sh exit with status 0
1004 * sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h
1005 to avoid dependency tracking problems
1006 * samhain.c remove *YULE* #ifdefs
1007 * acconfig.h remove *YULE* #undefs
1008 * samhain.c: procdirSamhain: lstat --> stat (allow symlink)
1009 * configure.in: add checks for correct user input
1010 * Makefile.in: add automatic dependency tracking
1011 * depend-gen: tool to figure out dependencies
1012 * chkconfig comments in redhat start scripts
1013
10141.4.8:
1015 * sh_database.c: fix missing attr_old, attr_new, (from)host columns
1016 * configure.in, Makefile.in: fix an error in the configfile
1017 definition with REQ_FROM_SERVER
1018 * sh_err_console, sh_err_log: avoid recurrent failure messages
1019 * timeout on read from files (/proc)
1020 * fix errrors with setjmp/longjmp/alarm
1021 * fix memory leak in server (~20 byte/file download in sh_tools, 930)
1022 * check gpg signature for files downloaded from server, add a
1023 regression test
1024 * fix chown in solaris bootscript
1025 * provide second scheduler for file check
1026 * provide scheduler for file check
1027 * provide scheduler for SUID check
1028
10291.4.7 (08-04-2002):
1030 * make daemon control LSB-compliant (arguments, exit status)
1031 * set log_ref = 0 for server messages
1032 * boolean option SetDBServerTstamp to disable entering server
1033 timestamps for received client messages into database
1034 * sh_suidcheck: check for "nosuid" mount option if getmntent is used
1035 * fix logrotate script in manual (reported by Scott Worthington)
1036 * don't strip numerical IP addresses
1037 * check item->status_now != CLT_TOOLONG in client_time_check()
1038 * set log_host to client in db client message
1039
10401.4.6a (20-03-2002):
1041 * define prefix in deploy.sh
1042
10431.4.6 (19-03-2002):
1044 * modify samhain_hide.c to hide processes on new Linux kernels
1045 * better error diagnostics in kern_head.c
1046 * fix compile error in all_items ()
1047 * check length of install-name in enable-khide (max is 15)
1048 * define exec_prefix in deploy.sh.in
1049 * make configure a bit more cross-compiler friendly
1050
10511.4.5 (07-03-2002):
1052 * Make sure missing file is reported even if ptr->reported == S_TRUE
1053 because the file has been added.
1054 * propagate 'reported' flag from sh_files_checkdir() into file list
1055 * close checkfd in sh_gpg_check_file_sign()
1056 * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...)
1057 * use sh.srvcons.name in dbg() to get debugging info from daemon
1058 * option to log file timestamps with localtime instead of GMT
1059 * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory
1060 sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c
1061 * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk()
1062 to make sure re-disappearing will get reported
1063 * new function sh_hash_set_missing() to remove file record
1064 without (duplicate) 'missing' message
1065 * make sure all items are reported for added files
1066 * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h)
1067 * clarify in the documentation which gpg options to use for signing
1068
10691.4.4 (11-02-2002):
1070 * check that parent process has exited before writing PID file
1071 * promote MGG_W_CHDIR to SH_ERR_ERR
1072 * add error message to sh_unix_testlock
1073 * fix missing _() macro in sh_aud_set_functions
1074
10751.4.3 (05-02-2002):
1076 * don't check attributes for symlinks (may cause device access)
1077 * add USE mysql; USE samhain; to samhain.mysql.init
1078 * point out the MessageHeader/mysql problem in manual
1079 * add -lz to LIBS for mysql
1080 * strip after install, avoid double strip
1081
10821.4.2 (27-01-2002):
1083 * support for EGD
1084 * fix some more problems with install-deploy / deploy.sh
1085 * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_)
1086 * fixed the 'external logging' test (init rather than none in rc file)
1087
10881.4.1:
1089 * SuSE: include run level 4+5
1090 * install location of hiding kernel modules changed - some insmod
1091 variants do not test for /lib/modules/$(uname -r)/module_name.o
1092 * new make targets 'install-deploy', 'uninstall-deploy'
1093 * fixed make targets 'deploydir', 'deploydirfast'
1094 * bail on unsupported CL option in deploy.sh
1095 * fix various bugs in deploy.sh
1096
10971.4.0 (16-01-2002):
1098 * fixed missing 'dirname' on Mac OS X
1099 * fixed && tested for/with postgres
1100 * 'user=' -> 'userid=' (reserved word in sql)
1101 * fix the endianess + size of file database; this changes db format
1102 for any non-Linux OS
1103 * --enable-old-format for old (V1.3) database format
1104 * getopt, samhain.c, samhain.h: option -f to loop if not daemon
1105 * sh_hash: list numeric + char data to allow file db update on
1106 server side
1107 * sh_database: modify handling of integer (long) data
1108 * sh_database: datetime in database
1109 * sh_database: hash field in database
1110 * sh_database: rewrite database insert string construction
1111 [use INSERT INTO log (fields) VALUES (values);]
1112 * makefile suse 7.x runlevel entries
1113
11141.3.7 (06-01-2002):
1115 * fix incorrect escape in sh_tools_safe_name
1116 * fix sh_error_handle (4. argument) in sh_extern.c
1117
11181.3.6c:
1119 * fix segfault in sh_database (mysql logging) on solaris
1120
11211.3.6b (03-01-2002):
1122 * fix syntax error ('==') in Makefile.in
1123 * fix configure.in (path for /lib/modules/$(uname -r)/build/include)
1124 * fix sh_kern.c (redeclaration of 'j')
1125
11261.3.6 (03-01-2002):
1127 * sh_kern.c: check integrity of int 80h vector
1128 (SucKIT rootkit - Phrack 58)
1129 * make sure childs in sh_kern are wait()'ed for
1130 * provide start/stop/restart/reload/status interface
1131 * fix a potential segfault (dereferenced NULL pointer) in the server
1132 * use sh_util_flagval for sh_unix_setdaemon
1133 * documentation for logging to SQL database
1134 * configure.in: check for -I/lib/modules/$(uname -r)/build/include
1135 * fix trustfile.c to ignore invalid users
1136 * separate 'make install-samhain' and 'make install-yule'
1137 * separate default log/pid/config files for server/client
1138 - less problems running server and client on same host
1139 * rewrite deploy.sh(.in):
1140 - don't use (make|install) if deploying
1141 - use command line options
1142 - better integrate into server environment
1143 - write install db
1144 * always write a pidfile if daemon
1145 * don't use server's config file as fallback for downloading client
1146 * don't overwrite config file when doing 'make install'
1147
11481.3.5 (28-12-2001):
1149 * fix --enable-message-queue for newer glibc versions
1150 * log to SQL database: implemented, but undocumented yet,
1151 needs to be tested further
1152 * xml: escape received syslog messages
1153 * xml: rename 'time' to 'tstamp'
1154 * make targets: make [un]install-[boot-]yule
1155 (for server-only installation)
1156 * fix samhain_hide.c for 2.4 kernel
1157 * fix sh_kern for updated samhain_hide.c
1158 * new option -j to just list the logfile
1159 * sh_getopt.c: recognize -Dt check for -D -t check
1160 * sh_tiger0.c: fix compiler warning (memmove) on Solaris
1161
11621.3.4 (12-12-2001):
1163 * sh_suidchk.c: option to limit files per second
1164 * sh_unix.c: option to limit (kilo)bytes per second
1165 * sh_hash.c: fix potential problem with '\n' in filename
1166 (not backward compatible if there are filenames with '=')
1167
11681.3.3 (03-12-2001):
1169 * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c:
1170 option SetNiceLevel to set scheduling priority
1171 * sh_hash.c: bugfix for database listing on Solaris
1172 * taus_seed: bugfix for emergency backup rng seed
1173 * sh_util_safe_name: fix for XML
1174 * sh_utmp_set_login_activate: use sh_util_flagval
1175 * sh_utils.c: sh_util_obscurename: rm 'space' from list
1176 * more backtrace macros
1177 * sh_util_flagval: fix bug to recognize 1/0
1178 * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5)
1179 * rm stray debug fprintf in sh_srp.c
1180
11811.3.2 (27-11-2001):
1182 * sh_hash.c: fix an error introduced in 1.3.1
1183 * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug
1184
11851.3.1 (25-11-2001):
1186 * slib.c: get backtrace with --enable-debug
1187 * sh_unix.c: allow core dumps when --enable-debug
1188 * configure.in: fix default message queue permissions
1189 * sh_suidchk.c: automatically include suid/sgid files in database
1190 * sh_suidchk.c: check all suid/sgid files
1191 * sh_hash.c: don't insert duplicates when reading the database
1192 * sh_utmp, sh_kern, samhain: fix 1sec offset in timer
1193 * sh_unix.c: don't require /dev/random to be non-world-writeable
1194 * server: fix segfault in zAVLTree.c if avltree == NULL (no clients)
1195 * client: fix segfault on Solaris if path_conf == NULL
1196 * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed
1197
11981.3.0 (31-10-2001):
1199 * support compiling with GNU gmp library
1200 * set 3 sec timer on client_time_check to avoid excessive (and
1201 unnecessary) calls under heavy load
1202 * replace sl_strlen with a macro
1203 * store client_t structure in AVL tree
1204 * database format incompatible with previous format, up the magic#
1205 * sh_html.c: cache entry template for speedup
1206 * slib.c: reset islong(double) in sl_printf_count
1207 * sh_hash.c: report on rdev change
1208 * sh_hash.c: print size in 64 bit
1209 * sh_hash.c: save in absolute size types
1210 * sh_unix.c: get values as appropriate type (time_t, dev_t, ...)
1211
12121.2.10:
1213 * update MANUAL
1214 * sh_unix.c: tiger_hash -> tiger_generic_hash
1215 * sh_readcon.c: DigestAlgo option
1216 * sh_tiger0.c: add MD5 and SHA1
1217 * sh_unix.c: fix minor problem with win2k/cygwin
1218
12191.2.9 (17-10-2001):
1220 * fix problem with entry template/empty hostname
1221 * fix MASK_USER_ (MTM -> ATM)
1222 * typo fixed in configure.in (${install_name} -> {install_name})
1223 * bugfix group_old -> size_old in XML code
1224 * skip armor header in signed files
1225
12261.2.8 (29-09-2001):
1227 * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid
1228 obscure compiler warning
1229 * Mac OS X: fix test scripts
1230 * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org
1231 * implement deadtime in syslog recv code to protect against flooding
1232 * sh_err_log: sl_close(fd) if lock|forward fails
1233 * compliance with Filesystem Hierarchy Standard -- Version 2.2 final
1234 * add policies User0, User1
1235 * fix compile problem (FreeBSD) in sh_suidchk.c
1236 * macro to check for debugger breakpoints (linux/i386)
1237 * check for solaris (does not work) in sh_derr (--enable-ptrace)
1238 * option to listen on 514/udp for syslog, drop root
1239 irrevocably if compiled thus
1240 * use (check_mask & MODI_ATM) to decide whether to reset utime
1241 * reset the policy masks on sighup
1242 * option to write XML log messages
1243 * cleanup of message catalog
1244 * modified error messages for BADCONN
1245 * error messages for Rijndael
1246 * block recursive error messages within sh_error_handler()
1247 - would hang the machine ... -
1248
12491.2.7:
1250 * sh_files, sh_utils: check top level directory
1251 * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess
1252 for reading from /dev/kmem
1253 * include /boot in default samhainrc
1254 * change source distribution signing/packaging system
1255 * Makefile, README, MANUAL: adhere to file system standard,
1256 document new locations
1257 * fix a bug in samhain_hide.c
1258
12591.2.6:
1260 * reset list of trusted users before config file re-read
1261 * TrustedUser=... can be a list
1262 * fix severity for files missing from IgnoreAll
1263
12641.2.5:
1265 * include example_pager.pl, example_sms.pl scripts
1266 * explain paging/sms setup in docs
1267 * allow manual exclusion of a directory in suidcheck
1268 * automatically track all file changes
1269 * remove missing files from in-memory database
1270 * add $(KERN) to DEPLOYFILES
1271
12721.2.4:
1273 * log IP address for login/logout events, if supported by the OS
1274 * release block in globerr (callback)
1275
1276-------------
1277
12781.2.3:
1279 * fix problem with reading stealth configuration
1280 * fix a few formats in sh_cat.c
1281 * always use strncmp for file system type check in sh_suidchk.c
1282 (trailing 'fs' may be system specific for some types)
1283 * no bare LF in messages (RFC 2822)
1284 * no lines longer than 998 chars (RFC 2822)
1285 * fix error in testrc_1
1286
12871.2.2:
1288 * make tmp file directory a compile time option
1289 * fix minor bugs in tmp file allocator (potential memory leak,
1290 double slash if root directory)
1291 * obsolete testpipe script removed
1292
12931.2.1:
1294 * fix memory alignment in rijndael-api-fst.c: blockEncrypt()
1295 * fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
1296 * removed a debug fprintf()
1297
12981.2.0:
1299 * fix a bug in the HMAC implementation (thanks to Cesar Tascon
1300 for help in tracking down this one)
1301 * module to check the file system for SUID/SGID files
1302
13031.1.16 (never released):
1304 * fix the recursion depth -1 option as described in the manual
1305 * optional database reload on SIGHUP
1306 * fix a race condition when checking that /dev/random is a charakter
1307 device
1308 * redirect stderr to /dev/null for c_random
1309 (AIX may segfault in netstat...)
1310 * check whether /dev/random is a charakter device in c_random.sh
1311 (we know at least one sysadmin who has set up a fake /dev/random ...)
1312 * don't give NULL as 2. and 3. arg to execve if not Linux - some
1313 Unices (notably Solaris) don't like it
1314 * init ptr = NULL in my_malloc (compiler warning)
1315 * make the bitmask for tests configureable (suggestion by A. Dunkel)
1316 * make the bitmask for tests a static variable
1317 * make (database/logfile/lockfile) path configurable
1318 (to run multiple instances of samhain from an NFS share - on the
1319 wishlist of J. Patton)
1320
13211.1.15 (never released):
1322 * fix minor error in testcompile.sh (rm test_log only at start)
1323 * return from subroutines on sig_terminate == 1
1324 (faster exit on SIGTERM)
1325 * fix re-configuration of addresses
1326 * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
1327 * SysV message queue as compile option
1328 * config file option to set console device
1329 * removed the pre 1.1.9 code bloat
1330 * don't print the LOGKEY to the console
1331
13321.1.14:
1333 * fix an error in the setup consistency check
1334 * make target to uninstall runtime files
1335 * trustfile.c: check return code of readlink(), fix off-by-one error
1336 * sh_files.c: fix placement of terminator after readlink() call
1337 * sh_files.c: fix a missing set_suid()/unset_suid()
1338 - suid should work, but is not recommended -
1339 * more debug statements in c/s code
1340 * avoid re-entry in sh_unix_sigexit
1341 * put a block around free() and malloc() in wrapper functions
1342 * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
1343 - i.e. avoid corrupting the heap from a signal handler -
1344
13451.1.13:
1346 * optimized the size of the configure script somewhat
1347 * modify the compile and hash test scripts
1348 * read '\0's in sh_unix_getline
1349 * exponential schedule for connection attempts
1350 * make stealth working properly with signed files
1351 - config file should be signed now before embedding in picture -
1352 * fix a race in using signed files
1353 * updated err messages for PWNULL, GRNULL
1354 * add missing shell script for test 11
1355 * add mandatory source file/line info with -p debug
1356 * add mandatory source line info with BADCONN
1357 * fix a latex error in the manual
1358
13591.1.12:
1360 * debug output to console if compiled with --enable-debug and
1361 running as daemon
1362 * make reportonlyonce=true the default
1363 * make sure state changes of a file are always reported, even
1364 with reportonlyonce=true
1365 * Linux kernel modules (samhain_hide, samhain_erase)
1366 * fixed incorrect return value of sh_util_flagval
1367 * fixed an error in sh_files.c: happens with -t init and first
1368 file that is checked does not exist
1369 * revised install/uninstall targets in the Makefile
1370 * module to check for clobbered kernel syscalls (tested on Linux 2.2)
1371 * more diagnostic error messages in sh_gpg.c
1372 * more diagnostic error messages in sh_mail.c
1373 * error in mail.c fixed
1374 (address -> address_list[i] for multiple recipients)
1375 * docs updated, better(?) explanation of signed files
1376 * skip over path in gpg checksum output
1377 * check client name against IP address and FQDN
1378 * fix for --disable-* in config file
1379 * fixed a server crash (MSG_TCP_OKMSG without arg)
1380 if the server is run with debug level output threshold
1381 * catch EAGAIN in sh_gpg.c pipe reader
1382 * fix the 'external logging' test to make it work on BSD
1383 * error message if no local path to init DB
1384 * check for i86/Solaris in configure (vsnprintf prototype)
1385 * make SRP the default
1386
13871.1.11:
1388 * make log file verification more convenient
1389 * fix problem with message classes in stealth mode
1390 * linux: do not try to read file attributes for devices
1391 * handle the root directory correctly (avoid "//" in listing)
1392 * fix problems with blockin on FIFOs/char dev
1393 pointed out by I. Rogalsky (rog@iis.fhg.de)
1394 - open in nonblocking mode for read, then set to blocking
1395 - open file only if regular
1396 * fix alignment in memory profiler
1397
13981.1.10:
1399 * minor code cleanup
1400 * fix an error in trustfile.c (handling of empty/incomplete
1401 group entries in /etc/group, bug report by A. Capriotti )
1402
14031.1.9:
1404 * compatibility option for old behaviour (plain hash instead
1405 of HMAC, ECB instead of CBC mode)
1406 * use CBC rather than ECB mode for encryption
1407 * use HMAC-TIGER for message authentication codes
1408 * handle NULL data in sh_tiger_hash
1409 * option to set syslog facility (default is LOG_AUTHPRIV)
1410 * longer timeout (300 sec) on /dev/random if no /dev/urandom
1411 * fix minor output error with stealth option
1412 * option not to log names of config/database files on startup
1413
14141.1.8:
1415 * fix error in syslog routine
1416 * fix missing 'test' in configure.in
1417 * fix error in replace_tab() in sh_html.c
1418 * fix minor memory leak in sh_util_regcmp()
1419
14201.1.7:
1421 * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
1422 * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
1423 * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
1424 * fix for Alpha: format string in sh_tiger0.sh
1425 * on Linux, now compiles cleanly with
1426 -Wall -W -Wstrict-prototypes -Wcast-align
1427 * fix problem with recursion depth
1428 (pointed out by Vic <hvicha@mail.ru>)
1429 * #include "sh_tools.h" in sh_unix.c and fix the
1430 --with-timeserver option (reported by Vic <hvicha@mail.ru>)
1431 * place read_port(), MSG_TCP_NETRP outside ifdefs
1432 * close fd/zero skey before execve
1433 * verify client name against socket peer
1434 * ... with configureable error priority
1435 * use strcmp() rather than strncmp() in search_register()
1436 * fix race between lstat() and open() for checksum
1437 (reported by dynamo <dynamo@ime.net>,
1438 JJohnson <JJohnson@penguincomputing.com>)
1439 * enable globbing for filenames
1440 * fix Solaris problem: siginfo_t may be NULL
1441 * fix missing SL_EBADGID in tf_trust_check
1442 * test case for external scripts, fix flushing pipe
1443 * fix a typo in sh_ext_type
1444 * do an fdexec w/checksum on Linux if calling external program
1445 * even safer tmp file creation
1446 * allow db update
1447 * fix compile options for --enable-debug
1448 * fixed a spelling error in the output
1449 * test program for full CS support (config/database download)
1450 * tell which file is searched for cs download
1451
14521.1.6:
1453 * fix bug in sh_readconf_line (segfault on erroneous config lines)
1454
14551.1.5:
1456 * sh_unix.c: sh_unix_getinfo_attr: f -> flags
1457 * use gettimeofday as last resort
14581.1.4:
1459 * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
1460 to (char *)
1461 * configure: add static link flags for some more os (from tar)
1462 * don't strip twice (some stupid systems abort)
1463 * fix for reading from /dev/random on non-Linux systems (untested)
1464 * sh_mail.c: end all message lines with \r\n
1465 * stealth: ignore \r, \"
1466 * take out tracing from --enable-debug (presently useless anyway)
1467 * fix some remaining cleartext with debug && stealth combined
1468 * fixed a small memory leak in sh_err_log.c
1469
14701.1.3:
1471 * fixed circular logic in taus_seed() (fallback method only)
1472 * fix for missing _SC_OPEN_MAX (runaway close())
1473
14741.1.2:
1475 * implement message classes
1476 * let server recognize client message severity and class
1477 * secondary log server
1478 * keep database in memory (allows to close file
1479 if retrieved from server)
1480 * encrypt client/server communication
1481
14821.1.1:
1483 * Compilation problems with native Solaris compiler fixed
1484 * fill in euid/ruid variable
1485 * manual.pdf --> MANUAL.pdf
1486 * debug sh_util_formatted()
1487 * http refresh 120sec for server stat page
1488 * trace/debug options
1489 * fixed problem with utmp.c options
1490 * fixed problem with sh_mail_setaddress
1491 * option for custom message header
1492 * fixed problem in compdata
1493 * fixed problem in mail verification
1494 * remove eventual trailing '/' in file names
1495 * fixed problem with report string for modified files
1496 * option to report in full detail
1497
14981.1.0:
1499 * Move error messages to catalog
1500 * Make error message format more uniform
1501 * Wrap sytem calls that could be interrupted by signals
1502 * Warn on append to database
1503 * Option for full details on mod. files
1504 * Option to report only once on mod. files
1505 * Generally speaking, major modifications with potential new bugs
1506
15070.9.5:
1508 * sh_hash.c: fixed erroneous checksum for config file
1509 * sh_html.c: fixed erroneous timestamp (last)
1510 * sh_tools.c: fixed connect_port (set port for cached address)
1511 * sh_srp.c: fix for '00' (='\0') in pw
1512 (last two fixes by Andreas Piesk)
1513
15140.9.4:
1515 * samhain.c: fcntl(1, ..) -> fcntl(2, ..)
1516 * sh_hash.c: copy 12 instead of 10 byte for c_attributes
1517 * 'empty directory' WARN -> INFO
1518
15190.9.3:
1520 * FreeBSD fixes:
1521 - c_random.sh: make sure /dev/random provides something
1522 rather than nothing
1523 - check for <netinet/in.h> and include it
1524 - include <sys/types.h> early
1525 - sh_utmp.c: fixed an occurence of ut_user
1526 - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
1527 - sh_forward.c: EBADMSG -> ENOMSG
1528 * sh_unix.c: check return value of gethostbyname
1529 * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
1530 more than 30 sec
1531 * ... and fix the timestamp format ...
1532
15330.9.2:
1534 * ISO 8601 timestamps
1535 * Bugfix in sh_utmp (timestring overwrite)
1536 * don't use siginfo_t on Linux (garbage as of 2.2.14)
1537 * check for Linux capabilities bug when dropping root
1538 * include README for gcc compiler bug (pointed out by A. Piesk)
1539 * explicitely set -fno-strength-reduce with gcc
1540 * fixed ignoring missing files with the IgnoreAll policy
1541
15420.9.1:
1543 * more ext2flags (breaks backward database compatibility on Linux)
1544 * IgnoreAll policy modified - missing/added files reported with
1545 SeverityIgnoreAll (to handle files that may or may not be present)
1546 * Check all files, not only regular ones
1547 (bug in sh_files, originally introduced because checksum of
1548 regular files only is computed)
1549
15500.9:
1551 * use O_NOATIME if supported
1552 * --with-nocl takes argument (PW to re-enable CL parsing)
1553 * no daemon mode if initializing database
1554 * fixed segfault in yule with 'unknown file type' request
1555 * enlarged MAX_GLOBS 24 -> 32 and made the array linear
1556 * server uses last registry entry for any given client now
1557 * deploy.sh script to deploy clients to remote hosts
1558 * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
1559 * allow y/Y/n/N for login monitoring (in addition to 0/1)
1560 * external logging scripts/programs
1561 * trustfile.c: define STICKY on Linux
1562 * reset signal mask when initializing
1563 * EINTR_RETRY wrapper
1564 * slib: sl_read, sl_write EINTR update
1565 * use sstrip when installing
1566 * more compact database format (breaks backward database compatibility)
1567 * larger download packets
1568 * TcpFlags unsigned char
1569 * cast to (char *) head in write_port
1570 * m(un)lock cast to (char *)
1571 * (1 << 31) --> (1UL << 31)
1572 * support e2fs attributes on Linux
1573 * fixes for AIX and Solaris native compilers
1574 * fixed Makefile for non-GNU make (pattern rule --> suffix rule)
1575
15760.8.1:
1577 * fixed 'is_numeric()' return value
1578
15790.8:
1580 * added option for static compilation
1581 * added option for stealth with non-hidden config file
1582 * added option for disabling command line parsing
1583 * all options can be set in the configuration file now
1584 * stealth: xor strings in database file
1585 * fixed bug in mailer code ([] in HELO)
1586 * print timestamp when asking for key
1587 * 'micro' stealth mode (no hidden configuration file)
1588 * simplified slib
1589 * int->long for uids/gids in trustfile
1590 * moved mailkey from data to code
1591 * shell script for entropy (stronger default key)
1592 * general code cleanup
1593 * better error checking in client/server code
1594 * detect out-of-sync messages
1595 * check state across protocol passes in server
1596 * make sure authentication is mutual
1597 * file download to client
1598 * reserve six file descriptors in server
1599 * mlock queue buffer if LOG_KEY
1600 * improved robustness in bignum (don't fail on free())
1601 * per-directory recursion depths
1602 * RFC821 compliance: empty line at end of header, To field, Date field
1603 * RFC821 compliance: make e-mail transfer relieable
1604 * fix detection of hardlink changes
1605 * checksum verification for calling gpg/pgp
1606 * CL option '-S' not required for server-only binary
1607 * eliminate CL options that may leak privileged information
1608 if the program is SUID
1609 * skip leading white space in configuration file
1610 * allow nested conditionals in configuration file
1611 * allow whitespace before and after '=' in configuration file
1612 * don't leak file descriptors to child processes
1613 * make message transfer relieable
1614 * always report error on abnormal termination of connection
1615
16160.7:
1617 * support for alpha machines
1618 * stop TCP logging after exit message
1619 * limit connections in server (DoS attacks)
1620 * move string handling to slib
1621 * move file handling to slib
1622 * timestring without space
1623 * changed report format
1624 * SUID bugfix - use euid when checking logfile ownership
1625 * SUID bugfix - get root for lstat()
1626 * SUID bugfix - get root for opendir()
1627 * store number of hardlinks
1628 * send no message if polling empty queue
1629 * include tiger 64-bit implementation (portability)
1630 * codes for error conditions
1631 * mail check: handle multiple, overlapping audit trails
1632 * security fix: no append to database if SUID
1633 * fix sh_entropy.c (BUFSIZ -> BUF_ENT)
1634 * read command line before config file
1635 * PGP signing of config/database files
1636 * checksum of config file reported
1637 * checking for attributes only
1638
16390.6:
1640 * more syslogish priority specification
1641 * fixed segfault in sh_mem_check, apparently this was also
1642 the reason for the segfault in atexit()
1643 * allow for compilation with SRP authentication
1644 * fixed tiger checksum computation
1645 * fixed broken logfile verification for second and further audit trails
1646 * test program added
1647 * documentation improved
1648 * sh_forward_make_client: bug fixed in[8]->in[i]
1649 * sh_error.h: fixed missing #include <errno.h>
1650 * configure.in: fixed missing strerror() test
1651 * sh_utmp.c: check logins/logouts
1652 * check for missing files
1653 * only reset access time if necessary
1654 * O_EXCL in open()
1655 * limit environment to TZ in execve (sh_entropy.c, not used on Linux)
1656 * use trustfile() to determine whether logfile dir is trustworthy
1657 * strip head instead of tail for numerical address
1658 * store messages in fifo during log server outage
1659 * re-init session key after server outage
1660
16610.5 (21-12-1999):
1662 * added option for mail relay server
1663 * own popen() implementation in sh_entropy() (portability)
1664 * fixed error in sh_util_basename() (returned NULL for base == "/")
1665 * fixed segfault in strlcpy/strlcat (check for src == NULL)
1666 * FILENAME_MAX -> PATH_MAX (HP-UX 10.20)
1667 * use TIGER for 32-byte compilers (portability)
1668 * fixed hash function (do not include stdlib.h)
1669 * flush buffer before write in mailer code (IBM AIX 4.1)
1670 * make mailer code non-forking
1671 * cast argument of is...() to int (portability)
1672 * return() after _exit() for braindead compilers (portability)
1673 * optionally use inet_addr (portability)
1674 * check for broken mlock() (HP-UX 10.20)
1675 * minor code cleanups
1676 * fixed incorrect size of munlock()'ed memory in sh_error_string()
1677 * fixed a buffer overflow in the error printing routine
1678 * fixed a buffer overflow in sh_util_safe_name ()
1679 * implement SRP session key exchange
1680 * implement client/server facility
1681 * implement @host/@end construct in configuration file
1682 * preferably use uname(), and do gethostbyname() for FQDN
1683 * make vernam cipher base numeric
1684 * make OnlyStderr private in sh_error
1685 * test -e "/dev/random" --> test -r "/dev/random" (portability)
1686 * check for libsocket (portability)
1687 * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
1688 * eliminate superfluous /proc test
1689 * some unreachable code removed
1690 * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash()
1691 * check for setresuid() if no seteuid() (HP-UX 10.20)
1692
16930.4 (09-11-1999):
1694 * make sure output from /dev/random has no NULL's
1695 * one-time pad encryption for emailed keys
1696 (better than nothing ...)
1697
16980.3 (04-11-1999):
1699 * logfile readable for group
1700 * verify signatures for any file
1701 * signature block in tarball
1702 * use select() in time server routine
1703 * better protection for session keys (mlock)
1704
17050.2:
1706 * fixed incorrect man page
1707 * fixed incorrect example rc file
1708 * recursive error logging should work now
1709
17100.1:
1711 * initial release -- on Samhain 1999, of course
1712
1713development start:
1714 * probably 29-06-1999
1715
Note: See TracBrowser for help on using the repository browser.