source: trunk/docs/Changelog@ 204

Last change on this file since 204 was 204, checked in by katerina, 16 years ago

Handle OpenVZ hidden PIDs when searching for hidden processes within an OpenVZ container.
File size: 82.6 KB
Line 
12.5.2:
2 * new option ProcessCheckIsOpenvz ([false]/true)
32.5.1:
4 * workaround for freebsd7 amd64 lossage (compiler toolchain,
5 no mmap to 32bit address space)
6 * samhain-install.sh: check for presence of stealth_template.ps
7 before trying to create it
8 * use -Wno-empty-body if supported to suppress warnings about
9 glibc pthread_cleanup_pop implementation
10 * fix text relocations for i386 in src/sh_tiger1.s
11 * implement server->client SCAN command to initiate file check
12 * implement @if / @else conditionals with more tests in config file
13 * new option SetDropCache to drop checksummed files from cache
14 * report process/user for open ports on FreeBSD (code
15 lifted from FreeBSD sockstat.c)
16 * fix for config reload issue with stealth mode (reported by
17 siim)
18 * add -fstack-protector flags to LDFLAGS
19 * cygwin fix: don't use dnmalloc, doesn't work with pthreads
20 * cygwin fix: make trust check in samhain-install.sh return zero
21 * improved diagnostics for file read errors
22 * fixed script permissions (754 -> 755), reported by Christoph
23 * constness patch by Joe MacDonald
24 * GnuPG key ID patch by Jim Dutton
25 * sh_kern.c: more error checking for reads from kernel
26
272.5.0 (01-11-2008):
28 * dnmalloc.c: fix inconsistent chunksize on 64bit systems
29 * fix improved error reporting for failed fstat in checksumming
30 * report process/user for open ports (Linux only currently)
31 * fix deadlock on exit in sh_hash_init()
32 * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore)
33 * log monitoring support
34 * fixed constness in trustfile interface
35 * remove libprelude 0.8 support (obsolete)
36 * sh_forward.c: increase TIME_OUT_DEF to 900 secs
37 * dnmalloc.c: initialize rc in dnmalloc_fork_child(),
38 reported by B. Podlipnik
39
402.4.6a (09-10-2008):
41 * fix compile problem on Fedora 9 (reported by pierpaolo),
42 'struct ucred' in sh_socket.c requires _GNU_SOURCE
43
442.4.6 (27-08-2008):
45 * fix compile failure on win2k/cygwin (sh_unix_mlock prototype),
46 reported by jhamilton
47 * fix potential deadlock with dnmalloc upon fork()
48 * fix non-portable use of 'hostname -f' in regression test suite
49 (reported by Borut Podlipnik)
50
512.4.5a (18-08-2008):
52 * fix compile problem in dnmalloc.c (remove prototypes for
53 memset/memcpy), problem reported by Juergen Daubert
54
552.4.5 (07-08-2008):
56 * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10
57 bails out on a chmod on a dangling link
58 * fix bug in check_samhain.pl nagios script (J.-S. Eon)
59 * use the UNO static checker
60 * compile as position independent executable (PIE)
61 * handle EINPROGRESS error (Windows/cygwin issue)
62 * make sure every function uses less than one page of stack
63 (proactive security against gap jumping, Gael Delalleau)
64 * use dnmalloc instead of system malloc
65 (proactive security against heap buffer overflows)
66 * fix dnmalloc bugs and portability problems
67 * check for compressBound, since older zlibs don't have it
68
692.4.4 (30-04-2008):
70 * sh_database.c: fix maximum size of sql query string, maximum
71 size of strings in struct dbins_
72 * sh_hash.c: fix maximum size of message string
73 * fix typo in the base64 decoder
74 * fix 'make cutest' for parallel compiling
75 * fix compile warnings with -Wstrict-prototypes
76 * sh_static.c: override getgrgid, getpwuid for libacl
77 * fix more warnings about variables clobbered by 'longjmp'
78 or 'vfork' (due to library internal handling of mutexes)
79 * fix configure warning about unused datarootdir
80 * configure.ac: warn, but accept nonexistent tmp dir
81 (Problem reported by Brian)
82 * sh_unix.c: undef P_ALL, P_PID, P_PGID before including
83 sys/wait.h (compile problem reported by Reputation)
84 * syslog function tested ok with Syslog Fuzzer v0.1
85 by Jaime Blasco (c) 2008
86 * slib.c: call fflush when writing trace to file
87 * sh_readconf.c: don't set OnlyStderr to false if gpg (problem
88 reported by Irene Reed)
89 * fix unconditional removal of pid file in atexit handler (bug
90 reported by Brian)
91 * fix invalid free() in sh_unix_checksum_size()
92 * sh_processcheck.c: workaround for stupid OpenBSD bug (returns
93 ENODEV instead of EAGAIN, because fgetc does
94 fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem
95 reported by Roman R.
96 * fix buf that cause incomplete reporting of modified symlink if
97 symlink has changed and both old and new paths are >48 bytes
98 * fix bug that prevented mount check from running in one-shot mode
99 * enable mount check for openbsd
100 * fix processcheck default options and test script for openbsd
101 * option --list-file to list content of file (if saved)
102 * sh_tools.c: use strcasecmp in reverse lookup since DNS is case
103 insensitive (bug reported by Phil)
104 * fill content if MODI_TXT, zlib compress, base64 encode and add
105 as link_path in sh_unix.c; add to report in sh_hash.c
106 * testsuite: add test for gpg fingerprint option
107 * sh_extern.c: add 'CloseCommand' for syntactic sugar,
108 add in testsuite
109
1102.4.3a (12-02-2008):
111 * fix compile error caused by open() with O_CREAT and no third argument
112 (reported by J.-S. Eon)
113
1142.4.3 (31-01-2008):
115 * sh_kern.c: don't require asm/segment.h for kernel check module
116 * use global var with pid of initial thread instead of getpid(),
117 since LinuxThreads returns different value in each thread (problem
118 reported by Steffen Mueller)
119 * sh_kern.c: no inode check for pci rom (creates spurious messages)
120 * slib.c: eliminate prototype for vsnprintf (compile problem reported
121 by eddy_cs)
122 * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS)
123 (reported by Matthias Ehrmann)
124
1252.4.2 (17-01-2008):
126 * fix broken option --with-checksum (reported by halosfan),
127 regression test added
128 * change HP-UX default optimization to +O2 since +O3 breaks
129 cutest unit testing framework
130 * put result vector of rng in skey struct
131 * fix more compiler warnings, and a potential (compiler-dependent)
132 NULL dereference in the unix entropy collector
133 * fix some compiler warnings
134 * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead
135 of -fstack-protector
136 * always add PTHREAD_CFLAGS to LDFLAGS
137 * sh_tiger0.c: checksum functions return length of file hashed,
138 needed to fix GrowingLogfile bug (researched by
139 siim at p6drad dash teel dot net)
140 * sh_static.c: fix more 'label at end of compound statement'
141 (SH_MUTEX_UNLOCK closing brace; reported anonymously)
142 * make sh_hash.c thread-safe
143 * remove plenty of tiny allocations
144 * improve sh_mem_dump
145 * modify port check to run as thread
146 * new option PortCheckSkip to skip ports
147 * fix unsetting of sh_thread_pause_flag (was too early)
148
1492.4.1a (28-11-2007):
150 * fix overwrite of ErrFlags (functionality bug)
151
1522.4.1 (26-11-2007):
153 * security fix: regression in the seeding routine for the PRNG
154 (detected by C. Mueller)
155 * regression test added for PRNG seeding routine
156 * fix problem with PCI ROM check (spurious messages about modified
157 timestamps, reported by S. Clormann)
158
1592.4.0a (08-11-2007):
160 * fix compile failure with --enable-static (reported by S. Clormann)
161 * fix potential deadlock if SIGHUP is received while suspended
162
1632.4.0 (01-11-2007):
164 * eliminate alarm() for I/O timeout (replaced by select)
165 * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r,
166 rand_r, strtok_r if available
167 * protect readdir(), getpwent(), gethostname() with mutexes
168 (readdir_r considered harmful)
169 * make checksum/hash, entropy, rng functions reentrant
170 * use thread-specific conversion buffer for globber()
171 * fixed compile problems and problems with test suite
172 * modify login watch to run as thread
173 * modify process check to run as thread
174
1752.3.8 (03-10-2007):
176 * new option PortCheckIgnore = interface:portlist
177
1782.3.7 (13-09-2007):
179 * Makefile.in: fix 'make deb' target, wrong name of config file
180 written to debian/conffiles (reported by marc)
181 * configure.ac: fix incorrect order of with-prelude, enable-static
182 (libprelude test was always without -static)
183
1842.3.6 (06-09-2007):
185 * added yuleadmin.pl script contributed by Riccardo Murri
186 * fix compile error with -f-stack-protector on some systems (reported
187 by marc); we now check for libssp
188 * fix local DoS attack on BSD systems lacking getpeereid() (reported
189 by Rob Holland).
190 * fix yulectl password reading from $HOME/.yulectl_cred, erroneously
191 rejected passwords with exactly 14 chars (reported by Jerry Brown)
192 * introduce 'fflags' flag for suid files to detect new files already
193 found in regular file check (problem reported by J. Crutchfield);
194 also add regression test to ascertain that files in baseline
195 database are not quarantined erroneously
196 * sh_hash.c: replace check for prefix 'K' with check for not prefix'/'
197 to allow for arbitrary module-specific store/lookup in db
198 * replace 'visited', 'reported', 'allignore' with generic 'fflags' field
199 * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if
200 port checking is used on same host as server (reported by kadafax)
201 * Install.sh: don't use --separate-output with non-checklist
202 widgets (problem discovered by D. Denton)
203 * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers
204
2052.3.5 (20-06-2007):
206 * sh_portcheck.c: try to tear down connections more gracefully
207 (request by S. Petersen)
208 * fix incorrect handling of files with zero size in GrowingLogFiles
209 (problem reported by S. Petersen)
210 * fix incorrect encoding of null checksums in stealth mode
211 * sh_hash.c: fix repeated printing of acl/attributes in database dump
212 * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and
213 useselinuxcheck are supported
214
2152.3.4 (01-05-2007):
216 * sh_processcheck.c: fix missing init of sh_prochk_res array before
217 check (leads to degrading functionality over time and 'fake pid'
218 warnings; reported by D. Ossenbrueggen and
219 soren dot petersen at musiker dot nu)
220 * sh_processcheck.c: fix memory leak
221 * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible
222 anymore? proc_root_inode.lookup != proc_root_lookup)
223 * sh_extern.c: flush streams before forking (problem if [Prelink]
224 used together with prelude logging, reported by M. deJong)
225 * fixed compilation of kern_head (regression cause by cross-compiling
226 fix; problem reported by S. Clormann)
227 * more typos fixed (reported by John Horne)
228
2292.3.3 (27-03-2007):
230 * fixed typos in configure.ac and manual (reported by John Horne)
231 * don't use mysql_options on x86_64, since libmysql is broken
232 * fixed cross-compiling (patch by Joe MacDonald)
233 * refactor sh_kern.c, sh_suidchk.c
234 * fix bug with leading slashes in linked path of symlinks within
235 the root directory
236 * sh_kern.c: check PCI ROM (Linux), refactor code
237 * move file descriptor closing more towards program startup
238 * kernel check: support OpenBSD 4.0 (wishlist)
239 * fix samhain_hide module (in-)compatibility with recent kernels
240 (reported by Jonny Halfmoon)
241
2422.3.2 (29-01-2007):
243 * fix regression in full stealth mode (incorrect comparison of
244 bytes read vs. maximum capacity), reported by B. Fleming
245
2462.3.1a (21-01-2007):
247 * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used
248 (reported by zeroXten)
249
2502.3.1 (21-01-2007):
251 * fix bug that may cause accidental closure of yule TCP socket
252 (problem reported by B. Masuda)
253 * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann)
254 * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump
255 (reported by B. Masuda)
256 * rm report.pl from rules.deb.in (reported by B. Masuda)
257 * samhainctl(): longer timeout (bad status reporting at startup,
258 reported by Phil and by Dan Track)
259 * sh_portcheck.c: make connect errors more descriptive
260 * sh_portcheck.c: fix ignored setting of PortCheckActive
261 * sh_processcheck.c: add statvfs, and wrap for EINTR
262 * sh_portcheck.c: add wrappers for EINTR
263 * report user and executable for hidden processes
264 * fix update failure if reportonlyonce = false (reported
265 by D. Strine)
266 * fix compile error in sh_portcheck.c (problem on cygwin
267 reported by J. D. Fiori)
268 * check filenames ending in space (also for utf8 spaces)
269 * check and escape csv formatted db listing
270 * cache results of sl_trustfile_euid()
271 * trustfile: use 4096 for MAXFILENAME, switch to strncpy
272 * CL option -v|--version for info on version and compiled-in options
273
2742.3.0a (01-11-2006):
275 * fix compile failure with portcheck + stealth (reported by lucas)
276
2772.3.0 (01-11-2006):
278 * fix concurrency for inserts in oracle db
279 * add acl_(new|old) to database schema
280 * check for selix attributes and/or posix acl
281 * new option UseSelinuxCheck (bool)
282 * new option UseAclCheck (bool)
283 * regression tests for above
284 * add module to check for open ports
285 * add module to check processes (hidden/fake/missing)
286 * use const char* for argument of module configuration callbacks
287
2882.2.6 (31-10-2006):
289 * fix missing support for MacOX X init script (reported
290 by Daniel Kowalewski)
291 * fix error about non-readable file with no checksum required
292 * fix server warning about 'no server name known'
293 * fix 'make deb' makefile target
294 * fix default export severity for server
295
2962.2.5 (05-10-2006):
297 * fix broken Install.sh, reported by Alexander Kraemer
298 * workaround for glob(3) sillyness on MacOS X (reported by David)
299 * fix for broken resorce fork check (reported by David)
300 * fix for broken compilation on cygwin (reported by Elias)
301
3022.2.4 (03-09-2006):
303 * add regression test for the GrowingLogFiles issue to test suite
304 * fixed sh_unix.c: bug in database init if GrowingLogFiles used
305 with signed database (reported by Timothy Stotts)
306 * bug in manual fixed (incorrect documentation of --enable-user,
307 noticed by M. Brown)
308 * rc.subr compatible init script for FreeBSD/NetBSD
309 * improve routine to find rpm after build
310 * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip)
311 * fix error in manual (location of lock file)
312 * fix bug with SuidExclude (files in directory were still checked)
313
3142.2.3 (31-07-2006):
315 * fix samhainadmin.pl: check for gpg-agent running if use-agent is set
316 (ticket #28 by anonymous)
317 * fix stealth mode (regression in parser), problem reported by
318 Joschi Kuphal
319 * fix minor typo in sh_database.c (compile problem reported by
320 Joschi Kuphal)
321
3222.2.2 (17-07-2006)
323 * minor fixes for regression test scripts
324 * minor updates to the manual (suggested by Brian A. Seklecki)
325 * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+
326 (problem reported by Leonhard Maylein)
327 * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM
328 is not defined
329
3302.2.1c (11-07-2006)
331 * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early
332 (Solaris 8 build failure reported by Jesse)
333 * fix sh_unix.c: wrong prototype for sh_unix_mlock()
334 if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by
335 Jonathan Kaufman)
336
3372.2.1b (20-06-2006):
338 * fix compile error on SuSE 10.1 (reported by Leonhard Maylein)
339
3402.2.1a (15-06-2006):
341 * fix compile error on i686/MacOS X (reported by Andreas Neth)
342
3432.2.1 (13-06-2006):
344 * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808)
345 * fix compiling with Oracle (noticed by Colapinto Giovanni)
346 * fix configure.ac for most recent autoconf version
347 (debian bug #369503)
348 * fix a regression that would make impossible local updates w/clients
349 * fix a few missing '\n' in sh_getopt.c
350 * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem
351 * fix Solaris package creation
352 * recognize Solaris doors and event ports
353 * fix the idmef_inode_t patch: provide required info to avoid stat()
354 * fix bug on database update: fill in dev and rdev fields
355 * fix get_file_infos() in sh_prelude.c: avoid premature return
356 * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK
357 * deploy.sh: allow to set a group for hosts upon installation
358 * patch by Yoann: fix an issue when setting the idmef_inode_t object
359 * fix memory leaks in error paths in sh_prelude.c
360 * fix concurrent inserts with postgres in sh_database.c
361 * code cleanup
362 * fix manual version in spec file, first noticed by Imre Gergely
363
3642.2.0 (01-05-2006):
365 * patch by Jim Simmons for samhainadmin.pl.in
366 * fix testsuite portability problems
367 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700
368 * fix potential NULL dereference in sh_utmp_endutent()
369 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)
370 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)
371 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)
372 * fix bug in sh_utils_obscurename (check isascii)
373 * scan h_aliases for FQDN if h_name is not
374 * add copyright/license info to test scripts
375 * add copyright/license info to deployment system scripts
376 * support server-to-server relay
377 * new CL option --server-port
378 * minor improvements in manual
379 * patch by Yoann Vandoorselaere for sh_prelude.c
380 * allow --longopt arg as well as --longopt=arg
381 * verify checksum of growing log files (up to previous size)
382 * rewrite of the test suite
383 * added a bit of unit testing
384 * minor optimizations in various places
385 * optimized implementation of tiger checksum algorithm
386 * read in 64k blocks (faster than 4k)
387 * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux
388 file attribute code
389 * kern_head: fix compilation of kernel check module on OpenBSD
390 * updated samhainrc.linux, samhainrc.freebsd
391 * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..)
392 * sh_files.c: fix missing use of flag_err_info
393 * sh_tiger0.c: remove repetitive use of mlock
394 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
395 add function sl_read_timeout_prep
396
3972.1.3 (13-03-2006):
398 * fix compile problem in slib.c (reported by Lawrence Bowie)
399 * fix bug with combination of one-shot update mode and file check
400 schedule (reportedby Dan Track)
401 * improved the windows howto according to suggestions by
402 Jorge Morgado
403 * fix samhain_hide kernel module for new linux kernel versions
404 * fix minor problem with dead client detection (problem reported
405 by Michal Kustosik)
406
4072.1.2 (10-01-2006):
408 * fix startup error with combination of gpg+prelude
409
4102.1.1a (22-12-2005):
411 * fixed a stupid bug in sh_files.c (break if file = dir)
412
4132.1.1 (21-12-2005):
414 * sh_calls.c: protect sh_calls_set_bind_addr against overriding
415 * comINSTALL, updateDB: use locking
416 * samhainadmin.pl: use locking
417 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts)
418 * improve zAVLSearch (remove redundant strcmp)
419 * use AVL tree in sh_files.c instead of linked list (better scaling)
420 * fix bug with suidcheck (no update/check in one-shot mode with
421 schedule instead of check interval; noticed by R. Rati)
422 * fix for problem with '-t update -i' if daemon mode (problem report
423 by Peter van der Does)
424 * fix for bug in sh_util_ask_update (two returns were required ...)
425
4262.1.0 (31-10-2005):
427 * minor fix for cross-compiling with --with-kcheck
428 * sh_forward.c: handle bad fds in the select() fd sets
429 (reported by hmy)
430 * sh_extern.c: fix debugging code
431 * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME
432 (reported by Gabor Kiss)
433 * makefile.in: fix for solaris package creation
434 * sh_mail.c, sh_readconf.c: mail filtering options
435 * sh_database.c: Oracle reconnect on connection failure
436 (bug report by Alexander A. Sobyanin)
437 * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable
438 (problem reported by Peter)
439 * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix
440 * fixes for gcc 4.0.2 compiler warnings
441 * ability to use daemon mode together with update
442 (wishlist Yoan Vandoorselaere)
443 * fixes for debugging
444
4452.0.10a (22-08-2005):
446 * fix for overlapping directory check specification (reported by Bub)
447
4482.0.10 (21-08-2005):
449 * fix for segfault (free() on a constant string) with libprelude
450 (problem reported by Grae Noble)
451 * upgrade FreeBSD kernel check to 5.4, minor fixes
452 * useful script for users of Linux kernel check
453 (contributed by marc heisterkamp)
454 * documentation improvements (suggested by Brian Seklecki and Robby)
455
4562.0.9 (25-08-2005):
457 * samhain_erase.c: add #define for NULL
458 * sh_suidchk.c: fix incorrect use of escaped filename
459 * sh_prelude.[ch], sh_readconf.c: configurable mapping from
460 samhain severity to prelude severity
461 * sh_unix.h: second arg of gettimeofday should be NULL
462 * sh_files.c: fix checking of directory special file (use specified
463 policy, not that of parent dir, problem found by Brian A. Seklecki)
464 * sh_entropy.c: longer timeout for entropy collector
465 * sh_socket.c, sh_forward.c: allow probing of clients for
466 necessity of configuration reload
467 * yulectl: minor fixes, option -v (verbose), new command PROBE
468 * fix 'File not found' messages for files flagged with IgnoreMissing
469 * sh_database.c: strip newline from oracle error messages
470 * sh_files.c: fix rsrc fork issue with MacOS X Tiger
471 (reported by A. Koren)
472 * never compute checksum if not checked (problem report by D.Hughes)
473 * sh_prelude.c: cleanup and bugfix by Yoann
474 * sh_hash.c: for prelude, make sure mode is supplied with user/group
475 and vice versa
476 * sh_prelude.c: provide proper FileAccess objects (bug
477 report by Mihai Ilinca)
478
4792.0.8 (03-07-2005):
480 * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than
481 $LIBPRELUDE_CFLAGS (bugfix by Yoann)
482 * samhain.spec.in: remove support for chkconfig (it's too buggy).
483 Strangely, if invoked as install_initd it behaves sanely ...
484 * src/sh_err_log.c: fix key input (this time for real)
485 * fix --with-altlogserver (bug from 2.0.7b)
486 * remove server socket in start/stop script
487
4882.0.7e (not released):
489 * Makefile.in: introduce a total of 6 sec delay for 'make' utilities
490 that use 1 sec resolution, and consider target out-of-date if
491 timestamp(target) = timestamp(dependency) ...
492 * src/sh_err_log.c: fix key input
493 * another fix for yulectl (use pwent->pw_dir)
494 * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH
495
4962.0.7d (not released):
497 * one more fix for the spec file (stupid rpm finds tags in comments!!!)
498
4992.0.7c (not released):
500 * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH
501 * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes
502 * samhain-install.sh.in: fix test -z $verbose
503 * sh_hash.c: speedup database reading
504 * Makefile.in: fix the problem that BSD make would make too much
505 * deploy: yulerc.clients -> yulerc.install.db, provide
506 $defdatabase for backward compatibility
507 * deploy: allow for comma in client_install_date
508
5092.0.7b (not released):
510 * hp_ux.psf.in: fix psf file
511 * dsys/comINSTALL: fix $yule_date -> $yule_data
512 * Makefile.in: fix 'make depot'
513 * sh_tools.c, sh_unix.c: fix detection of open file limit
514 * sh_readconf.c: reset read_mode after reading conf file
515 * yulectl.c: better error messages, use homedir from getpwuid(geteuid)
516 * init/samhain.startLSB.in: fix misleading message in lsb init script
517 * sh_forward.c: better display for nonce u in debug mode
518 * sh_tiger*.c: fix checksum for HP-UX 64bit
519 * samhain.c: don't fetch database twice
520 * configure.ac: accept nodename for --with-logserver=...
521 * samhain_setpwd.c: return proper exit status for samhain_setpwd
522 * respond to SIGTERM on initializing
523 * fix problems with samhainadmin.pl
524 * sh_utils.c: fix bug with AddOKChars (found by Karol)
525
5262.0.7a (not released):
527 * remove 'df' from entropy gatherer (NFS may hang)
528 * modify va_copy check (doesn't work with HP-UX PA64 compiler)
529 * fix compile warnings in sh_database.c
530 * samhain-install.sh.in: check for /usr/bin/false in /etc/shells
531 * fix install-boot on HP-UX
532 * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE
533
5342.0.7 (11-06-2005):
535 * yet another fix for the spec file (use internal dependency generator)
536 * sh_error.c, sh_prelude.c: init libprelude after open fds are closed
537 * error message if queue is full
538 * fix two compiler warnings on HP-UX
539 * fix sh_mail.c for Interix (no resolver routines)
540 * fix sh_unix_initgroups2() if no initgroups() function (bug reported
541 by Geries Handal)
542 * remove references to 'struct timezone' (Interix; problem
543 reported by Geries Handal)
544 * init/stop for prelude on SIGHUP
545 * sh_cat.h: fix a stupid bug with messages classes
546 * manual: new section on nagios (with help from kiarna),
547 more on prelude
548 * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere)
549 * default prelude profile name now is 'samhain' (lowercase)
550 * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere)
551 * remove obsolete check for linux/module.h, linux/unistd.h
552 * remove dependency on virtual/glibc in gentoo ebuild
553 (problem reported by Willis Sarka)
554
5552.0.6 (01-03-2005):
556 * sh_prelude.c, configure.ac, aclocal.m4: support for
557 libprelude 0.9 (Yoann Vandoorselaere)
558 * sh_html.c: fix bug with entry.html template (reported by
559 Stephane Sanchez)
560 * Install.sh: fix mandir option (reported by Rodney Smith)
561 * Fixed Linux/64bit bug in definition of EUIDSLOT
562 * New targets 'make depot', 'make depot-light' (HP-UX, untested)
563 * Use sstrip for RPMs and DEBs (automatic stripping disabled)
564 * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al.,
565 problem noticed by Yoann Vandoorselaere)
566 * Modify samhain.spec.in to disable automatic stripping upon install
567 * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb'
568 for '--with-khide' (problems reported by Mark)
569 * Fix compile error in sh_tools.c on HP-UX 10.20
570 (problem reported by Dennis Boylan)
571 * Runtime configuration of server listening port (wishlist)
572 * Runtime configuration of server listening interface (wishlist)
573 * Ignore SIGTTIN (consistency)
574 * Use SIGTTOU to force file check (wishlist)
575
5762.0.5b (01-04-2005):
577 * Fix build problem b/o timestamp on stamp file
578
5792.0.5a (16-03-2005):
580 * Fix problem with 'make rpm' (reported by Dirk Brümmer)
581
5822.0.5 (02-03-2005):
583 * Fix bug with partial reads from clients in server
584 (bug report by Brian)
585 * Support gpg checksum bootstrap with yule
586 * Support mount option check on HP-UX
587 * For MAIL FROM, use 'example.com' as domain part if
588 hostname is numeric (problem reported by Eric Raymond)
589 * The HOWTO-write-modules has been updated.
590 * Convenience functions to insert data in database have been
591 added.
592 * Use int0x03 only on i386 in sh_derr() (portability problem
593 reported by John Mandeville)
594
5952.0.4 (09-02-2005):
596 * Fixed broken 'make deb' (problem report by olfi)
597 * Fixed minor bug in test scripts (detection of gmake vs. make)
598 * Fixed Tru64/OSF compile warnings (reported by B. Terp)
599 * Normalize list parsing to allow comma, space, and tab as separators
600 * Some more descriptive error messages in kern_head.c
601 * Absolute path to utilities in init/samhain.startLinux.in
602 * Fixed is_root variable in deploy.sh
603 * Fixed 'deploy.sh info'
604 * Fixed 'deploy.sh install' client startup
605 * Fixed 'make tbz': don't remove ebuild scripts in 'make dist'
606 (issue reported by W. Sarky)
607
6082.0.3 (14-12-2004):
609 * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith)
610 * Fix missing sys/time.h include in slib.c (reported by Jonas)
611 * Workaround for file closing problem with Prelude+GPG
612 * Fixed memory leak with Prelude.
613 * Fixed bug in samhain_stealth (PGP signature not correctly
614 retrieved from hidden configuration; report and patch by V. Tuska)
615 * Added Perl script to concatenate file signature database files
616 * Fix compile error with combination of --enable-nocl and
617 --enable-stealth (reported by Zdenek Polach)
618 * Fix bug in dsys/initscript with --enable-nocl
619 * Fix declaration of sh_kern_timer()
620 * Fix missing Mounts+Userfiles options in appendix of manual
621 * Updated the README (bug report by H. Franzke)
622 * Fix some compiler warnings
623
6242.0.2a (09-11-2004):
625 * Fixed OoM condition when client rc file not found (reported by Eilko)
626
6272.0.2 (08-11-2004):
628 * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code)
629 * Fixed uninitialized variable in sh_mail_msg() (problem reported
630 by Michael Milvich)
631 * Fixed potential NULL pointer dereference in sh_hash_compdata()
632
6332.0.1 (01-11-2004):
634 * Fixed compilation bug reported by jue (--with-kcheck broken).
635 * Fixed start option (bug reported by sanek). Behaviour wrt.
636 environment variables depended on the way the daemon was started.
637
6382.0.0 (31-10-2004):
639 * The deployment system has been rewritten from scratch in
640 a cleaner and more modular and extensible way. Deployment
641 of native packages is supported now.
642 * The build system has been revised. Building outside the source
643 directory is supported now.
644 * Support for checksumming of prelinked executables / libraries
645 has been added.
646 * The configure script now checks for the SSP/ProPolice patch in GCC,
647 and enables it if present.
648 * The install-boot option in samhain-install.sh has been fixed
649 (use absolute paths for sbin utilities).
650 * A nagios plugin (scripts/check_samhain.pl) has been added.
651 * The LSB (Linux Standard Base) init script has been fixed (the output
652 was incorrect).
653 * Fetching of built binary packages has been
654 fixed ($(PACKAGE)->@install_name@).
655 * For files in proc, the timeout has been reduced, and no error
656 messages are issued upon timeout.
657 * A function has been added to print out full details for missing
658 files if encountered while in sh_files().
659 * The reporting for SuidCheck has been fixed (incorrect policy
660 noticed by JiM).
661 * On Linux, SuidCheck does not report on files marked as candidates
662 for mandatory locking (group-id bit set, group-execute bit cleared).
663 * Fix for oracle init script (by Matt Warner)
664
6651.8.12b (11-10-2004):
666 * fix bug in MSG_MSTAMP (%ld -> %lu)
667 * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL,
668 mkdir mode for quarantine directory
669 * fix the fix for modlist_lock search in System.map
670
6711.8.12a (01-10-2004):
672 * fix bug in samhain-install.sh.in (only occurs on Solaris), reported
673 by J. Roland
674
6751.8.12 (27-09-2004):
676 * fix compile bug with --enable-static + --with-database=postgresql
677 * fix search for modlist_lock in System.map
678 * password auth for yule command socket (request by D. Kocic)
679 * more info about pending/sent commands to clients
680
6811.8.11 (30-08-2004):
682 * fix static linking on Linux by use of replacement routines from
683 uClib - however, this means, there is no NIS support anymore
684 * new option AddOKChars=... to modify the set of characters for
685 filenames considered 'obscure'
686 * new option HardlinkOffset=... to specify an offset from the canonical
687 hardlink count for a directory
688 * fix some warning with HP 11.23 native compiler
689 * fix minor OpenBSD portability problems (EIDRM, compiler warning)
690 * samhainrc.5, samhain.8: updated the man pages
691 * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name'
692 for AllIgnore
693 * sh_kern.c: fix 'update' to display modifications
694 * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized
695 fields)
696 * stealth kernel modules: fix for linux 2.6, fix
697 redefine of KERNEL_VERSION
698 * warn about stealth kernel module problem with 2.6 in manual
699 * sh_unix.c: remove some cruft
700 * fix a typo in the manual (noticed by J. Rubin)
701 * configure.ac: re-order output from libprelude-config (required
702 for static linking - problem reported by E. Neber)
703 * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel
704
7051.8.10b (13-07-2004):
706 * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported
707 by Pat Smith)
708
7091.8.10a (13-07-2004):
710 * depend-gen.c: fix for FreeBSD 'make' which does not understand
711 the dependencies ... (problem reported by David Thiel)
712
7131.8.10 (13-07-2004):
714 * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy
715 (bug report by VZoubkov)
716 * fix some warnings (unreachable statement) with HP-UX native compiler
717 * kern_check.c: silence warning about 'sendfile' for 4.10
718 (noticed by Ryan Beasley)
719 * modify depend-gen.c to ignore sh_gpg_chksum.h
720 * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h)
721 * .. and for fingerprint
722 * sh_suidchk.c: fix some compiler warnings on solaris
723 * allow commas to separate multiple entries in a RedefXXX= directive
724 * replace sleep/usleep with nanosleep wrapper function
725 * replace alarm() for read timeout with select() in sl_read_timeout
726 (should fix bug reported by Scott Kelley)
727 * increase lstat/open timeout to 6 sec
728
7291.8.9 (16-06-2004):
730 * made 'no action specified' error message more informative
731 (suggested by Stephen Gill)
732 * fix memory leak in mysql sh_database_query() (bug report by Dejan)
733 * remove some cruft from the code
734 * sh_files.c: check MacOS X resource forks (idea from Osiris)
735 * sh_files.c: no hardlink check for MacOS X
736 * sh_util_ask_update: fix bug with no terminal in non-interactive mode
737 (report and debug data by Kris Dom)
738 * manual refactored
739 * fix redundant messages when updating with suidcheck
740 * allow interactive update for suid files
741 * don't remove the TZ environment variable to guard against
742 misconfigured hosts
743 * also use gethostname if uname returns possibly truncated name
744 * fix improper file descriptor handling in sh_mail.c (bug report
745 by Alex Weiss)
746 * cleanup MBLK cruft
747 * use SH_ALLOC/SH_FREE in sh_prelude.c
748 * update sstrip to Version 2.0
749
7501.8.8 (25-05-2004):
751 * fix compilation problem on AIX 5.2 (nameser_compat.h; report by
752 Tim Evans and Ian McCulloch)
753 * don't check for trusted paths on Cygwin
754 * add Windows HOWTO written by Kris Dom
755 * kern_check.h: extend FreeBSD syscall table for 5.x
756
7571.8.7a (03-05-2004):
758 * sh_mail.c: fix subject length
759 * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom)
760 * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug
761 (compile problem reported by Kris Dom)
762
7631.8.7 (01-05-2004):
764 * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing
765 empty mails (introduced with segfault fix in 1.8.6, report
766 by Kris Dom)
767 * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal,
768 try to reopen on controlling terminal if not
769 * sh_utmp.c: fix order of options (problem report by Uri)
770 * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop
771 (may cause segfault on null dereference for missing files)
772 * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type,
773 sh_unix_getinfo_attr)
774 * don't use dh_installmanpages in 'make deb' (samhain/yule conflict
775 reported by xavier)
776 * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c
777 (suggested by Kris)
778 * include nameser_compat.h in sh_mail.c (for MacOS X,
779 suggestion by jna)
780 * sh_utmp.c: fix time for logout events (reported by Erich
781 van der Velde)
782
7831.8.6 (15-04-2004):
784 * add CL option to set threshold for prelude and RDBMS
785 * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer
786 dereference; reported by Micha Silver)
787 * fix compiling with --disable-encrypt (reported by Pat Smith)
788 * fix minor problem in scheduler (don't return before all schedules
789 are tested, to set last_exec correctly)
790
7911.8.5 (05-04-2004):
792 * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD
793 problem (endless loop; report and debugging aid by Joe MacDonald)
794 * fix hardlink check (null dereference in error message, segfaults
795 on solaris - noticed by Bob Bloom)
796 * sh_suidcheck: don't truncate quarantined file if nlink > 1
797 * fix Install.sh (no --seperate-output with --radiolist); patch by
798 Greg Kimberly
799
8001.8.4 (17-03-2004):
801 * add Prelude patch by Patrice Bourgin
802 * add license statement to sh_mounts.c, sh_userfiles.c after
803 receiving a clarifying e-mail from Cian Synnott
804 * support UsePersistent = no for Oracle (problem spotted and fix
805 tested by Michael Somers)
806 * fix bug in samhainadmin.pl
807 * sh_gpg.c: describe type of gpg error (if any)
808 * fix persistent connections with postgresql (reported by
809 Erwin Van de Velde)
810 * prelude: local 'meaning' shadows global in sh_prelude_alert
811 (spotted by David Maciejak)
812 * uname: workaround for cases where nodename would be a possibly
813 truncated FQDN (problem reported by Cian Synnott)
814 * re-write parts of sh_kern.c, store kernel info in baseline database
815 -> no need to recompile after kernel upgrade
816 * modify timeouts in sh_unix_getinfo, add timeout warning
817 * change handling of dangling symlinks (store in db)
818 * fix typo with MSG_FI_OBSC2 (double slash)
819 * remove redundant operation in sh_utils_safe_name
820 * fix occasional random start bytes of long messages in
821 sh_error_string (sl_strlcat -> sl_strlcpy)
822 * provide details for missing files (as for added files)
823 * remove duplicate message for no such group/user
824 * add fixes for samhain.oracle.init (supplied by Michael Somers)
825 * fix date insertion for Oracle (fix by Michael Somers)
826 * manual: fix incorrect statement about RPM (noticed by
827 Lars Kellogg-Stedman)
828
8291.8.3 (02-02-2004):
830 * add a HOWTO-client+server-troubleshooting document
831 * fix another bug with SIGUSR2 (suspend mode)
832 * new option SetBindAddress (--bind-address=...) to force
833 interface for outgoing connections on multi-interface box
834 * don't link against libgmp if not required (i.e. standalone)
835 * test for ext2fs/ext2_fs.h or linux/ext2_fs.h
836 * new make targets 'emerge' and 'tbz2' for gentoo
837 * update rules.deb.in based on the Debian package
838 by Javier Fernandez-Sanguino
839 * updated config.guess, config.sub to version 2002-09-05
840 * external command: report failure only once
841 * console: reset failure status after success
842 * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility
843 * use persistent connection to database by default
844 * option UsePersistent=no to switch off persistent connection
845
8461.8.2 (19-01-2004):
847 * sh_userfiles.c: new option UserfilesCheckUids (requested)
848 * sh_error.c: server: don't log to logfile before dropping root
849 * new script scripts/samhainadmin.pl (administrative tasks for
850 signed config/database files)
851 * add changes code to log_msg for reports on modified files
852 * change default log threshold to 'mark', as 'none' tends
853 to confuse new users
854 * faster response time for SIGUSR2
855 * revised (mostly backward-compatible) message classes
856 * fix missing check of mailTime in server select loop
857 * add support for libprelude (version 0.8.10)
858 * fix format for MSG_E_GRNULL (reported by Stefan Hudson)
859 * fix Bourne shell incompatibility (export) in samhain-install.sh
860 (first reported by David Thiel)
861 * fix typo in spec file (first reported by Christian Vanguers)
862 * remove some cruft (signal handler, memory handling)
863 * return from sigterm handler, rather than exit directly
864 (re-entrancy problem causes more problems than it's worth)
865
8661.8.1 (03-12-2003):
867 * fix gmp detection (problem pointed out by Nix)
868 * fix/improve the error message if test compiling with mysql fails
869 * new CL option --interactive for interactive db update
870 * fix some compiler warnings from IRIX MIPS compiler
871 * kern_head.h, kern_head.c: option to disable IDT check
872 * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6)
873 * sh_utmp.c: count number of logins (request by Erwin Van De Velde)
874 * change username -> userid, remove (long) userid (bug noticed
875 by Erwin Van De Velde)
876 * emit ADDED message for new SUID/SGID files
877 * add trailing slash to excluded directory if there is none
878
8791.8.0a (04-11-2003):
880 * sh_error.c: remove two debug printf's
881
8821.8.0 (31-10-2003):
883 * manual: make ps file fit on both a4 and letter paper
884 * sh_socket.c, sh_socket.h, sh_forward.c: socket interface
885 to send (quit/reload) commands to clients
886 * sh_forward.c, configure.ac: enable build with libwrap
887 (Wietse Venema's TCP Wrappers library)
888 * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c:
889 new option to suppress messages for new and/or deleted files
890 * samhainrc.aix5.2.0: contributed by Christoph Kiefer
891 * samhain.c: fix compile warning on solaris (noticed by Ian Hunt)
892 * sh_database.c: undef debug code for oracle
893 * samhain.oracle.init: contributed by Joern Michael Krueger
894 * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c,
895 sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h:
896 check-mounts and userfiles modules contributed by eircom.net
897 * sh_utils.c: fix off-by-one bug in sh_util_compress()
898 * sh_forward.c, sh_tools.c, configure.ac:
899 version 2 client/server protocol
900 * sh_mail.c: add %S to include severity in subject (user request)
901 * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD
902 * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline
903 for --enable-ptrace
904 * samhain.c: lower priority for 'uninitialized module' message
905 * sh_entropy.c: lower priority for message if /dev/random blocks and
906 /dev/urandom is available
907 * improved error messages in sh_readconf.c
908 * print system error message for getpwuid, getgrgid
909 * fix missing module init after SIGHUP (noticed by Cian Synnott)
910
9111.7.12 (13-10-2003):
912 * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10)
913 thanks to bug reports by Jason Martin and Matthew P. Cox
914
9151.7.11 (01-09-2003):
916 * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h:
917 - change SIG_USR1 to switch between dbg on/off
918 - change SIG_USR2 to switch between suspend on/off
919 - fix CLT_ILLEGAL to actually work
920 - introduce new state CLT_SUSPEND
921 - force reauthentication after suspend
922 * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024
923 * sh_suidchk.c: better AIX fs detection (Christoph)
924 * sh_entropy.c: increase buffer size for unix entropy gatherer
925 (problem reported by D. Danielson)
926 * default config files: add lots of comments, list more options
927 * sh_error.c: set default severities to 'crit'
928 * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config
929 file syntax, issue warnings (triggered by C. Kiefer)
930 * Makefile.in: handle depend-gen errors more gracefully
931 * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens)
932 * configure.ac: workaround for mysql_config weird output
933 (reported by G. Faron)
934 * sh_unix.c, sh_tiger0.c: check IO limit during read of large files
935 * depend-gen.c: close streams before attempting to rename (Cygwin)
936 * Makefile.in: fail gracefully if depend-gen fails
937 * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER
938
9391.7.10 (27-07-2003):
940 * FreeBSD init script: define $pidfile (reported by D. Thiel)
941 * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2
942 * sh_schedule.c: fix bad array size
943 * samhain.c: fix pid_t <> int casts
944 * sh_kern.c: fix repetitive messages
945 * configure.ac: try to bootstrap if TIGER192 not supported by gpg,
946 provide a detailed error message
947 * configure.ac: try harder to locate mysql
948 * docs/Changelog: retroactively add release dates, if known
949 * sh_mail.c: fix potential message truncation in mailer
950 * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable
951 * sh_readconf.c: fix segfault (dereference of uninitialized pointer)
952 if --with-gpg and --enable-stealth are used together (reported
953 by Anthony Caetano)
954 * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive
955 error messages (larger GLOB_LEN, stat fills aud_err_message)
956
9571.7.9 (30-06-2003):
958 * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory),
959 problems with SIGABRT noticed by Brian and Alf B Lervåg
960 * deploy.sh.in: fix some bugs (found by Alf B Lervåg)
961 * scripts/chroot.sh: fix typo (found by Alf B Lervåg)
962 * configure.ac (khide): search also for 'd sys_call_table' (noted by
963 cuek_saja)
964 * strip whitespace before checking gpg checksum (noted by D. Thiel)
965 * manual (faq section): explain how to stop console output
966 * Makefile.in: fix re-naming of yule with --enable-install-name
967 * HOWTO-client+server.html: fix typo (noted by xavier renaut)
968 * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1)
969
9701.7.8 (28-05-2003):
971 * sh_unix.c: new mlock implementation with reference count
972 and page alignment (fix for solaris problem)
973 * kern_head.c: search also for 'xxxxxxxx d sys_call_table'
974 * sh_html.c: write status comment (for Beltane 2)
975 * add CL option --delimited for comma-delimited signature database dump
976 * sh_mail.c: check exit status of push_list to fix counting bug
977 (bug reported by Alan Moore)
978 * configure.ac: add error message to --with-libs
979 * fix spelling of $DAEMON in init script (noted by C. Grigoriu)
980 * fix missing initgroups()
981
9821.7.7 (06-05-2003):
983 * sh_forward.c: fix bug if compiled with --enable-udp, but disabled
984 in config file (found by Andy OBrien)
985 * sh_database.c: sh_database_entry(): size -> c_size (two places)
986 to fix writing of '\0' to arbitrary places :(
987 (problem pointed out by Stefan Giesen)
988 * profiles/*/configopts: fix --with-base -> --enable-base
989
9901.7.6 (24-04-2003):
991 * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen
992 * fix samhain_hide for the O(1) scheduler used by RedHat:
993 configure.ac, acconfig.h: check for next_task in struct task_struct
994 samhain_hide.c: use find_task_by_pid if no next_task in task_struct
995 * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning
996
9971.7.5 (15-04-2003):
998 * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag
999 * manual: point out the bmaxdata problem on AIX in faq section
1000 * trustfile.c: don't check symlinks (permissions of directory count)
1001 * sh_schedule.c: fix problem with daylight saving switchover
1002 * sh_samhain.c: close all open fd's >2 before reading the conf file
1003 * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing
1004 user
1005 * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error
1006 * sh_forward.c: place timestamp code before select() timeout handler
1007 * fix incorrect class of timestamp messages (conflict with manual)
1008 * sh_readconf.c, sh_forward.c: new config option SetStripDomain
1009 * configure.ac: add warning if /lib/modules/`uname -r`/build/include
1010 not found
1011 * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table
1012 address from System.map)
1013 * sh_err_syslog.c: fix for Solaris
1014 * samhain.spec.in: strip REQ_FROM_SERVER from config file install path
1015
10161.7.4 (21-03-2003):
1017 * configure.ac: fix bug in defargs (--with-base > --enable-base)
1018 * aclocal.ac: detect unsupported options
1019 * kern_check: add syscalls, skip unused syscalls
1020 * fix Manual (--enable.../--with... inconsistency)
1021 * add two HOWTOs (signed files, server/client)
1022 * moved manual into new subdirectory docs/
1023 * add admin scripts by S.Bailey/M.Redinger
1024 * option to have a version string in db file
1025
10261.7.3 (23-02-2003):
1027 * samhain-install.sh: use yule user key for signing on install
1028 * fix a bug in sh_err_console.c (attempted write to const char)
1029 * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg
1030 * Makefile.in: make target 'trustfile' depend on config.h
1031 * configure.ac: don't use install_name before it is defined ...
1032 * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2
1033 * samhain.c: make sure daemon cannot be forced into 'update' mode
1034 * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile)
1035
10361.7.2 (04-02-2003):
1037 * sh_kern.c: use sys_call_table address from System.map
1038 * fix for reserved SQL keyword 'group'
1039 * add AC_SYS_LARGEFILE to configure.ac
1040 * allow separate client-specific log files for server
1041 * sstrip.c: compile sstrip code only for i386
1042 * sh_unix.c: closeall: don't close trace file
1043 * slib.c: don't trace sl_is_suid (leads to recursion in trace handler)
1044 * samhain-install.sh.in: fix detection of LSB compliant systems
1045 * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks
1046 * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd
1047 (may block otherwise, for no good reason apparently ...)
1048 * samhain.spec.in: replace %configure with ./configure
1049 * sh_unix.c: re-write signal handling (use __malloc_hook et al. to
1050 check whether we are in the middle of a free/malloc/realloc/memalign)
1051 * sh_unix.c: use new safe_logger() function to log from signal handler
1052 * sh_err_log.c: fix xml
1053 *
1054 * fix Makefile.in to exit non-zero on compile failure
1055 * database init: create index on log_host, entry_status
1056 * sh_suidchk.c: fix path building
1057 * sh_tiger0.c: read larger blocks
1058 * sh_hash.c: cast inode to UINT32
1059 * sh_tools.c: check that config/database files size fits in uint
1060 * sh_error.c: export flag_err_debug to avoid unnecessary calls
1061 * sh_unix.c: save the open() call in sh_unix_getinfo_attr()
1062 * profiles/redhat_i386/bootscript: add # description field
1063 * deploy.sh.in: set owner + permissions for files in yule_filedir
1064 * profiles/debianlinux_i386: fix bootscript
1065 * Makefile.in: fix deploy file lists and targets (include init+scripts)
1066 * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE
1067 * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h)
1068 * sh_err_syslog.c: split long messages rather than truncating
1069 * sh_error.c: allocate msg to fix truncation limit
1070 * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited
1071 filedescriptors may exceed FOPEN_MAX, causing problems in
1072 sl_open_file)
1073 * sh_err_console.c: avoid stdio
1074 * trustfile: dirz: make swp[] static
1075 * slib.c: speed up sl_strlcat
1076 * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX)
1077 * remove some unused code
1078 * slib.c: support long long int in the snprintf replacement
1079 * configure.ac: new configure macro to check whether sa_sigaction works
1080 * Makefile.in: make sstrip, encode dependent on config.h
1081
10821.7.1a (08-01-2003):
1083 * fix a syntax error in samhain-install.sh.in
1084
10851.7.1 (07-01-2003):
1086 * search runlevel scripts in ./init or ./
1087 * handle all distro-specific Linux runlevel script issues
1088 within a single script
1089 * support install-boot on Yellow Dog Linux and Slackware
1090 * samhain-install.sh: fix a bug for unknown Linux
1091 ('"' not closed, DVER not set)
1092 * samhain-install.sh: check for /etc/yellowdog-release
1093 * sh_database.c: fix missing entry for 'userid' in attr_tab[]
1094 * fix debian.rules.in (disable sstrip)
1095 * update make targets: 'srpm', 'srpm-dist', 'rpm'
1096 * check for zlib if mysql is used
1097 * workaround for NetBSD bug with libresolve
1098 * fixed problems with spec files
1099
11001.7.0 (22-12-2002):
1101 * improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>)
1102 * sh_unix.c: fix a dereferenced static pointer in tf_trust_check
1103 * runlevel scripts: remove pid file after stop
1104 * make the data directory read-only for the daemon
1105 * treat 'localhost' specially in MX resolver
1106 * sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail>
1107 * deploy.sh.in: fix quoting (fix by Simon Bailey)
1108 * slib.c: make sl_get_euid et al. behave well if uids not stored
1109 * trustfile.c: use euid = uid(SH_IDENT) if server
1110 * sh_mail.c: include an MX resolver
1111 * Makefile.in: install-user routine for user installation
1112 * have yule drop root
1113 * sh_tools.c: open_temp use logdir if server
1114 * unified options for runlevel script
1115 * HP-UX, IRIX runlevel scripts
1116 * AIX inittab entry
1117
11181.6.6 (13-12-2002):
1119 * configure.ac: solaris cc -O2 -> -xO2
1120 * sstrip.c: avoid alpha architecture
1121 * profiles/solaris/configopts: no --enable-static
1122 * sh_forward.c: sh_forward_req_file: copy argument to local array
1123
11241.6.5 (04-12-2002):
1125 * sh_utmp.c: set userlist = NULL in sh_utmp_end ()
1126 * sh_unix.c: do not assume that environ is sane
1127 * exit handler: write </trail>
1128 * sh_log_file(NULL): test sh.flag.log_start != S_TRUE
1129 * FreeBSD rc script does not blindly accept content of pid file
1130 * configure.ac: allow 'localhost' for log server
1131 * sh_calls.c: retry_connect: ntohs (port)
1132 * testrun_2[abc].sh: --with-logserver=localhost for client
1133
11341.6.4 (12-11-2002):
1135 * sh_tools.c: fix error when escaping '=<'
1136 * fix the 'make srpm' target
1137 * deploy.sh.in: avoid that client is named 'yule'
1138 * define memset to sl_memset
1139 * fix type cast of uid_t, gid_t
1140
11411.6.3 (31-10-2002):
1142 * fix options for Sun/Solaris native compiler
1143 * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error
1144 * test sstrip on freebsd
1145 * default config file for freebsd
1146 * make target to build .deb packages
1147 * sh_readconf.c: fix bug in error message
1148 * samhain.c, sh_suidchk.c: fix initialization of suidchk
1149 * samhain-install.sh.in: don't remove config file by default
1150 * samhain-install.sh.in: support complete de-installation
1151 * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris
1152 * samhain-install.sh.in: check more paths
1153 * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue]
1154 * sh_calls.c: save error message in retry_lstat()
1155
11561.6.2 (04-10-2002):
1157 * make target to build rpms
1158 * update samhain.spec.in, samhain.startRedHat
1159 * support DESTDIR, as in 'make DESTDIR=/what/ever install'
1160 * explicitely set -fno-omit-frame-pointer b/o gcc bug
1161 * mv configure.in to configure.ac to benefit from autoconf wrapper
1162 * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP
1163 * slib.c: fix debug messages (no msgs for dlogActive <= 1)
1164 * sh_schedule.c, samhain.c, sh_suidchk.c:
1165 scheduler may accept multiple schedules
1166
11671.6.1 (04-09-2002):
1168 * sh_schedule.c: bugfix (executes only after first day)
1169 * rm obsolete WITH_TRACE stuff
1170 * new dlog() function for debug logging
1171 * some more descriptive error messages
1172
11731.6.0 (27-08-2002):
1174 * omit the -fomit-frame-pointer option (bugs in some gcc versions ?)
1175 * sh_error.c: fix escape mode when logging to database
1176 * sh_forward.c: fix error (twice escape) in recv_syslog_socket
1177 * sh_tools.c: change escape mode for server-received data
1178 * sh_mem.c: change ulong -> size_t in sh_mem_malloc()
1179 * configure.in: fix localstatedir if --prefix=USR
1180 * sh_hash.c: snprintf() -> sl_snprintf()
1181
11821.5.5 (07-08-2002):
1183 * sh_err_log.c: fix incorrect xml syntax for client messages
1184 logged by server
1185 * sh_err_log.c: fix incorrect '</trail>' entries on client EXIT
1186 * sh_files.c: introduce file_class_next
1187 this fixes the problem that a policy for the directory
1188 inode erroneously becomes a policy for the directory itself.
1189
11901.5.4 (17-07-2002):
1191 * sh_hash.c: fix buffer overflow with (micro-)stealth
1192 * sh_database.c: set path[] 1024 -> 12288
1193 * sh_database.c: set query[] 2048 -> 16383
1194 * sh_database.c: set values[] 1024 -> 16383
1195 * sh_forward.c: larger limit for message size (16 kB)
1196 * trustfile.c: set MAXFILENAME 2048 -> 4096
1197 * fixed a bug in the handling of filenames with embedded newlines
1198 * sh_files.c: fix missing sh_util_safe_name() in debug output
1199 * --with-sender can specify a full address
1200 * fix xml log in a backwards compatible way
1201
12021.5.3 (03-07-2002):
1203 * fix combination of stealth and sql logging
1204 * fix some more places where invalid UIDs/GIDs trigger errors
1205
12061.5.2 (01-07-2002):
1207 * include solaris config file from (sean [at] boran d.o.t com)
1208 * test for files/dirz defined twice in the configuration file
1209 * option to disable reverse lookup on outbound connections
1210 * option to use socket peer as client name (with name resolving)
1211 * sh_html.c: fix an HTML bug (twice </head><body>)
1212 * sh_suidchk.c: fix warning on AIX b/o dirname()
1213 * allow logging server -> syslog if yule is NOT configured to
1214 receive syslog messages
1215 * define PRIi64 to "lld" if undefined
1216 * invalid UIDs: use gid/uid as name, error level SeverityNames
1217 * minor fixes for connect_port
1218 * sh_hash.c: flush output of db listing before _exit()
1219 * configure.in: fix incorrect default ${install_name} for server
1220 * configure.in: try harder to find mysql.h / libpq-fe.h
1221 * sh_files.c: sh_files_checkdir:
1222 closedir() early to not exhaust OPEN_MAX
1223
12241.5.1a (30-05-2002):
1225 * fix missing LSB init script
1226
12271.5.1 (27-05-2002):
1228 * fix '-t update' option
1229
12301.5.0a (23-05-2002):
1231 * fix configure.in
1232
12331.5.0 (22-05-2002):
1234 * include solaris nosuid patch from (nathoo [at] co d.o.t ru)
1235 * similar fix for bsd nosuid
1236 * speed up -t update
1237 * convert manual to DocBook, distribute html and ps
1238 * fix some more problems with configure.in, Makefile.in
1239 * fix testsuite, add tests for udp, mysql
1240 * MSG_TCP_MSG: host -> remote_host
1241 * convert to autoconf 2.53
1242 * make c_bits.sh exit with status 0
1243 * sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h
1244 to avoid dependency tracking problems
1245 * samhain.c remove *YULE* #ifdefs
1246 * acconfig.h remove *YULE* #undefs
1247 * samhain.c: procdirSamhain: lstat --> stat (allow symlink)
1248 * configure.in: add checks for correct user input
1249 * Makefile.in: add automatic dependency tracking
1250 * depend-gen: tool to figure out dependencies
1251 * chkconfig comments in redhat start scripts
1252
12531.4.8:
1254 * sh_database.c: fix missing attr_old, attr_new, (from)host columns
1255 * configure.in, Makefile.in: fix an error in the configfile
1256 definition with REQ_FROM_SERVER
1257 * sh_err_console, sh_err_log: avoid recurrent failure messages
1258 * timeout on read from files (/proc)
1259 * fix errrors with setjmp/longjmp/alarm
1260 * fix memory leak in server (~20 byte/file download in sh_tools, 930)
1261 * check gpg signature for files downloaded from server, add a
1262 regression test
1263 * fix chown in solaris bootscript
1264 * provide second scheduler for file check
1265 * provide scheduler for file check
1266 * provide scheduler for SUID check
1267
12681.4.7 (08-04-2002):
1269 * make daemon control LSB-compliant (arguments, exit status)
1270 * set log_ref = 0 for server messages
1271 * boolean option SetDBServerTstamp to disable entering server
1272 timestamps for received client messages into database
1273 * sh_suidcheck: check for "nosuid" mount option if getmntent is used
1274 * fix logrotate script in manual (reported by Scott Worthington)
1275 * don't strip numerical IP addresses
1276 * check item->status_now != CLT_TOOLONG in client_time_check()
1277 * set log_host to client in db client message
1278
12791.4.6a (20-03-2002):
1280 * define prefix in deploy.sh
1281
12821.4.6 (19-03-2002):
1283 * modify samhain_hide.c to hide processes on new Linux kernels
1284 * better error diagnostics in kern_head.c
1285 * fix compile error in all_items ()
1286 * check length of install-name in enable-khide (max is 15)
1287 * define exec_prefix in deploy.sh.in
1288 * make configure a bit more cross-compiler friendly
1289
12901.4.5 (07-03-2002):
1291 * Make sure missing file is reported even if ptr->reported == S_TRUE
1292 because the file has been added.
1293 * propagate 'reported' flag from sh_files_checkdir() into file list
1294 * close checkfd in sh_gpg_check_file_sign()
1295 * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...)
1296 * use sh.srvcons.name in dbg() to get debugging info from daemon
1297 * option to log file timestamps with localtime instead of GMT
1298 * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory
1299 sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c
1300 * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk()
1301 to make sure re-disappearing will get reported
1302 * new function sh_hash_set_missing() to remove file record
1303 without (duplicate) 'missing' message
1304 * make sure all items are reported for added files
1305 * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h)
1306 * clarify in the documentation which gpg options to use for signing
1307
13081.4.4 (11-02-2002):
1309 * check that parent process has exited before writing PID file
1310 * promote MGG_W_CHDIR to SH_ERR_ERR
1311 * add error message to sh_unix_testlock
1312 * fix missing _() macro in sh_aud_set_functions
1313
13141.4.3 (05-02-2002):
1315 * don't check attributes for symlinks (may cause device access)
1316 * add USE mysql; USE samhain; to samhain.mysql.init
1317 * point out the MessageHeader/mysql problem in manual
1318 * add -lz to LIBS for mysql
1319 * strip after install, avoid double strip
1320
13211.4.2 (27-01-2002):
1322 * support for EGD
1323 * fix some more problems with install-deploy / deploy.sh
1324 * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_)
1325 * fixed the 'external logging' test (init rather than none in rc file)
1326
13271.4.1:
1328 * SuSE: include run level 4+5
1329 * install location of hiding kernel modules changed - some insmod
1330 variants do not test for /lib/modules/$(uname -r)/module_name.o
1331 * new make targets 'install-deploy', 'uninstall-deploy'
1332 * fixed make targets 'deploydir', 'deploydirfast'
1333 * bail on unsupported CL option in deploy.sh
1334 * fix various bugs in deploy.sh
1335
13361.4.0 (16-01-2002):
1337 * fixed missing 'dirname' on Mac OS X
1338 * fixed && tested for/with postgres
1339 * 'user=' -> 'userid=' (reserved word in sql)
1340 * fix the endianess + size of file database; this changes db format
1341 for any non-Linux OS
1342 * --enable-old-format for old (V1.3) database format
1343 * getopt, samhain.c, samhain.h: option -f to loop if not daemon
1344 * sh_hash: list numeric + char data to allow file db update on
1345 server side
1346 * sh_database: modify handling of integer (long) data
1347 * sh_database: datetime in database
1348 * sh_database: hash field in database
1349 * sh_database: rewrite database insert string construction
1350 [use INSERT INTO log (fields) VALUES (values);]
1351 * makefile suse 7.x runlevel entries
1352
13531.3.7 (06-01-2002):
1354 * fix incorrect escape in sh_tools_safe_name
1355 * fix sh_error_handle (4. argument) in sh_extern.c
1356
13571.3.6c:
1358 * fix segfault in sh_database (mysql logging) on solaris
1359
13601.3.6b (03-01-2002):
1361 * fix syntax error ('==') in Makefile.in
1362 * fix configure.in (path for /lib/modules/$(uname -r)/build/include)
1363 * fix sh_kern.c (redeclaration of 'j')
1364
13651.3.6 (03-01-2002):
1366 * sh_kern.c: check integrity of int 80h vector
1367 (SucKIT rootkit - Phrack 58)
1368 * make sure childs in sh_kern are wait()'ed for
1369 * provide start/stop/restart/reload/status interface
1370 * fix a potential segfault (dereferenced NULL pointer) in the server
1371 * use sh_util_flagval for sh_unix_setdaemon
1372 * documentation for logging to SQL database
1373 * configure.in: check for -I/lib/modules/$(uname -r)/build/include
1374 * fix trustfile.c to ignore invalid users
1375 * separate 'make install-samhain' and 'make install-yule'
1376 * separate default log/pid/config files for server/client
1377 - less problems running server and client on same host
1378 * rewrite deploy.sh(.in):
1379 - don't use (make|install) if deploying
1380 - use command line options
1381 - better integrate into server environment
1382 - write install db
1383 * always write a pidfile if daemon
1384 * don't use server's config file as fallback for downloading client
1385 * don't overwrite config file when doing 'make install'
1386
13871.3.5 (28-12-2001):
1388 * fix --enable-message-queue for newer glibc versions
1389 * log to SQL database: implemented, but undocumented yet,
1390 needs to be tested further
1391 * xml: escape received syslog messages
1392 * xml: rename 'time' to 'tstamp'
1393 * make targets: make [un]install-[boot-]yule
1394 (for server-only installation)
1395 * fix samhain_hide.c for 2.4 kernel
1396 * fix sh_kern for updated samhain_hide.c
1397 * new option -j to just list the logfile
1398 * sh_getopt.c: recognize -Dt check for -D -t check
1399 * sh_tiger0.c: fix compiler warning (memmove) on Solaris
1400
14011.3.4 (12-12-2001):
1402 * sh_suidchk.c: option to limit files per second
1403 * sh_unix.c: option to limit (kilo)bytes per second
1404 * sh_hash.c: fix potential problem with '\n' in filename
1405 (not backward compatible if there are filenames with '=')
1406
14071.3.3 (03-12-2001):
1408 * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c:
1409 option SetNiceLevel to set scheduling priority
1410 * sh_hash.c: bugfix for database listing on Solaris
1411 * taus_seed: bugfix for emergency backup rng seed
1412 * sh_util_safe_name: fix for XML
1413 * sh_utmp_set_login_activate: use sh_util_flagval
1414 * sh_utils.c: sh_util_obscurename: rm 'space' from list
1415 * more backtrace macros
1416 * sh_util_flagval: fix bug to recognize 1/0
1417 * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5)
1418 * rm stray debug fprintf in sh_srp.c
1419
14201.3.2 (27-11-2001):
1421 * sh_hash.c: fix an error introduced in 1.3.1
1422 * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug
1423
14241.3.1 (25-11-2001):
1425 * slib.c: get backtrace with --enable-debug
1426 * sh_unix.c: allow core dumps when --enable-debug
1427 * configure.in: fix default message queue permissions
1428 * sh_suidchk.c: automatically include suid/sgid files in database
1429 * sh_suidchk.c: check all suid/sgid files
1430 * sh_hash.c: don't insert duplicates when reading the database
1431 * sh_utmp, sh_kern, samhain: fix 1sec offset in timer
1432 * sh_unix.c: don't require /dev/random to be non-world-writeable
1433 * server: fix segfault in zAVLTree.c if avltree == NULL (no clients)
1434 * client: fix segfault on Solaris if path_conf == NULL
1435 * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed
1436
14371.3.0 (31-10-2001):
1438 * support compiling with GNU gmp library
1439 * set 3 sec timer on client_time_check to avoid excessive (and
1440 unnecessary) calls under heavy load
1441 * replace sl_strlen with a macro
1442 * store client_t structure in AVL tree
1443 * database format incompatible with previous format, up the magic#
1444 * sh_html.c: cache entry template for speedup
1445 * slib.c: reset islong(double) in sl_printf_count
1446 * sh_hash.c: report on rdev change
1447 * sh_hash.c: print size in 64 bit
1448 * sh_hash.c: save in absolute size types
1449 * sh_unix.c: get values as appropriate type (time_t, dev_t, ...)
1450
14511.2.10:
1452 * update MANUAL
1453 * sh_unix.c: tiger_hash -> tiger_generic_hash
1454 * sh_readcon.c: DigestAlgo option
1455 * sh_tiger0.c: add MD5 and SHA1
1456 * sh_unix.c: fix minor problem with win2k/cygwin
1457
14581.2.9 (17-10-2001):
1459 * fix problem with entry template/empty hostname
1460 * fix MASK_USER_ (MTM -> ATM)
1461 * typo fixed in configure.in (${install_name} -> {install_name})
1462 * bugfix group_old -> size_old in XML code
1463 * skip armor header in signed files
1464
14651.2.8 (29-09-2001):
1466 * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid
1467 obscure compiler warning
1468 * Mac OS X: fix test scripts
1469 * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org
1470 * implement deadtime in syslog recv code to protect against flooding
1471 * sh_err_log: sl_close(fd) if lock|forward fails
1472 * compliance with Filesystem Hierarchy Standard -- Version 2.2 final
1473 * add policies User0, User1
1474 * fix compile problem (FreeBSD) in sh_suidchk.c
1475 * macro to check for debugger breakpoints (linux/i386)
1476 * check for solaris (does not work) in sh_derr (--enable-ptrace)
1477 * option to listen on 514/udp for syslog, drop root
1478 irrevocably if compiled thus
1479 * use (check_mask & MODI_ATM) to decide whether to reset utime
1480 * reset the policy masks on sighup
1481 * option to write XML log messages
1482 * cleanup of message catalog
1483 * modified error messages for BADCONN
1484 * error messages for Rijndael
1485 * block recursive error messages within sh_error_handler()
1486 - would hang the machine ... -
1487
14881.2.7:
1489 * sh_files, sh_utils: check top level directory
1490 * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess
1491 for reading from /dev/kmem
1492 * include /boot in default samhainrc
1493 * change source distribution signing/packaging system
1494 * Makefile, README, MANUAL: adhere to file system standard,
1495 document new locations
1496 * fix a bug in samhain_hide.c
1497
14981.2.6:
1499 * reset list of trusted users before config file re-read
1500 * TrustedUser=... can be a list
1501 * fix severity for files missing from IgnoreAll
1502
15031.2.5:
1504 * include example_pager.pl, example_sms.pl scripts
1505 * explain paging/sms setup in docs
1506 * allow manual exclusion of a directory in suidcheck
1507 * automatically track all file changes
1508 * remove missing files from in-memory database
1509 * add $(KERN) to DEPLOYFILES
1510
15111.2.4:
1512 * log IP address for login/logout events, if supported by the OS
1513 * release block in globerr (callback)
1514
1515-------------
1516
15171.2.3:
1518 * fix problem with reading stealth configuration
1519 * fix a few formats in sh_cat.c
1520 * always use strncmp for file system type check in sh_suidchk.c
1521 (trailing 'fs' may be system specific for some types)
1522 * no bare LF in messages (RFC 2822)
1523 * no lines longer than 998 chars (RFC 2822)
1524 * fix error in testrc_1
1525
15261.2.2:
1527 * make tmp file directory a compile time option
1528 * fix minor bugs in tmp file allocator (potential memory leak,
1529 double slash if root directory)
1530 * obsolete testpipe script removed
1531
15321.2.1:
1533 * fix memory alignment in rijndael-api-fst.c: blockEncrypt()
1534 * fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
1535 * removed a debug fprintf()
1536
15371.2.0:
1538 * fix a bug in the HMAC implementation (thanks to Cesar Tascon
1539 for help in tracking down this one)
1540 * module to check the file system for SUID/SGID files
1541
15421.1.16 (never released):
1543 * fix the recursion depth -1 option as described in the manual
1544 * optional database reload on SIGHUP
1545 * fix a race condition when checking that /dev/random is a charakter
1546 device
1547 * redirect stderr to /dev/null for c_random
1548 (AIX may segfault in netstat...)
1549 * check whether /dev/random is a charakter device in c_random.sh
1550 (we know at least one sysadmin who has set up a fake /dev/random ...)
1551 * don't give NULL as 2. and 3. arg to execve if not Linux - some
1552 Unices (notably Solaris) don't like it
1553 * init ptr = NULL in my_malloc (compiler warning)
1554 * make the bitmask for tests configureable (suggestion by A. Dunkel)
1555 * make the bitmask for tests a static variable
1556 * make (database/logfile/lockfile) path configurable
1557 (to run multiple instances of samhain from an NFS share - on the
1558 wishlist of J. Patton)
1559
15601.1.15 (never released):
1561 * fix minor error in testcompile.sh (rm test_log only at start)
1562 * return from subroutines on sig_terminate == 1
1563 (faster exit on SIGTERM)
1564 * fix re-configuration of addresses
1565 * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
1566 * SysV message queue as compile option
1567 * config file option to set console device
1568 * removed the pre 1.1.9 code bloat
1569 * don't print the LOGKEY to the console
1570
15711.1.14:
1572 * fix an error in the setup consistency check
1573 * make target to uninstall runtime files
1574 * trustfile.c: check return code of readlink(), fix off-by-one error
1575 * sh_files.c: fix placement of terminator after readlink() call
1576 * sh_files.c: fix a missing set_suid()/unset_suid()
1577 - suid should work, but is not recommended -
1578 * more debug statements in c/s code
1579 * avoid re-entry in sh_unix_sigexit
1580 * put a block around free() and malloc() in wrapper functions
1581 * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
1582 - i.e. avoid corrupting the heap from a signal handler -
1583
15841.1.13:
1585 * optimized the size of the configure script somewhat
1586 * modify the compile and hash test scripts
1587 * read '\0's in sh_unix_getline
1588 * exponential schedule for connection attempts
1589 * make stealth working properly with signed files
1590 - config file should be signed now before embedding in picture -
1591 * fix a race in using signed files
1592 * updated err messages for PWNULL, GRNULL
1593 * add missing shell script for test 11
1594 * add mandatory source file/line info with -p debug
1595 * add mandatory source line info with BADCONN
1596 * fix a latex error in the manual
1597
15981.1.12:
1599 * debug output to console if compiled with --enable-debug and
1600 running as daemon
1601 * make reportonlyonce=true the default
1602 * make sure state changes of a file are always reported, even
1603 with reportonlyonce=true
1604 * Linux kernel modules (samhain_hide, samhain_erase)
1605 * fixed incorrect return value of sh_util_flagval
1606 * fixed an error in sh_files.c: happens with -t init and first
1607 file that is checked does not exist
1608 * revised install/uninstall targets in the Makefile
1609 * module to check for clobbered kernel syscalls (tested on Linux 2.2)
1610 * more diagnostic error messages in sh_gpg.c
1611 * more diagnostic error messages in sh_mail.c
1612 * error in mail.c fixed
1613 (address -> address_list[i] for multiple recipients)
1614 * docs updated, better(?) explanation of signed files
1615 * skip over path in gpg checksum output
1616 * check client name against IP address and FQDN
1617 * fix for --disable-* in config file
1618 * fixed a server crash (MSG_TCP_OKMSG without arg)
1619 if the server is run with debug level output threshold
1620 * catch EAGAIN in sh_gpg.c pipe reader
1621 * fix the 'external logging' test to make it work on BSD
1622 * error message if no local path to init DB
1623 * check for i86/Solaris in configure (vsnprintf prototype)
1624 * make SRP the default
1625
16261.1.11:
1627 * make log file verification more convenient
1628 * fix problem with message classes in stealth mode
1629 * linux: do not try to read file attributes for devices
1630 * handle the root directory correctly (avoid "//" in listing)
1631 * fix problems with blockin on FIFOs/char dev
1632 pointed out by I. Rogalsky (rog@iis.fhg.de)
1633 - open in nonblocking mode for read, then set to blocking
1634 - open file only if regular
1635 * fix alignment in memory profiler
1636
16371.1.10:
1638 * minor code cleanup
1639 * fix an error in trustfile.c (handling of empty/incomplete
1640 group entries in /etc/group, bug report by A. Capriotti )
1641
16421.1.9:
1643 * compatibility option for old behaviour (plain hash instead
1644 of HMAC, ECB instead of CBC mode)
1645 * use CBC rather than ECB mode for encryption
1646 * use HMAC-TIGER for message authentication codes
1647 * handle NULL data in sh_tiger_hash
1648 * option to set syslog facility (default is LOG_AUTHPRIV)
1649 * longer timeout (300 sec) on /dev/random if no /dev/urandom
1650 * fix minor output error with stealth option
1651 * option not to log names of config/database files on startup
1652
16531.1.8:
1654 * fix error in syslog routine
1655 * fix missing 'test' in configure.in
1656 * fix error in replace_tab() in sh_html.c
1657 * fix minor memory leak in sh_util_regcmp()
1658
16591.1.7:
1660 * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
1661 * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
1662 * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
1663 * fix for Alpha: format string in sh_tiger0.sh
1664 * on Linux, now compiles cleanly with
1665 -Wall -W -Wstrict-prototypes -Wcast-align
1666 * fix problem with recursion depth
1667 (pointed out by Vic <hvicha@mail.ru>)
1668 * #include "sh_tools.h" in sh_unix.c and fix the
1669 --with-timeserver option (reported by Vic <hvicha@mail.ru>)
1670 * place read_port(), MSG_TCP_NETRP outside ifdefs
1671 * close fd/zero skey before execve
1672 * verify client name against socket peer
1673 * ... with configureable error priority
1674 * use strcmp() rather than strncmp() in search_register()
1675 * fix race between lstat() and open() for checksum
1676 (reported by dynamo <dynamo@ime.net>,
1677 JJohnson <JJohnson@penguincomputing.com>)
1678 * enable globbing for filenames
1679 * fix Solaris problem: siginfo_t may be NULL
1680 * fix missing SL_EBADGID in tf_trust_check
1681 * test case for external scripts, fix flushing pipe
1682 * fix a typo in sh_ext_type
1683 * do an fdexec w/checksum on Linux if calling external program
1684 * even safer tmp file creation
1685 * allow db update
1686 * fix compile options for --enable-debug
1687 * fixed a spelling error in the output
1688 * test program for full CS support (config/database download)
1689 * tell which file is searched for cs download
1690
16911.1.6:
1692 * fix bug in sh_readconf_line (segfault on erroneous config lines)
1693
16941.1.5:
1695 * sh_unix.c: sh_unix_getinfo_attr: f -> flags
1696 * use gettimeofday as last resort
16971.1.4:
1698 * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
1699 to (char *)
1700 * configure: add static link flags for some more os (from tar)
1701 * don't strip twice (some stupid systems abort)
1702 * fix for reading from /dev/random on non-Linux systems (untested)
1703 * sh_mail.c: end all message lines with \r\n
1704 * stealth: ignore \r, \"
1705 * take out tracing from --enable-debug (presently useless anyway)
1706 * fix some remaining cleartext with debug && stealth combined
1707 * fixed a small memory leak in sh_err_log.c
1708
17091.1.3:
1710 * fixed circular logic in taus_seed() (fallback method only)
1711 * fix for missing _SC_OPEN_MAX (runaway close())
1712
17131.1.2:
1714 * implement message classes
1715 * let server recognize client message severity and class
1716 * secondary log server
1717 * keep database in memory (allows to close file
1718 if retrieved from server)
1719 * encrypt client/server communication
1720
17211.1.1:
1722 * Compilation problems with native Solaris compiler fixed
1723 * fill in euid/ruid variable
1724 * manual.pdf --> MANUAL.pdf
1725 * debug sh_util_formatted()
1726 * http refresh 120sec for server stat page
1727 * trace/debug options
1728 * fixed problem with utmp.c options
1729 * fixed problem with sh_mail_setaddress
1730 * option for custom message header
1731 * fixed problem in compdata
1732 * fixed problem in mail verification
1733 * remove eventual trailing '/' in file names
1734 * fixed problem with report string for modified files
1735 * option to report in full detail
1736
17371.1.0:
1738 * Move error messages to catalog
1739 * Make error message format more uniform
1740 * Wrap sytem calls that could be interrupted by signals
1741 * Warn on append to database
1742 * Option for full details on mod. files
1743 * Option to report only once on mod. files
1744 * Generally speaking, major modifications with potential new bugs
1745
17460.9.5:
1747 * sh_hash.c: fixed erroneous checksum for config file
1748 * sh_html.c: fixed erroneous timestamp (last)
1749 * sh_tools.c: fixed connect_port (set port for cached address)
1750 * sh_srp.c: fix for '00' (='\0') in pw
1751 (last two fixes by Andreas Piesk)
1752
17530.9.4:
1754 * samhain.c: fcntl(1, ..) -> fcntl(2, ..)
1755 * sh_hash.c: copy 12 instead of 10 byte for c_attributes
1756 * 'empty directory' WARN -> INFO
1757
17580.9.3:
1759 * FreeBSD fixes:
1760 - c_random.sh: make sure /dev/random provides something
1761 rather than nothing
1762 - check for <netinet/in.h> and include it
1763 - include <sys/types.h> early
1764 - sh_utmp.c: fixed an occurence of ut_user
1765 - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
1766 - sh_forward.c: EBADMSG -> ENOMSG
1767 * sh_unix.c: check return value of gethostbyname
1768 * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
1769 more than 30 sec
1770 * ... and fix the timestamp format ...
1771
17720.9.2:
1773 * ISO 8601 timestamps
1774 * Bugfix in sh_utmp (timestring overwrite)
1775 * don't use siginfo_t on Linux (garbage as of 2.2.14)
1776 * check for Linux capabilities bug when dropping root
1777 * include README for gcc compiler bug (pointed out by A. Piesk)
1778 * explicitely set -fno-strength-reduce with gcc
1779 * fixed ignoring missing files with the IgnoreAll policy
1780
17810.9.1:
1782 * more ext2flags (breaks backward database compatibility on Linux)
1783 * IgnoreAll policy modified - missing/added files reported with
1784 SeverityIgnoreAll (to handle files that may or may not be present)
1785 * Check all files, not only regular ones
1786 (bug in sh_files, originally introduced because checksum of
1787 regular files only is computed)
1788
17890.9:
1790 * use O_NOATIME if supported
1791 * --with-nocl takes argument (PW to re-enable CL parsing)
1792 * no daemon mode if initializing database
1793 * fixed segfault in yule with 'unknown file type' request
1794 * enlarged MAX_GLOBS 24 -> 32 and made the array linear
1795 * server uses last registry entry for any given client now
1796 * deploy.sh script to deploy clients to remote hosts
1797 * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
1798 * allow y/Y/n/N for login monitoring (in addition to 0/1)
1799 * external logging scripts/programs
1800 * trustfile.c: define STICKY on Linux
1801 * reset signal mask when initializing
1802 * EINTR_RETRY wrapper
1803 * slib: sl_read, sl_write EINTR update
1804 * use sstrip when installing
1805 * more compact database format (breaks backward database compatibility)
1806 * larger download packets
1807 * TcpFlags unsigned char
1808 * cast to (char *) head in write_port
1809 * m(un)lock cast to (char *)
1810 * (1 << 31) --> (1UL << 31)
1811 * support e2fs attributes on Linux
1812 * fixes for AIX and Solaris native compilers
1813 * fixed Makefile for non-GNU make (pattern rule --> suffix rule)
1814
18150.8.1:
1816 * fixed 'is_numeric()' return value
1817
18180.8:
1819 * added option for static compilation
1820 * added option for stealth with non-hidden config file
1821 * added option for disabling command line parsing
1822 * all options can be set in the configuration file now
1823 * stealth: xor strings in database file
1824 * fixed bug in mailer code ([] in HELO)
1825 * print timestamp when asking for key
1826 * 'micro' stealth mode (no hidden configuration file)
1827 * simplified slib
1828 * int->long for uids/gids in trustfile
1829 * moved mailkey from data to code
1830 * shell script for entropy (stronger default key)
1831 * general code cleanup
1832 * better error checking in client/server code
1833 * detect out-of-sync messages
1834 * check state across protocol passes in server
1835 * make sure authentication is mutual
1836 * file download to client
1837 * reserve six file descriptors in server
1838 * mlock queue buffer if LOG_KEY
1839 * improved robustness in bignum (don't fail on free())
1840 * per-directory recursion depths
1841 * RFC821 compliance: empty line at end of header, To field, Date field
1842 * RFC821 compliance: make e-mail transfer relieable
1843 * fix detection of hardlink changes
1844 * checksum verification for calling gpg/pgp
1845 * CL option '-S' not required for server-only binary
1846 * eliminate CL options that may leak privileged information
1847 if the program is SUID
1848 * skip leading white space in configuration file
1849 * allow nested conditionals in configuration file
1850 * allow whitespace before and after '=' in configuration file
1851 * don't leak file descriptors to child processes
1852 * make message transfer relieable
1853 * always report error on abnormal termination of connection
1854
18550.7:
1856 * support for alpha machines
1857 * stop TCP logging after exit message
1858 * limit connections in server (DoS attacks)
1859 * move string handling to slib
1860 * move file handling to slib
1861 * timestring without space
1862 * changed report format
1863 * SUID bugfix - use euid when checking logfile ownership
1864 * SUID bugfix - get root for lstat()
1865 * SUID bugfix - get root for opendir()
1866 * store number of hardlinks
1867 * send no message if polling empty queue
1868 * include tiger 64-bit implementation (portability)
1869 * codes for error conditions
1870 * mail check: handle multiple, overlapping audit trails
1871 * security fix: no append to database if SUID
1872 * fix sh_entropy.c (BUFSIZ -> BUF_ENT)
1873 * read command line before config file
1874 * PGP signing of config/database files
1875 * checksum of config file reported
1876 * checking for attributes only
1877
18780.6:
1879 * more syslogish priority specification
1880 * fixed segfault in sh_mem_check, apparently this was also
1881 the reason for the segfault in atexit()
1882 * allow for compilation with SRP authentication
1883 * fixed tiger checksum computation
1884 * fixed broken logfile verification for second and further audit trails
1885 * test program added
1886 * documentation improved
1887 * sh_forward_make_client: bug fixed in[8]->in[i]
1888 * sh_error.h: fixed missing #include <errno.h>
1889 * configure.in: fixed missing strerror() test
1890 * sh_utmp.c: check logins/logouts
1891 * check for missing files
1892 * only reset access time if necessary
1893 * O_EXCL in open()
1894 * limit environment to TZ in execve (sh_entropy.c, not used on Linux)
1895 * use trustfile() to determine whether logfile dir is trustworthy
1896 * strip head instead of tail for numerical address
1897 * store messages in fifo during log server outage
1898 * re-init session key after server outage
1899
19000.5 (21-12-1999):
1901 * added option for mail relay server
1902 * own popen() implementation in sh_entropy() (portability)
1903 * fixed error in sh_util_basename() (returned NULL for base == "/")
1904 * fixed segfault in strlcpy/strlcat (check for src == NULL)
1905 * FILENAME_MAX -> PATH_MAX (HP-UX 10.20)
1906 * use TIGER for 32-byte compilers (portability)
1907 * fixed hash function (do not include stdlib.h)
1908 * flush buffer before write in mailer code (IBM AIX 4.1)
1909 * make mailer code non-forking
1910 * cast argument of is...() to int (portability)
1911 * return() after _exit() for braindead compilers (portability)
1912 * optionally use inet_addr (portability)
1913 * check for broken mlock() (HP-UX 10.20)
1914 * minor code cleanups
1915 * fixed incorrect size of munlock()'ed memory in sh_error_string()
1916 * fixed a buffer overflow in the error printing routine
1917 * fixed a buffer overflow in sh_util_safe_name ()
1918 * implement SRP session key exchange
1919 * implement client/server facility
1920 * implement @host/@end construct in configuration file
1921 * preferably use uname(), and do gethostbyname() for FQDN
1922 * make vernam cipher base numeric
1923 * make OnlyStderr private in sh_error
1924 * test -e "/dev/random" --> test -r "/dev/random" (portability)
1925 * check for libsocket (portability)
1926 * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
1927 * eliminate superfluous /proc test
1928 * some unreachable code removed
1929 * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash()
1930 * check for setresuid() if no seteuid() (HP-UX 10.20)
1931
19320.4 (09-11-1999):
1933 * make sure output from /dev/random has no NULL's
1934 * one-time pad encryption for emailed keys
1935 (better than nothing ...)
1936
19370.3 (04-11-1999):
1938 * logfile readable for group
1939 * verify signatures for any file
1940 * signature block in tarball
1941 * use select() in time server routine
1942 * better protection for session keys (mlock)
1943
19440.2:
1945 * fixed incorrect man page
1946 * fixed incorrect example rc file
1947 * recursive error logging should work now
1948
19490.1:
1950 * initial release -- on Samhain 1999, of course
1951
1952development start:
1953 * probably 29-06-1999
1954
Note: See TracBrowser for help on using the repository browser.