source: trunk/docs/Changelog@ 229

Last change on this file since 229 was 229, checked in by katerina, 16 years ago

Add missing file for dnmalloc test, update for testing on AIX 5.3

File size: 84.8 KB
Line 
12.5.5:
2 * t-test1.c: change function names because of clashes with an
3 AIX system header file
4 * fix warnings with -fstack-check (too large stack frames)
5 * fix for incorrect handling of hostnames in database insertion
6 (reported by byron)
7
82.5.4 (04-03-2009):
9 * fix for incorrect input check in SRP implementation (discovered
10 by Thomas Ptacek)
11 * option KernelCheckPCI to switch off check of PCI expansion ROMs
12
132.5.3 (25-02-2009):
14 * disable dnmalloc on MacOS X, doesn't work properly
15 * stat -> lstat in sh_unix_file_exists (OS X nameforks, report
16 by David)
17 * Fix problem in standalone trustfile, does not work correctly on
18 group-writeable files (reported by David).
19 * Option SetThrottle to throttle throughput for db download
20 * Option SetConnectionTimeout to configure the client connection
21 timeout configurable
22 * Provide getrpcbynumber, getservbyname implementations
23 to avoid dependencies with static linkage
24 * Fix missing sh.host.(system|release|machine) on FreeBSD,
25 reported by D.Lowry
26 * New option SetMailPort to allow setting of SMTP port (patch
27 by lucas sizzo org)
28 * allow POSIX regexes for filters
29 * consolidate filtering code from sh_extern.c, sh_(n)mail.c
30 * rewrite mail subsystem to allow individual filtering
31 for recipients
32 * allow shell expansion for values of config file options
33 * allow list as value for option PortCheckInterface
34 * fix bug in trustfile.c (with slapping on "/../" for symlinks)
35 * lock baseline database upon writing
36
372.5.2b (29-01-2009):
38 * turn warnings into errors in the compile test suite
39 * fix missing define in sh_portcheck.c to eliminate compiler warning
40 (reported by joerg)
41
422.5.2a (26-01-2009):
43 * fix problem building deb package (bit rot; reported by joerg)
44
452.5.2 (22-01-2009):
46 * samhain.c: report module failure with positive offset
47 * sh_database.c: parse numerical fields into ulong
48 * fix regression test script for postgresql
49 * fix regression test script for SELinux/ACL test
50 * fix reporting of user for open ports to prelude
51 * report process pid for open ports
52 * replace _exit() by raise(SIGKILL) b/o pthread problem
53 * new option LooseDirCheck ([false]/true), request by
54 Alexander
55 * improved help output of samhain_stealth (as suggested
56 by Michael Athanasiou)
57 * new option ProcessCheckIsOpenVZ ([false]/true)
58
592.5.1 (07-12-2008):
60 * workaround for freebsd7 amd64 lossage (compiler toolchain,
61 no mmap to 32bit address space)
62 * samhain-install.sh: check for presence of stealth_template.ps
63 before trying to create it
64 * use -Wno-empty-body if supported to suppress warnings about
65 glibc pthread_cleanup_pop implementation
66 * fix text relocations for i386 in src/sh_tiger1.s
67 * implement server->client SCAN command to initiate file check
68 * implement @if / @else conditionals with more tests in config file
69 * new option SetDropCache to drop checksummed files from cache
70 * report process/user for open ports on FreeBSD (code
71 lifted from FreeBSD sockstat.c)
72 * fix for config reload issue with stealth mode (reported by
73 siim)
74 * add -fstack-protector flags to LDFLAGS
75 * cygwin fix: don't use dnmalloc, doesn't work with pthreads
76 * cygwin fix: make trust check in samhain-install.sh return zero
77 * improved diagnostics for file read errors
78 * fixed script permissions (754 -> 755), reported by Christoph
79 * constness patch by Joe MacDonald
80 * GnuPG key ID patch by Jim Dutton
81 * sh_kern.c: more error checking for reads from kernel
82
832.5.0 (01-11-2008):
84 * dnmalloc.c: fix inconsistent chunksize on 64bit systems
85 * fix improved error reporting for failed fstat in checksumming
86 * report process/user for open ports (Linux only currently)
87 * fix deadlock on exit in sh_hash_init()
88 * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore)
89 * log monitoring support
90 * fixed constness in trustfile interface
91 * remove libprelude 0.8 support (obsolete)
92 * sh_forward.c: increase TIME_OUT_DEF to 900 secs
93 * dnmalloc.c: initialize rc in dnmalloc_fork_child(),
94 reported by B. Podlipnik
95
962.4.6a (09-10-2008):
97 * fix compile problem on Fedora 9 (reported by pierpaolo),
98 'struct ucred' in sh_socket.c requires _GNU_SOURCE
99
1002.4.6 (27-08-2008):
101 * fix compile failure on win2k/cygwin (sh_unix_mlock prototype),
102 reported by jhamilton
103 * fix potential deadlock with dnmalloc upon fork()
104 * fix non-portable use of 'hostname -f' in regression test suite
105 (reported by Borut Podlipnik)
106
1072.4.5a (18-08-2008):
108 * fix compile problem in dnmalloc.c (remove prototypes for
109 memset/memcpy), problem reported by Juergen Daubert
110
1112.4.5 (07-08-2008):
112 * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10
113 bails out on a chmod on a dangling link
114 * fix bug in check_samhain.pl nagios script (J.-S. Eon)
115 * use the UNO static checker
116 * compile as position independent executable (PIE)
117 * handle EINPROGRESS error (Windows/cygwin issue)
118 * make sure every function uses less than one page of stack
119 (proactive security against gap jumping, Gael Delalleau)
120 * use dnmalloc instead of system malloc
121 (proactive security against heap buffer overflows)
122 * fix dnmalloc bugs and portability problems
123 * check for compressBound, since older zlibs don't have it
124
1252.4.4 (30-04-2008):
126 * sh_database.c: fix maximum size of sql query string, maximum
127 size of strings in struct dbins_
128 * sh_hash.c: fix maximum size of message string
129 * fix typo in the base64 decoder
130 * fix 'make cutest' for parallel compiling
131 * fix compile warnings with -Wstrict-prototypes
132 * sh_static.c: override getgrgid, getpwuid for libacl
133 * fix more warnings about variables clobbered by 'longjmp'
134 or 'vfork' (due to library internal handling of mutexes)
135 * fix configure warning about unused datarootdir
136 * configure.ac: warn, but accept nonexistent tmp dir
137 (Problem reported by Brian)
138 * sh_unix.c: undef P_ALL, P_PID, P_PGID before including
139 sys/wait.h (compile problem reported by Reputation)
140 * syslog function tested ok with Syslog Fuzzer v0.1
141 by Jaime Blasco (c) 2008
142 * slib.c: call fflush when writing trace to file
143 * sh_readconf.c: don't set OnlyStderr to false if gpg (problem
144 reported by Irene Reed)
145 * fix unconditional removal of pid file in atexit handler (bug
146 reported by Brian)
147 * fix invalid free() in sh_unix_checksum_size()
148 * sh_processcheck.c: workaround for stupid OpenBSD bug (returns
149 ENODEV instead of EAGAIN, because fgetc does
150 fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem
151 reported by Roman R.
152 * fix buf that cause incomplete reporting of modified symlink if
153 symlink has changed and both old and new paths are >48 bytes
154 * fix bug that prevented mount check from running in one-shot mode
155 * enable mount check for openbsd
156 * fix processcheck default options and test script for openbsd
157 * option --list-file to list content of file (if saved)
158 * sh_tools.c: use strcasecmp in reverse lookup since DNS is case
159 insensitive (bug reported by Phil)
160 * fill content if MODI_TXT, zlib compress, base64 encode and add
161 as link_path in sh_unix.c; add to report in sh_hash.c
162 * testsuite: add test for gpg fingerprint option
163 * sh_extern.c: add 'CloseCommand' for syntactic sugar,
164 add in testsuite
165
1662.4.3a (12-02-2008):
167 * fix compile error caused by open() with O_CREAT and no third argument
168 (reported by J.-S. Eon)
169
1702.4.3 (31-01-2008):
171 * sh_kern.c: don't require asm/segment.h for kernel check module
172 * use global var with pid of initial thread instead of getpid(),
173 since LinuxThreads returns different value in each thread (problem
174 reported by Steffen Mueller)
175 * sh_kern.c: no inode check for pci rom (creates spurious messages)
176 * slib.c: eliminate prototype for vsnprintf (compile problem reported
177 by eddy_cs)
178 * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS)
179 (reported by Matthias Ehrmann)
180
1812.4.2 (17-01-2008):
182 * fix broken option --with-checksum (reported by halosfan),
183 regression test added
184 * change HP-UX default optimization to +O2 since +O3 breaks
185 cutest unit testing framework
186 * put result vector of rng in skey struct
187 * fix more compiler warnings, and a potential (compiler-dependent)
188 NULL dereference in the unix entropy collector
189 * fix some compiler warnings
190 * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead
191 of -fstack-protector
192 * always add PTHREAD_CFLAGS to LDFLAGS
193 * sh_tiger0.c: checksum functions return length of file hashed,
194 needed to fix GrowingLogfile bug (researched by
195 siim at p6drad dash teel dot net)
196 * sh_static.c: fix more 'label at end of compound statement'
197 (SH_MUTEX_UNLOCK closing brace; reported anonymously)
198 * make sh_hash.c thread-safe
199 * remove plenty of tiny allocations
200 * improve sh_mem_dump
201 * modify port check to run as thread
202 * new option PortCheckSkip to skip ports
203 * fix unsetting of sh_thread_pause_flag (was too early)
204
2052.4.1a (28-11-2007):
206 * fix overwrite of ErrFlags (functionality bug)
207
2082.4.1 (26-11-2007):
209 * security fix: regression in the seeding routine for the PRNG
210 (detected by C. Mueller)
211 * regression test added for PRNG seeding routine
212 * fix problem with PCI ROM check (spurious messages about modified
213 timestamps, reported by S. Clormann)
214
2152.4.0a (08-11-2007):
216 * fix compile failure with --enable-static (reported by S. Clormann)
217 * fix potential deadlock if SIGHUP is received while suspended
218
2192.4.0 (01-11-2007):
220 * eliminate alarm() for I/O timeout (replaced by select)
221 * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r,
222 rand_r, strtok_r if available
223 * protect readdir(), getpwent(), gethostname() with mutexes
224 (readdir_r considered harmful)
225 * make checksum/hash, entropy, rng functions reentrant
226 * use thread-specific conversion buffer for globber()
227 * fixed compile problems and problems with test suite
228 * modify login watch to run as thread
229 * modify process check to run as thread
230
2312.3.8 (03-10-2007):
232 * new option PortCheckIgnore = interface:portlist
233
2342.3.7 (13-09-2007):
235 * Makefile.in: fix 'make deb' target, wrong name of config file
236 written to debian/conffiles (reported by marc)
237 * configure.ac: fix incorrect order of with-prelude, enable-static
238 (libprelude test was always without -static)
239
2402.3.6 (06-09-2007):
241 * added yuleadmin.pl script contributed by Riccardo Murri
242 * fix compile error with -f-stack-protector on some systems (reported
243 by marc); we now check for libssp
244 * fix local DoS attack on BSD systems lacking getpeereid() (reported
245 by Rob Holland).
246 * fix yulectl password reading from $HOME/.yulectl_cred, erroneously
247 rejected passwords with exactly 14 chars (reported by Jerry Brown)
248 * introduce 'fflags' flag for suid files to detect new files already
249 found in regular file check (problem reported by J. Crutchfield);
250 also add regression test to ascertain that files in baseline
251 database are not quarantined erroneously
252 * sh_hash.c: replace check for prefix 'K' with check for not prefix'/'
253 to allow for arbitrary module-specific store/lookup in db
254 * replace 'visited', 'reported', 'allignore' with generic 'fflags' field
255 * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if
256 port checking is used on same host as server (reported by kadafax)
257 * Install.sh: don't use --separate-output with non-checklist
258 widgets (problem discovered by D. Denton)
259 * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers
260
2612.3.5 (20-06-2007):
262 * sh_portcheck.c: try to tear down connections more gracefully
263 (request by S. Petersen)
264 * fix incorrect handling of files with zero size in GrowingLogFiles
265 (problem reported by S. Petersen)
266 * fix incorrect encoding of null checksums in stealth mode
267 * sh_hash.c: fix repeated printing of acl/attributes in database dump
268 * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and
269 useselinuxcheck are supported
270
2712.3.4 (01-05-2007):
272 * sh_processcheck.c: fix missing init of sh_prochk_res array before
273 check (leads to degrading functionality over time and 'fake pid'
274 warnings; reported by D. Ossenbrueggen and
275 soren dot petersen at musiker dot nu)
276 * sh_processcheck.c: fix memory leak
277 * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible
278 anymore? proc_root_inode.lookup != proc_root_lookup)
279 * sh_extern.c: flush streams before forking (problem if [Prelink]
280 used together with prelude logging, reported by M. deJong)
281 * fixed compilation of kern_head (regression cause by cross-compiling
282 fix; problem reported by S. Clormann)
283 * more typos fixed (reported by John Horne)
284
2852.3.3 (27-03-2007):
286 * fixed typos in configure.ac and manual (reported by John Horne)
287 * don't use mysql_options on x86_64, since libmysql is broken
288 * fixed cross-compiling (patch by Joe MacDonald)
289 * refactor sh_kern.c, sh_suidchk.c
290 * fix bug with leading slashes in linked path of symlinks within
291 the root directory
292 * sh_kern.c: check PCI ROM (Linux), refactor code
293 * move file descriptor closing more towards program startup
294 * kernel check: support OpenBSD 4.0 (wishlist)
295 * fix samhain_hide module (in-)compatibility with recent kernels
296 (reported by Jonny Halfmoon)
297
2982.3.2 (29-01-2007):
299 * fix regression in full stealth mode (incorrect comparison of
300 bytes read vs. maximum capacity), reported by B. Fleming
301
3022.3.1a (21-01-2007):
303 * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used
304 (reported by zeroXten)
305
3062.3.1 (21-01-2007):
307 * fix bug that may cause accidental closure of yule TCP socket
308 (problem reported by B. Masuda)
309 * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann)
310 * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump
311 (reported by B. Masuda)
312 * rm report.pl from rules.deb.in (reported by B. Masuda)
313 * samhainctl(): longer timeout (bad status reporting at startup,
314 reported by Phil and by Dan Track)
315 * sh_portcheck.c: make connect errors more descriptive
316 * sh_portcheck.c: fix ignored setting of PortCheckActive
317 * sh_processcheck.c: add statvfs, and wrap for EINTR
318 * sh_portcheck.c: add wrappers for EINTR
319 * report user and executable for hidden processes
320 * fix update failure if reportonlyonce = false (reported
321 by D. Strine)
322 * fix compile error in sh_portcheck.c (problem on cygwin
323 reported by J. D. Fiori)
324 * check filenames ending in space (also for utf8 spaces)
325 * check and escape csv formatted db listing
326 * cache results of sl_trustfile_euid()
327 * trustfile: use 4096 for MAXFILENAME, switch to strncpy
328 * CL option -v|--version for info on version and compiled-in options
329
3302.3.0a (01-11-2006):
331 * fix compile failure with portcheck + stealth (reported by lucas)
332
3332.3.0 (01-11-2006):
334 * fix concurrency for inserts in oracle db
335 * add acl_(new|old) to database schema
336 * check for selix attributes and/or posix acl
337 * new option UseSelinuxCheck (bool)
338 * new option UseAclCheck (bool)
339 * regression tests for above
340 * add module to check for open ports
341 * add module to check processes (hidden/fake/missing)
342 * use const char* for argument of module configuration callbacks
343
3442.2.6 (31-10-2006):
345 * fix missing support for MacOX X init script (reported
346 by Daniel Kowalewski)
347 * fix error about non-readable file with no checksum required
348 * fix server warning about 'no server name known'
349 * fix 'make deb' makefile target
350 * fix default export severity for server
351
3522.2.5 (05-10-2006):
353 * fix broken Install.sh, reported by Alexander Kraemer
354 * workaround for glob(3) sillyness on MacOS X (reported by David)
355 * fix for broken resorce fork check (reported by David)
356 * fix for broken compilation on cygwin (reported by Elias)
357
3582.2.4 (03-09-2006):
359 * add regression test for the GrowingLogFiles issue to test suite
360 * fixed sh_unix.c: bug in database init if GrowingLogFiles used
361 with signed database (reported by Timothy Stotts)
362 * bug in manual fixed (incorrect documentation of --enable-user,
363 noticed by M. Brown)
364 * rc.subr compatible init script for FreeBSD/NetBSD
365 * improve routine to find rpm after build
366 * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip)
367 * fix error in manual (location of lock file)
368 * fix bug with SuidExclude (files in directory were still checked)
369
3702.2.3 (31-07-2006):
371 * fix samhainadmin.pl: check for gpg-agent running if use-agent is set
372 (ticket #28 by anonymous)
373 * fix stealth mode (regression in parser), problem reported by
374 Joschi Kuphal
375 * fix minor typo in sh_database.c (compile problem reported by
376 Joschi Kuphal)
377
3782.2.2 (17-07-2006)
379 * minor fixes for regression test scripts
380 * minor updates to the manual (suggested by Brian A. Seklecki)
381 * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+
382 (problem reported by Leonhard Maylein)
383 * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM
384 is not defined
385
3862.2.1c (11-07-2006)
387 * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early
388 (Solaris 8 build failure reported by Jesse)
389 * fix sh_unix.c: wrong prototype for sh_unix_mlock()
390 if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by
391 Jonathan Kaufman)
392
3932.2.1b (20-06-2006):
394 * fix compile error on SuSE 10.1 (reported by Leonhard Maylein)
395
3962.2.1a (15-06-2006):
397 * fix compile error on i686/MacOS X (reported by Andreas Neth)
398
3992.2.1 (13-06-2006):
400 * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808)
401 * fix compiling with Oracle (noticed by Colapinto Giovanni)
402 * fix configure.ac for most recent autoconf version
403 (debian bug #369503)
404 * fix a regression that would make impossible local updates w/clients
405 * fix a few missing '\n' in sh_getopt.c
406 * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem
407 * fix Solaris package creation
408 * recognize Solaris doors and event ports
409 * fix the idmef_inode_t patch: provide required info to avoid stat()
410 * fix bug on database update: fill in dev and rdev fields
411 * fix get_file_infos() in sh_prelude.c: avoid premature return
412 * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK
413 * deploy.sh: allow to set a group for hosts upon installation
414 * patch by Yoann: fix an issue when setting the idmef_inode_t object
415 * fix memory leaks in error paths in sh_prelude.c
416 * fix concurrent inserts with postgres in sh_database.c
417 * code cleanup
418 * fix manual version in spec file, first noticed by Imre Gergely
419
4202.2.0 (01-05-2006):
421 * patch by Jim Simmons for samhainadmin.pl.in
422 * fix testsuite portability problems
423 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700
424 * fix potential NULL dereference in sh_utmp_endutent()
425 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)
426 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)
427 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)
428 * fix bug in sh_utils_obscurename (check isascii)
429 * scan h_aliases for FQDN if h_name is not
430 * add copyright/license info to test scripts
431 * add copyright/license info to deployment system scripts
432 * support server-to-server relay
433 * new CL option --server-port
434 * minor improvements in manual
435 * patch by Yoann Vandoorselaere for sh_prelude.c
436 * allow --longopt arg as well as --longopt=arg
437 * verify checksum of growing log files (up to previous size)
438 * rewrite of the test suite
439 * added a bit of unit testing
440 * minor optimizations in various places
441 * optimized implementation of tiger checksum algorithm
442 * read in 64k blocks (faster than 4k)
443 * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux
444 file attribute code
445 * kern_head: fix compilation of kernel check module on OpenBSD
446 * updated samhainrc.linux, samhainrc.freebsd
447 * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..)
448 * sh_files.c: fix missing use of flag_err_info
449 * sh_tiger0.c: remove repetitive use of mlock
450 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
451 add function sl_read_timeout_prep
452
4532.1.3 (13-03-2006):
454 * fix compile problem in slib.c (reported by Lawrence Bowie)
455 * fix bug with combination of one-shot update mode and file check
456 schedule (reportedby Dan Track)
457 * improved the windows howto according to suggestions by
458 Jorge Morgado
459 * fix samhain_hide kernel module for new linux kernel versions
460 * fix minor problem with dead client detection (problem reported
461 by Michal Kustosik)
462
4632.1.2 (10-01-2006):
464 * fix startup error with combination of gpg+prelude
465
4662.1.1a (22-12-2005):
467 * fixed a stupid bug in sh_files.c (break if file = dir)
468
4692.1.1 (21-12-2005):
470 * sh_calls.c: protect sh_calls_set_bind_addr against overriding
471 * comINSTALL, updateDB: use locking
472 * samhainadmin.pl: use locking
473 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts)
474 * improve zAVLSearch (remove redundant strcmp)
475 * use AVL tree in sh_files.c instead of linked list (better scaling)
476 * fix bug with suidcheck (no update/check in one-shot mode with
477 schedule instead of check interval; noticed by R. Rati)
478 * fix for problem with '-t update -i' if daemon mode (problem report
479 by Peter van der Does)
480 * fix for bug in sh_util_ask_update (two returns were required ...)
481
4822.1.0 (31-10-2005):
483 * minor fix for cross-compiling with --with-kcheck
484 * sh_forward.c: handle bad fds in the select() fd sets
485 (reported by hmy)
486 * sh_extern.c: fix debugging code
487 * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME
488 (reported by Gabor Kiss)
489 * makefile.in: fix for solaris package creation
490 * sh_mail.c, sh_readconf.c: mail filtering options
491 * sh_database.c: Oracle reconnect on connection failure
492 (bug report by Alexander A. Sobyanin)
493 * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable
494 (problem reported by Peter)
495 * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix
496 * fixes for gcc 4.0.2 compiler warnings
497 * ability to use daemon mode together with update
498 (wishlist Yoan Vandoorselaere)
499 * fixes for debugging
500
5012.0.10a (22-08-2005):
502 * fix for overlapping directory check specification (reported by Bub)
503
5042.0.10 (21-08-2005):
505 * fix for segfault (free() on a constant string) with libprelude
506 (problem reported by Grae Noble)
507 * upgrade FreeBSD kernel check to 5.4, minor fixes
508 * useful script for users of Linux kernel check
509 (contributed by marc heisterkamp)
510 * documentation improvements (suggested by Brian Seklecki and Robby)
511
5122.0.9 (25-08-2005):
513 * samhain_erase.c: add #define for NULL
514 * sh_suidchk.c: fix incorrect use of escaped filename
515 * sh_prelude.[ch], sh_readconf.c: configurable mapping from
516 samhain severity to prelude severity
517 * sh_unix.h: second arg of gettimeofday should be NULL
518 * sh_files.c: fix checking of directory special file (use specified
519 policy, not that of parent dir, problem found by Brian A. Seklecki)
520 * sh_entropy.c: longer timeout for entropy collector
521 * sh_socket.c, sh_forward.c: allow probing of clients for
522 necessity of configuration reload
523 * yulectl: minor fixes, option -v (verbose), new command PROBE
524 * fix 'File not found' messages for files flagged with IgnoreMissing
525 * sh_database.c: strip newline from oracle error messages
526 * sh_files.c: fix rsrc fork issue with MacOS X Tiger
527 (reported by A. Koren)
528 * never compute checksum if not checked (problem report by D.Hughes)
529 * sh_prelude.c: cleanup and bugfix by Yoann
530 * sh_hash.c: for prelude, make sure mode is supplied with user/group
531 and vice versa
532 * sh_prelude.c: provide proper FileAccess objects (bug
533 report by Mihai Ilinca)
534
5352.0.8 (03-07-2005):
536 * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than
537 $LIBPRELUDE_CFLAGS (bugfix by Yoann)
538 * samhain.spec.in: remove support for chkconfig (it's too buggy).
539 Strangely, if invoked as install_initd it behaves sanely ...
540 * src/sh_err_log.c: fix key input (this time for real)
541 * fix --with-altlogserver (bug from 2.0.7b)
542 * remove server socket in start/stop script
543
5442.0.7e (not released):
545 * Makefile.in: introduce a total of 6 sec delay for 'make' utilities
546 that use 1 sec resolution, and consider target out-of-date if
547 timestamp(target) = timestamp(dependency) ...
548 * src/sh_err_log.c: fix key input
549 * another fix for yulectl (use pwent->pw_dir)
550 * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH
551
5522.0.7d (not released):
553 * one more fix for the spec file (stupid rpm finds tags in comments!!!)
554
5552.0.7c (not released):
556 * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH
557 * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes
558 * samhain-install.sh.in: fix test -z $verbose
559 * sh_hash.c: speedup database reading
560 * Makefile.in: fix the problem that BSD make would make too much
561 * deploy: yulerc.clients -> yulerc.install.db, provide
562 $defdatabase for backward compatibility
563 * deploy: allow for comma in client_install_date
564
5652.0.7b (not released):
566 * hp_ux.psf.in: fix psf file
567 * dsys/comINSTALL: fix $yule_date -> $yule_data
568 * Makefile.in: fix 'make depot'
569 * sh_tools.c, sh_unix.c: fix detection of open file limit
570 * sh_readconf.c: reset read_mode after reading conf file
571 * yulectl.c: better error messages, use homedir from getpwuid(geteuid)
572 * init/samhain.startLSB.in: fix misleading message in lsb init script
573 * sh_forward.c: better display for nonce u in debug mode
574 * sh_tiger*.c: fix checksum for HP-UX 64bit
575 * samhain.c: don't fetch database twice
576 * configure.ac: accept nodename for --with-logserver=...
577 * samhain_setpwd.c: return proper exit status for samhain_setpwd
578 * respond to SIGTERM on initializing
579 * fix problems with samhainadmin.pl
580 * sh_utils.c: fix bug with AddOKChars (found by Karol)
581
5822.0.7a (not released):
583 * remove 'df' from entropy gatherer (NFS may hang)
584 * modify va_copy check (doesn't work with HP-UX PA64 compiler)
585 * fix compile warnings in sh_database.c
586 * samhain-install.sh.in: check for /usr/bin/false in /etc/shells
587 * fix install-boot on HP-UX
588 * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE
589
5902.0.7 (11-06-2005):
591 * yet another fix for the spec file (use internal dependency generator)
592 * sh_error.c, sh_prelude.c: init libprelude after open fds are closed
593 * error message if queue is full
594 * fix two compiler warnings on HP-UX
595 * fix sh_mail.c for Interix (no resolver routines)
596 * fix sh_unix_initgroups2() if no initgroups() function (bug reported
597 by Geries Handal)
598 * remove references to 'struct timezone' (Interix; problem
599 reported by Geries Handal)
600 * init/stop for prelude on SIGHUP
601 * sh_cat.h: fix a stupid bug with messages classes
602 * manual: new section on nagios (with help from kiarna),
603 more on prelude
604 * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere)
605 * default prelude profile name now is 'samhain' (lowercase)
606 * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere)
607 * remove obsolete check for linux/module.h, linux/unistd.h
608 * remove dependency on virtual/glibc in gentoo ebuild
609 (problem reported by Willis Sarka)
610
6112.0.6 (01-03-2005):
612 * sh_prelude.c, configure.ac, aclocal.m4: support for
613 libprelude 0.9 (Yoann Vandoorselaere)
614 * sh_html.c: fix bug with entry.html template (reported by
615 Stephane Sanchez)
616 * Install.sh: fix mandir option (reported by Rodney Smith)
617 * Fixed Linux/64bit bug in definition of EUIDSLOT
618 * New targets 'make depot', 'make depot-light' (HP-UX, untested)
619 * Use sstrip for RPMs and DEBs (automatic stripping disabled)
620 * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al.,
621 problem noticed by Yoann Vandoorselaere)
622 * Modify samhain.spec.in to disable automatic stripping upon install
623 * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb'
624 for '--with-khide' (problems reported by Mark)
625 * Fix compile error in sh_tools.c on HP-UX 10.20
626 (problem reported by Dennis Boylan)
627 * Runtime configuration of server listening port (wishlist)
628 * Runtime configuration of server listening interface (wishlist)
629 * Ignore SIGTTIN (consistency)
630 * Use SIGTTOU to force file check (wishlist)
631
6322.0.5b (01-04-2005):
633 * Fix build problem b/o timestamp on stamp file
634
6352.0.5a (16-03-2005):
636 * Fix problem with 'make rpm' (reported by Dirk Brümmer)
637
6382.0.5 (02-03-2005):
639 * Fix bug with partial reads from clients in server
640 (bug report by Brian)
641 * Support gpg checksum bootstrap with yule
642 * Support mount option check on HP-UX
643 * For MAIL FROM, use 'example.com' as domain part if
644 hostname is numeric (problem reported by Eric Raymond)
645 * The HOWTO-write-modules has been updated.
646 * Convenience functions to insert data in database have been
647 added.
648 * Use int0x03 only on i386 in sh_derr() (portability problem
649 reported by John Mandeville)
650
6512.0.4 (09-02-2005):
652 * Fixed broken 'make deb' (problem report by olfi)
653 * Fixed minor bug in test scripts (detection of gmake vs. make)
654 * Fixed Tru64/OSF compile warnings (reported by B. Terp)
655 * Normalize list parsing to allow comma, space, and tab as separators
656 * Some more descriptive error messages in kern_head.c
657 * Absolute path to utilities in init/samhain.startLinux.in
658 * Fixed is_root variable in deploy.sh
659 * Fixed 'deploy.sh info'
660 * Fixed 'deploy.sh install' client startup
661 * Fixed 'make tbz': don't remove ebuild scripts in 'make dist'
662 (issue reported by W. Sarky)
663
6642.0.3 (14-12-2004):
665 * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith)
666 * Fix missing sys/time.h include in slib.c (reported by Jonas)
667 * Workaround for file closing problem with Prelude+GPG
668 * Fixed memory leak with Prelude.
669 * Fixed bug in samhain_stealth (PGP signature not correctly
670 retrieved from hidden configuration; report and patch by V. Tuska)
671 * Added Perl script to concatenate file signature database files
672 * Fix compile error with combination of --enable-nocl and
673 --enable-stealth (reported by Zdenek Polach)
674 * Fix bug in dsys/initscript with --enable-nocl
675 * Fix declaration of sh_kern_timer()
676 * Fix missing Mounts+Userfiles options in appendix of manual
677 * Updated the README (bug report by H. Franzke)
678 * Fix some compiler warnings
679
6802.0.2a (09-11-2004):
681 * Fixed OoM condition when client rc file not found (reported by Eilko)
682
6832.0.2 (08-11-2004):
684 * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code)
685 * Fixed uninitialized variable in sh_mail_msg() (problem reported
686 by Michael Milvich)
687 * Fixed potential NULL pointer dereference in sh_hash_compdata()
688
6892.0.1 (01-11-2004):
690 * Fixed compilation bug reported by jue (--with-kcheck broken).
691 * Fixed start option (bug reported by sanek). Behaviour wrt.
692 environment variables depended on the way the daemon was started.
693
6942.0.0 (31-10-2004):
695 * The deployment system has been rewritten from scratch in
696 a cleaner and more modular and extensible way. Deployment
697 of native packages is supported now.
698 * The build system has been revised. Building outside the source
699 directory is supported now.
700 * Support for checksumming of prelinked executables / libraries
701 has been added.
702 * The configure script now checks for the SSP/ProPolice patch in GCC,
703 and enables it if present.
704 * The install-boot option in samhain-install.sh has been fixed
705 (use absolute paths for sbin utilities).
706 * A nagios plugin (scripts/check_samhain.pl) has been added.
707 * The LSB (Linux Standard Base) init script has been fixed (the output
708 was incorrect).
709 * Fetching of built binary packages has been
710 fixed ($(PACKAGE)->@install_name@).
711 * For files in proc, the timeout has been reduced, and no error
712 messages are issued upon timeout.
713 * A function has been added to print out full details for missing
714 files if encountered while in sh_files().
715 * The reporting for SuidCheck has been fixed (incorrect policy
716 noticed by JiM).
717 * On Linux, SuidCheck does not report on files marked as candidates
718 for mandatory locking (group-id bit set, group-execute bit cleared).
719 * Fix for oracle init script (by Matt Warner)
720
7211.8.12b (11-10-2004):
722 * fix bug in MSG_MSTAMP (%ld -> %lu)
723 * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL,
724 mkdir mode for quarantine directory
725 * fix the fix for modlist_lock search in System.map
726
7271.8.12a (01-10-2004):
728 * fix bug in samhain-install.sh.in (only occurs on Solaris), reported
729 by J. Roland
730
7311.8.12 (27-09-2004):
732 * fix compile bug with --enable-static + --with-database=postgresql
733 * fix search for modlist_lock in System.map
734 * password auth for yule command socket (request by D. Kocic)
735 * more info about pending/sent commands to clients
736
7371.8.11 (30-08-2004):
738 * fix static linking on Linux by use of replacement routines from
739 uClib - however, this means, there is no NIS support anymore
740 * new option AddOKChars=... to modify the set of characters for
741 filenames considered 'obscure'
742 * new option HardlinkOffset=... to specify an offset from the canonical
743 hardlink count for a directory
744 * fix some warning with HP 11.23 native compiler
745 * fix minor OpenBSD portability problems (EIDRM, compiler warning)
746 * samhainrc.5, samhain.8: updated the man pages
747 * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name'
748 for AllIgnore
749 * sh_kern.c: fix 'update' to display modifications
750 * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized
751 fields)
752 * stealth kernel modules: fix for linux 2.6, fix
753 redefine of KERNEL_VERSION
754 * warn about stealth kernel module problem with 2.6 in manual
755 * sh_unix.c: remove some cruft
756 * fix a typo in the manual (noticed by J. Rubin)
757 * configure.ac: re-order output from libprelude-config (required
758 for static linking - problem reported by E. Neber)
759 * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel
760
7611.8.10b (13-07-2004):
762 * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported
763 by Pat Smith)
764
7651.8.10a (13-07-2004):
766 * depend-gen.c: fix for FreeBSD 'make' which does not understand
767 the dependencies ... (problem reported by David Thiel)
768
7691.8.10 (13-07-2004):
770 * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy
771 (bug report by VZoubkov)
772 * fix some warnings (unreachable statement) with HP-UX native compiler
773 * kern_check.c: silence warning about 'sendfile' for 4.10
774 (noticed by Ryan Beasley)
775 * modify depend-gen.c to ignore sh_gpg_chksum.h
776 * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h)
777 * .. and for fingerprint
778 * sh_suidchk.c: fix some compiler warnings on solaris
779 * allow commas to separate multiple entries in a RedefXXX= directive
780 * replace sleep/usleep with nanosleep wrapper function
781 * replace alarm() for read timeout with select() in sl_read_timeout
782 (should fix bug reported by Scott Kelley)
783 * increase lstat/open timeout to 6 sec
784
7851.8.9 (16-06-2004):
786 * made 'no action specified' error message more informative
787 (suggested by Stephen Gill)
788 * fix memory leak in mysql sh_database_query() (bug report by Dejan)
789 * remove some cruft from the code
790 * sh_files.c: check MacOS X resource forks (idea from Osiris)
791 * sh_files.c: no hardlink check for MacOS X
792 * sh_util_ask_update: fix bug with no terminal in non-interactive mode
793 (report and debug data by Kris Dom)
794 * manual refactored
795 * fix redundant messages when updating with suidcheck
796 * allow interactive update for suid files
797 * don't remove the TZ environment variable to guard against
798 misconfigured hosts
799 * also use gethostname if uname returns possibly truncated name
800 * fix improper file descriptor handling in sh_mail.c (bug report
801 by Alex Weiss)
802 * cleanup MBLK cruft
803 * use SH_ALLOC/SH_FREE in sh_prelude.c
804 * update sstrip to Version 2.0
805
8061.8.8 (25-05-2004):
807 * fix compilation problem on AIX 5.2 (nameser_compat.h; report by
808 Tim Evans and Ian McCulloch)
809 * don't check for trusted paths on Cygwin
810 * add Windows HOWTO written by Kris Dom
811 * kern_check.h: extend FreeBSD syscall table for 5.x
812
8131.8.7a (03-05-2004):
814 * sh_mail.c: fix subject length
815 * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom)
816 * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug
817 (compile problem reported by Kris Dom)
818
8191.8.7 (01-05-2004):
820 * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing
821 empty mails (introduced with segfault fix in 1.8.6, report
822 by Kris Dom)
823 * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal,
824 try to reopen on controlling terminal if not
825 * sh_utmp.c: fix order of options (problem report by Uri)
826 * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop
827 (may cause segfault on null dereference for missing files)
828 * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type,
829 sh_unix_getinfo_attr)
830 * don't use dh_installmanpages in 'make deb' (samhain/yule conflict
831 reported by xavier)
832 * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c
833 (suggested by Kris)
834 * include nameser_compat.h in sh_mail.c (for MacOS X,
835 suggestion by jna)
836 * sh_utmp.c: fix time for logout events (reported by Erich
837 van der Velde)
838
8391.8.6 (15-04-2004):
840 * add CL option to set threshold for prelude and RDBMS
841 * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer
842 dereference; reported by Micha Silver)
843 * fix compiling with --disable-encrypt (reported by Pat Smith)
844 * fix minor problem in scheduler (don't return before all schedules
845 are tested, to set last_exec correctly)
846
8471.8.5 (05-04-2004):
848 * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD
849 problem (endless loop; report and debugging aid by Joe MacDonald)
850 * fix hardlink check (null dereference in error message, segfaults
851 on solaris - noticed by Bob Bloom)
852 * sh_suidcheck: don't truncate quarantined file if nlink > 1
853 * fix Install.sh (no --seperate-output with --radiolist); patch by
854 Greg Kimberly
855
8561.8.4 (17-03-2004):
857 * add Prelude patch by Patrice Bourgin
858 * add license statement to sh_mounts.c, sh_userfiles.c after
859 receiving a clarifying e-mail from Cian Synnott
860 * support UsePersistent = no for Oracle (problem spotted and fix
861 tested by Michael Somers)
862 * fix bug in samhainadmin.pl
863 * sh_gpg.c: describe type of gpg error (if any)
864 * fix persistent connections with postgresql (reported by
865 Erwin Van de Velde)
866 * prelude: local 'meaning' shadows global in sh_prelude_alert
867 (spotted by David Maciejak)
868 * uname: workaround for cases where nodename would be a possibly
869 truncated FQDN (problem reported by Cian Synnott)
870 * re-write parts of sh_kern.c, store kernel info in baseline database
871 -> no need to recompile after kernel upgrade
872 * modify timeouts in sh_unix_getinfo, add timeout warning
873 * change handling of dangling symlinks (store in db)
874 * fix typo with MSG_FI_OBSC2 (double slash)
875 * remove redundant operation in sh_utils_safe_name
876 * fix occasional random start bytes of long messages in
877 sh_error_string (sl_strlcat -> sl_strlcpy)
878 * provide details for missing files (as for added files)
879 * remove duplicate message for no such group/user
880 * add fixes for samhain.oracle.init (supplied by Michael Somers)
881 * fix date insertion for Oracle (fix by Michael Somers)
882 * manual: fix incorrect statement about RPM (noticed by
883 Lars Kellogg-Stedman)
884
8851.8.3 (02-02-2004):
886 * add a HOWTO-client+server-troubleshooting document
887 * fix another bug with SIGUSR2 (suspend mode)
888 * new option SetBindAddress (--bind-address=...) to force
889 interface for outgoing connections on multi-interface box
890 * don't link against libgmp if not required (i.e. standalone)
891 * test for ext2fs/ext2_fs.h or linux/ext2_fs.h
892 * new make targets 'emerge' and 'tbz2' for gentoo
893 * update rules.deb.in based on the Debian package
894 by Javier Fernandez-Sanguino
895 * updated config.guess, config.sub to version 2002-09-05
896 * external command: report failure only once
897 * console: reset failure status after success
898 * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility
899 * use persistent connection to database by default
900 * option UsePersistent=no to switch off persistent connection
901
9021.8.2 (19-01-2004):
903 * sh_userfiles.c: new option UserfilesCheckUids (requested)
904 * sh_error.c: server: don't log to logfile before dropping root
905 * new script scripts/samhainadmin.pl (administrative tasks for
906 signed config/database files)
907 * add changes code to log_msg for reports on modified files
908 * change default log threshold to 'mark', as 'none' tends
909 to confuse new users
910 * faster response time for SIGUSR2
911 * revised (mostly backward-compatible) message classes
912 * fix missing check of mailTime in server select loop
913 * add support for libprelude (version 0.8.10)
914 * fix format for MSG_E_GRNULL (reported by Stefan Hudson)
915 * fix Bourne shell incompatibility (export) in samhain-install.sh
916 (first reported by David Thiel)
917 * fix typo in spec file (first reported by Christian Vanguers)
918 * remove some cruft (signal handler, memory handling)
919 * return from sigterm handler, rather than exit directly
920 (re-entrancy problem causes more problems than it's worth)
921
9221.8.1 (03-12-2003):
923 * fix gmp detection (problem pointed out by Nix)
924 * fix/improve the error message if test compiling with mysql fails
925 * new CL option --interactive for interactive db update
926 * fix some compiler warnings from IRIX MIPS compiler
927 * kern_head.h, kern_head.c: option to disable IDT check
928 * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6)
929 * sh_utmp.c: count number of logins (request by Erwin Van De Velde)
930 * change username -> userid, remove (long) userid (bug noticed
931 by Erwin Van De Velde)
932 * emit ADDED message for new SUID/SGID files
933 * add trailing slash to excluded directory if there is none
934
9351.8.0a (04-11-2003):
936 * sh_error.c: remove two debug printf's
937
9381.8.0 (31-10-2003):
939 * manual: make ps file fit on both a4 and letter paper
940 * sh_socket.c, sh_socket.h, sh_forward.c: socket interface
941 to send (quit/reload) commands to clients
942 * sh_forward.c, configure.ac: enable build with libwrap
943 (Wietse Venema's TCP Wrappers library)
944 * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c:
945 new option to suppress messages for new and/or deleted files
946 * samhainrc.aix5.2.0: contributed by Christoph Kiefer
947 * samhain.c: fix compile warning on solaris (noticed by Ian Hunt)
948 * sh_database.c: undef debug code for oracle
949 * samhain.oracle.init: contributed by Joern Michael Krueger
950 * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c,
951 sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h:
952 check-mounts and userfiles modules contributed by eircom.net
953 * sh_utils.c: fix off-by-one bug in sh_util_compress()
954 * sh_forward.c, sh_tools.c, configure.ac:
955 version 2 client/server protocol
956 * sh_mail.c: add %S to include severity in subject (user request)
957 * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD
958 * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline
959 for --enable-ptrace
960 * samhain.c: lower priority for 'uninitialized module' message
961 * sh_entropy.c: lower priority for message if /dev/random blocks and
962 /dev/urandom is available
963 * improved error messages in sh_readconf.c
964 * print system error message for getpwuid, getgrgid
965 * fix missing module init after SIGHUP (noticed by Cian Synnott)
966
9671.7.12 (13-10-2003):
968 * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10)
969 thanks to bug reports by Jason Martin and Matthew P. Cox
970
9711.7.11 (01-09-2003):
972 * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h:
973 - change SIG_USR1 to switch between dbg on/off
974 - change SIG_USR2 to switch between suspend on/off
975 - fix CLT_ILLEGAL to actually work
976 - introduce new state CLT_SUSPEND
977 - force reauthentication after suspend
978 * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024
979 * sh_suidchk.c: better AIX fs detection (Christoph)
980 * sh_entropy.c: increase buffer size for unix entropy gatherer
981 (problem reported by D. Danielson)
982 * default config files: add lots of comments, list more options
983 * sh_error.c: set default severities to 'crit'
984 * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config
985 file syntax, issue warnings (triggered by C. Kiefer)
986 * Makefile.in: handle depend-gen errors more gracefully
987 * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens)
988 * configure.ac: workaround for mysql_config weird output
989 (reported by G. Faron)
990 * sh_unix.c, sh_tiger0.c: check IO limit during read of large files
991 * depend-gen.c: close streams before attempting to rename (Cygwin)
992 * Makefile.in: fail gracefully if depend-gen fails
993 * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER
994
9951.7.10 (27-07-2003):
996 * FreeBSD init script: define $pidfile (reported by D. Thiel)
997 * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2
998 * sh_schedule.c: fix bad array size
999 * samhain.c: fix pid_t <> int casts
1000 * sh_kern.c: fix repetitive messages
1001 * configure.ac: try to bootstrap if TIGER192 not supported by gpg,
1002 provide a detailed error message
1003 * configure.ac: try harder to locate mysql
1004 * docs/Changelog: retroactively add release dates, if known
1005 * sh_mail.c: fix potential message truncation in mailer
1006 * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable
1007 * sh_readconf.c: fix segfault (dereference of uninitialized pointer)
1008 if --with-gpg and --enable-stealth are used together (reported
1009 by Anthony Caetano)
1010 * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive
1011 error messages (larger GLOB_LEN, stat fills aud_err_message)
1012
10131.7.9 (30-06-2003):
1014 * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory),
1015 problems with SIGABRT noticed by Brian and Alf B Lervåg
1016 * deploy.sh.in: fix some bugs (found by Alf B Lervåg)
1017 * scripts/chroot.sh: fix typo (found by Alf B Lervåg)
1018 * configure.ac (khide): search also for 'd sys_call_table' (noted by
1019 cuek_saja)
1020 * strip whitespace before checking gpg checksum (noted by D. Thiel)
1021 * manual (faq section): explain how to stop console output
1022 * Makefile.in: fix re-naming of yule with --enable-install-name
1023 * HOWTO-client+server.html: fix typo (noted by xavier renaut)
1024 * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1)
1025
10261.7.8 (28-05-2003):
1027 * sh_unix.c: new mlock implementation with reference count
1028 and page alignment (fix for solaris problem)
1029 * kern_head.c: search also for 'xxxxxxxx d sys_call_table'
1030 * sh_html.c: write status comment (for Beltane 2)
1031 * add CL option --delimited for comma-delimited signature database dump
1032 * sh_mail.c: check exit status of push_list to fix counting bug
1033 (bug reported by Alan Moore)
1034 * configure.ac: add error message to --with-libs
1035 * fix spelling of $DAEMON in init script (noted by C. Grigoriu)
1036 * fix missing initgroups()
1037
10381.7.7 (06-05-2003):
1039 * sh_forward.c: fix bug if compiled with --enable-udp, but disabled
1040 in config file (found by Andy OBrien)
1041 * sh_database.c: sh_database_entry(): size -> c_size (two places)
1042 to fix writing of '\0' to arbitrary places :(
1043 (problem pointed out by Stefan Giesen)
1044 * profiles/*/configopts: fix --with-base -> --enable-base
1045
10461.7.6 (24-04-2003):
1047 * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen
1048 * fix samhain_hide for the O(1) scheduler used by RedHat:
1049 configure.ac, acconfig.h: check for next_task in struct task_struct
1050 samhain_hide.c: use find_task_by_pid if no next_task in task_struct
1051 * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning
1052
10531.7.5 (15-04-2003):
1054 * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag
1055 * manual: point out the bmaxdata problem on AIX in faq section
1056 * trustfile.c: don't check symlinks (permissions of directory count)
1057 * sh_schedule.c: fix problem with daylight saving switchover
1058 * sh_samhain.c: close all open fd's >2 before reading the conf file
1059 * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing
1060 user
1061 * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error
1062 * sh_forward.c: place timestamp code before select() timeout handler
1063 * fix incorrect class of timestamp messages (conflict with manual)
1064 * sh_readconf.c, sh_forward.c: new config option SetStripDomain
1065 * configure.ac: add warning if /lib/modules/`uname -r`/build/include
1066 not found
1067 * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table
1068 address from System.map)
1069 * sh_err_syslog.c: fix for Solaris
1070 * samhain.spec.in: strip REQ_FROM_SERVER from config file install path
1071
10721.7.4 (21-03-2003):
1073 * configure.ac: fix bug in defargs (--with-base > --enable-base)
1074 * aclocal.ac: detect unsupported options
1075 * kern_check: add syscalls, skip unused syscalls
1076 * fix Manual (--enable.../--with... inconsistency)
1077 * add two HOWTOs (signed files, server/client)
1078 * moved manual into new subdirectory docs/
1079 * add admin scripts by S.Bailey/M.Redinger
1080 * option to have a version string in db file
1081
10821.7.3 (23-02-2003):
1083 * samhain-install.sh: use yule user key for signing on install
1084 * fix a bug in sh_err_console.c (attempted write to const char)
1085 * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg
1086 * Makefile.in: make target 'trustfile' depend on config.h
1087 * configure.ac: don't use install_name before it is defined ...
1088 * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2
1089 * samhain.c: make sure daemon cannot be forced into 'update' mode
1090 * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile)
1091
10921.7.2 (04-02-2003):
1093 * sh_kern.c: use sys_call_table address from System.map
1094 * fix for reserved SQL keyword 'group'
1095 * add AC_SYS_LARGEFILE to configure.ac
1096 * allow separate client-specific log files for server
1097 * sstrip.c: compile sstrip code only for i386
1098 * sh_unix.c: closeall: don't close trace file
1099 * slib.c: don't trace sl_is_suid (leads to recursion in trace handler)
1100 * samhain-install.sh.in: fix detection of LSB compliant systems
1101 * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks
1102 * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd
1103 (may block otherwise, for no good reason apparently ...)
1104 * samhain.spec.in: replace %configure with ./configure
1105 * sh_unix.c: re-write signal handling (use __malloc_hook et al. to
1106 check whether we are in the middle of a free/malloc/realloc/memalign)
1107 * sh_unix.c: use new safe_logger() function to log from signal handler
1108 * sh_err_log.c: fix xml
1109 *
1110 * fix Makefile.in to exit non-zero on compile failure
1111 * database init: create index on log_host, entry_status
1112 * sh_suidchk.c: fix path building
1113 * sh_tiger0.c: read larger blocks
1114 * sh_hash.c: cast inode to UINT32
1115 * sh_tools.c: check that config/database files size fits in uint
1116 * sh_error.c: export flag_err_debug to avoid unnecessary calls
1117 * sh_unix.c: save the open() call in sh_unix_getinfo_attr()
1118 * profiles/redhat_i386/bootscript: add # description field
1119 * deploy.sh.in: set owner + permissions for files in yule_filedir
1120 * profiles/debianlinux_i386: fix bootscript
1121 * Makefile.in: fix deploy file lists and targets (include init+scripts)
1122 * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE
1123 * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h)
1124 * sh_err_syslog.c: split long messages rather than truncating
1125 * sh_error.c: allocate msg to fix truncation limit
1126 * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited
1127 filedescriptors may exceed FOPEN_MAX, causing problems in
1128 sl_open_file)
1129 * sh_err_console.c: avoid stdio
1130 * trustfile: dirz: make swp[] static
1131 * slib.c: speed up sl_strlcat
1132 * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX)
1133 * remove some unused code
1134 * slib.c: support long long int in the snprintf replacement
1135 * configure.ac: new configure macro to check whether sa_sigaction works
1136 * Makefile.in: make sstrip, encode dependent on config.h
1137
11381.7.1a (08-01-2003):
1139 * fix a syntax error in samhain-install.sh.in
1140
11411.7.1 (07-01-2003):
1142 * search runlevel scripts in ./init or ./
1143 * handle all distro-specific Linux runlevel script issues
1144 within a single script
1145 * support install-boot on Yellow Dog Linux and Slackware
1146 * samhain-install.sh: fix a bug for unknown Linux
1147 ('"' not closed, DVER not set)
1148 * samhain-install.sh: check for /etc/yellowdog-release
1149 * sh_database.c: fix missing entry for 'userid' in attr_tab[]
1150 * fix debian.rules.in (disable sstrip)
1151 * update make targets: 'srpm', 'srpm-dist', 'rpm'
1152 * check for zlib if mysql is used
1153 * workaround for NetBSD bug with libresolve
1154 * fixed problems with spec files
1155
11561.7.0 (22-12-2002):
1157 * improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>)
1158 * sh_unix.c: fix a dereferenced static pointer in tf_trust_check
1159 * runlevel scripts: remove pid file after stop
1160 * make the data directory read-only for the daemon
1161 * treat 'localhost' specially in MX resolver
1162 * sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail>
1163 * deploy.sh.in: fix quoting (fix by Simon Bailey)
1164 * slib.c: make sl_get_euid et al. behave well if uids not stored
1165 * trustfile.c: use euid = uid(SH_IDENT) if server
1166 * sh_mail.c: include an MX resolver
1167 * Makefile.in: install-user routine for user installation
1168 * have yule drop root
1169 * sh_tools.c: open_temp use logdir if server
1170 * unified options for runlevel script
1171 * HP-UX, IRIX runlevel scripts
1172 * AIX inittab entry
1173
11741.6.6 (13-12-2002):
1175 * configure.ac: solaris cc -O2 -> -xO2
1176 * sstrip.c: avoid alpha architecture
1177 * profiles/solaris/configopts: no --enable-static
1178 * sh_forward.c: sh_forward_req_file: copy argument to local array
1179
11801.6.5 (04-12-2002):
1181 * sh_utmp.c: set userlist = NULL in sh_utmp_end ()
1182 * sh_unix.c: do not assume that environ is sane
1183 * exit handler: write </trail>
1184 * sh_log_file(NULL): test sh.flag.log_start != S_TRUE
1185 * FreeBSD rc script does not blindly accept content of pid file
1186 * configure.ac: allow 'localhost' for log server
1187 * sh_calls.c: retry_connect: ntohs (port)
1188 * testrun_2[abc].sh: --with-logserver=localhost for client
1189
11901.6.4 (12-11-2002):
1191 * sh_tools.c: fix error when escaping '=<'
1192 * fix the 'make srpm' target
1193 * deploy.sh.in: avoid that client is named 'yule'
1194 * define memset to sl_memset
1195 * fix type cast of uid_t, gid_t
1196
11971.6.3 (31-10-2002):
1198 * fix options for Sun/Solaris native compiler
1199 * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error
1200 * test sstrip on freebsd
1201 * default config file for freebsd
1202 * make target to build .deb packages
1203 * sh_readconf.c: fix bug in error message
1204 * samhain.c, sh_suidchk.c: fix initialization of suidchk
1205 * samhain-install.sh.in: don't remove config file by default
1206 * samhain-install.sh.in: support complete de-installation
1207 * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris
1208 * samhain-install.sh.in: check more paths
1209 * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue]
1210 * sh_calls.c: save error message in retry_lstat()
1211
12121.6.2 (04-10-2002):
1213 * make target to build rpms
1214 * update samhain.spec.in, samhain.startRedHat
1215 * support DESTDIR, as in 'make DESTDIR=/what/ever install'
1216 * explicitely set -fno-omit-frame-pointer b/o gcc bug
1217 * mv configure.in to configure.ac to benefit from autoconf wrapper
1218 * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP
1219 * slib.c: fix debug messages (no msgs for dlogActive <= 1)
1220 * sh_schedule.c, samhain.c, sh_suidchk.c:
1221 scheduler may accept multiple schedules
1222
12231.6.1 (04-09-2002):
1224 * sh_schedule.c: bugfix (executes only after first day)
1225 * rm obsolete WITH_TRACE stuff
1226 * new dlog() function for debug logging
1227 * some more descriptive error messages
1228
12291.6.0 (27-08-2002):
1230 * omit the -fomit-frame-pointer option (bugs in some gcc versions ?)
1231 * sh_error.c: fix escape mode when logging to database
1232 * sh_forward.c: fix error (twice escape) in recv_syslog_socket
1233 * sh_tools.c: change escape mode for server-received data
1234 * sh_mem.c: change ulong -> size_t in sh_mem_malloc()
1235 * configure.in: fix localstatedir if --prefix=USR
1236 * sh_hash.c: snprintf() -> sl_snprintf()
1237
12381.5.5 (07-08-2002):
1239 * sh_err_log.c: fix incorrect xml syntax for client messages
1240 logged by server
1241 * sh_err_log.c: fix incorrect '</trail>' entries on client EXIT
1242 * sh_files.c: introduce file_class_next
1243 this fixes the problem that a policy for the directory
1244 inode erroneously becomes a policy for the directory itself.
1245
12461.5.4 (17-07-2002):
1247 * sh_hash.c: fix buffer overflow with (micro-)stealth
1248 * sh_database.c: set path[] 1024 -> 12288
1249 * sh_database.c: set query[] 2048 -> 16383
1250 * sh_database.c: set values[] 1024 -> 16383
1251 * sh_forward.c: larger limit for message size (16 kB)
1252 * trustfile.c: set MAXFILENAME 2048 -> 4096
1253 * fixed a bug in the handling of filenames with embedded newlines
1254 * sh_files.c: fix missing sh_util_safe_name() in debug output
1255 * --with-sender can specify a full address
1256 * fix xml log in a backwards compatible way
1257
12581.5.3 (03-07-2002):
1259 * fix combination of stealth and sql logging
1260 * fix some more places where invalid UIDs/GIDs trigger errors
1261
12621.5.2 (01-07-2002):
1263 * include solaris config file from (sean [at] boran d.o.t com)
1264 * test for files/dirz defined twice in the configuration file
1265 * option to disable reverse lookup on outbound connections
1266 * option to use socket peer as client name (with name resolving)
1267 * sh_html.c: fix an HTML bug (twice </head><body>)
1268 * sh_suidchk.c: fix warning on AIX b/o dirname()
1269 * allow logging server -> syslog if yule is NOT configured to
1270 receive syslog messages
1271 * define PRIi64 to "lld" if undefined
1272 * invalid UIDs: use gid/uid as name, error level SeverityNames
1273 * minor fixes for connect_port
1274 * sh_hash.c: flush output of db listing before _exit()
1275 * configure.in: fix incorrect default ${install_name} for server
1276 * configure.in: try harder to find mysql.h / libpq-fe.h
1277 * sh_files.c: sh_files_checkdir:
1278 closedir() early to not exhaust OPEN_MAX
1279
12801.5.1a (30-05-2002):
1281 * fix missing LSB init script
1282
12831.5.1 (27-05-2002):
1284 * fix '-t update' option
1285
12861.5.0a (23-05-2002):
1287 * fix configure.in
1288
12891.5.0 (22-05-2002):
1290 * include solaris nosuid patch from (nathoo [at] co d.o.t ru)
1291 * similar fix for bsd nosuid
1292 * speed up -t update
1293 * convert manual to DocBook, distribute html and ps
1294 * fix some more problems with configure.in, Makefile.in
1295 * fix testsuite, add tests for udp, mysql
1296 * MSG_TCP_MSG: host -> remote_host
1297 * convert to autoconf 2.53
1298 * make c_bits.sh exit with status 0
1299 * sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h
1300 to avoid dependency tracking problems
1301 * samhain.c remove *YULE* #ifdefs
1302 * acconfig.h remove *YULE* #undefs
1303 * samhain.c: procdirSamhain: lstat --> stat (allow symlink)
1304 * configure.in: add checks for correct user input
1305 * Makefile.in: add automatic dependency tracking
1306 * depend-gen: tool to figure out dependencies
1307 * chkconfig comments in redhat start scripts
1308
13091.4.8:
1310 * sh_database.c: fix missing attr_old, attr_new, (from)host columns
1311 * configure.in, Makefile.in: fix an error in the configfile
1312 definition with REQ_FROM_SERVER
1313 * sh_err_console, sh_err_log: avoid recurrent failure messages
1314 * timeout on read from files (/proc)
1315 * fix errrors with setjmp/longjmp/alarm
1316 * fix memory leak in server (~20 byte/file download in sh_tools, 930)
1317 * check gpg signature for files downloaded from server, add a
1318 regression test
1319 * fix chown in solaris bootscript
1320 * provide second scheduler for file check
1321 * provide scheduler for file check
1322 * provide scheduler for SUID check
1323
13241.4.7 (08-04-2002):
1325 * make daemon control LSB-compliant (arguments, exit status)
1326 * set log_ref = 0 for server messages
1327 * boolean option SetDBServerTstamp to disable entering server
1328 timestamps for received client messages into database
1329 * sh_suidcheck: check for "nosuid" mount option if getmntent is used
1330 * fix logrotate script in manual (reported by Scott Worthington)
1331 * don't strip numerical IP addresses
1332 * check item->status_now != CLT_TOOLONG in client_time_check()
1333 * set log_host to client in db client message
1334
13351.4.6a (20-03-2002):
1336 * define prefix in deploy.sh
1337
13381.4.6 (19-03-2002):
1339 * modify samhain_hide.c to hide processes on new Linux kernels
1340 * better error diagnostics in kern_head.c
1341 * fix compile error in all_items ()
1342 * check length of install-name in enable-khide (max is 15)
1343 * define exec_prefix in deploy.sh.in
1344 * make configure a bit more cross-compiler friendly
1345
13461.4.5 (07-03-2002):
1347 * Make sure missing file is reported even if ptr->reported == S_TRUE
1348 because the file has been added.
1349 * propagate 'reported' flag from sh_files_checkdir() into file list
1350 * close checkfd in sh_gpg_check_file_sign()
1351 * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...)
1352 * use sh.srvcons.name in dbg() to get debugging info from daemon
1353 * option to log file timestamps with localtime instead of GMT
1354 * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory
1355 sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c
1356 * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk()
1357 to make sure re-disappearing will get reported
1358 * new function sh_hash_set_missing() to remove file record
1359 without (duplicate) 'missing' message
1360 * make sure all items are reported for added files
1361 * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h)
1362 * clarify in the documentation which gpg options to use for signing
1363
13641.4.4 (11-02-2002):
1365 * check that parent process has exited before writing PID file
1366 * promote MGG_W_CHDIR to SH_ERR_ERR
1367 * add error message to sh_unix_testlock
1368 * fix missing _() macro in sh_aud_set_functions
1369
13701.4.3 (05-02-2002):
1371 * don't check attributes for symlinks (may cause device access)
1372 * add USE mysql; USE samhain; to samhain.mysql.init
1373 * point out the MessageHeader/mysql problem in manual
1374 * add -lz to LIBS for mysql
1375 * strip after install, avoid double strip
1376
13771.4.2 (27-01-2002):
1378 * support for EGD
1379 * fix some more problems with install-deploy / deploy.sh
1380 * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_)
1381 * fixed the 'external logging' test (init rather than none in rc file)
1382
13831.4.1:
1384 * SuSE: include run level 4+5
1385 * install location of hiding kernel modules changed - some insmod
1386 variants do not test for /lib/modules/$(uname -r)/module_name.o
1387 * new make targets 'install-deploy', 'uninstall-deploy'
1388 * fixed make targets 'deploydir', 'deploydirfast'
1389 * bail on unsupported CL option in deploy.sh
1390 * fix various bugs in deploy.sh
1391
13921.4.0 (16-01-2002):
1393 * fixed missing 'dirname' on Mac OS X
1394 * fixed && tested for/with postgres
1395 * 'user=' -> 'userid=' (reserved word in sql)
1396 * fix the endianess + size of file database; this changes db format
1397 for any non-Linux OS
1398 * --enable-old-format for old (V1.3) database format
1399 * getopt, samhain.c, samhain.h: option -f to loop if not daemon
1400 * sh_hash: list numeric + char data to allow file db update on
1401 server side
1402 * sh_database: modify handling of integer (long) data
1403 * sh_database: datetime in database
1404 * sh_database: hash field in database
1405 * sh_database: rewrite database insert string construction
1406 [use INSERT INTO log (fields) VALUES (values);]
1407 * makefile suse 7.x runlevel entries
1408
14091.3.7 (06-01-2002):
1410 * fix incorrect escape in sh_tools_safe_name
1411 * fix sh_error_handle (4. argument) in sh_extern.c
1412
14131.3.6c:
1414 * fix segfault in sh_database (mysql logging) on solaris
1415
14161.3.6b (03-01-2002):
1417 * fix syntax error ('==') in Makefile.in
1418 * fix configure.in (path for /lib/modules/$(uname -r)/build/include)
1419 * fix sh_kern.c (redeclaration of 'j')
1420
14211.3.6 (03-01-2002):
1422 * sh_kern.c: check integrity of int 80h vector
1423 (SucKIT rootkit - Phrack 58)
1424 * make sure childs in sh_kern are wait()'ed for
1425 * provide start/stop/restart/reload/status interface
1426 * fix a potential segfault (dereferenced NULL pointer) in the server
1427 * use sh_util_flagval for sh_unix_setdaemon
1428 * documentation for logging to SQL database
1429 * configure.in: check for -I/lib/modules/$(uname -r)/build/include
1430 * fix trustfile.c to ignore invalid users
1431 * separate 'make install-samhain' and 'make install-yule'
1432 * separate default log/pid/config files for server/client
1433 - less problems running server and client on same host
1434 * rewrite deploy.sh(.in):
1435 - don't use (make|install) if deploying
1436 - use command line options
1437 - better integrate into server environment
1438 - write install db
1439 * always write a pidfile if daemon
1440 * don't use server's config file as fallback for downloading client
1441 * don't overwrite config file when doing 'make install'
1442
14431.3.5 (28-12-2001):
1444 * fix --enable-message-queue for newer glibc versions
1445 * log to SQL database: implemented, but undocumented yet,
1446 needs to be tested further
1447 * xml: escape received syslog messages
1448 * xml: rename 'time' to 'tstamp'
1449 * make targets: make [un]install-[boot-]yule
1450 (for server-only installation)
1451 * fix samhain_hide.c for 2.4 kernel
1452 * fix sh_kern for updated samhain_hide.c
1453 * new option -j to just list the logfile
1454 * sh_getopt.c: recognize -Dt check for -D -t check
1455 * sh_tiger0.c: fix compiler warning (memmove) on Solaris
1456
14571.3.4 (12-12-2001):
1458 * sh_suidchk.c: option to limit files per second
1459 * sh_unix.c: option to limit (kilo)bytes per second
1460 * sh_hash.c: fix potential problem with '\n' in filename
1461 (not backward compatible if there are filenames with '=')
1462
14631.3.3 (03-12-2001):
1464 * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c:
1465 option SetNiceLevel to set scheduling priority
1466 * sh_hash.c: bugfix for database listing on Solaris
1467 * taus_seed: bugfix for emergency backup rng seed
1468 * sh_util_safe_name: fix for XML
1469 * sh_utmp_set_login_activate: use sh_util_flagval
1470 * sh_utils.c: sh_util_obscurename: rm 'space' from list
1471 * more backtrace macros
1472 * sh_util_flagval: fix bug to recognize 1/0
1473 * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5)
1474 * rm stray debug fprintf in sh_srp.c
1475
14761.3.2 (27-11-2001):
1477 * sh_hash.c: fix an error introduced in 1.3.1
1478 * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug
1479
14801.3.1 (25-11-2001):
1481 * slib.c: get backtrace with --enable-debug
1482 * sh_unix.c: allow core dumps when --enable-debug
1483 * configure.in: fix default message queue permissions
1484 * sh_suidchk.c: automatically include suid/sgid files in database
1485 * sh_suidchk.c: check all suid/sgid files
1486 * sh_hash.c: don't insert duplicates when reading the database
1487 * sh_utmp, sh_kern, samhain: fix 1sec offset in timer
1488 * sh_unix.c: don't require /dev/random to be non-world-writeable
1489 * server: fix segfault in zAVLTree.c if avltree == NULL (no clients)
1490 * client: fix segfault on Solaris if path_conf == NULL
1491 * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed
1492
14931.3.0 (31-10-2001):
1494 * support compiling with GNU gmp library
1495 * set 3 sec timer on client_time_check to avoid excessive (and
1496 unnecessary) calls under heavy load
1497 * replace sl_strlen with a macro
1498 * store client_t structure in AVL tree
1499 * database format incompatible with previous format, up the magic#
1500 * sh_html.c: cache entry template for speedup
1501 * slib.c: reset islong(double) in sl_printf_count
1502 * sh_hash.c: report on rdev change
1503 * sh_hash.c: print size in 64 bit
1504 * sh_hash.c: save in absolute size types
1505 * sh_unix.c: get values as appropriate type (time_t, dev_t, ...)
1506
15071.2.10:
1508 * update MANUAL
1509 * sh_unix.c: tiger_hash -> tiger_generic_hash
1510 * sh_readcon.c: DigestAlgo option
1511 * sh_tiger0.c: add MD5 and SHA1
1512 * sh_unix.c: fix minor problem with win2k/cygwin
1513
15141.2.9 (17-10-2001):
1515 * fix problem with entry template/empty hostname
1516 * fix MASK_USER_ (MTM -> ATM)
1517 * typo fixed in configure.in (${install_name} -> {install_name})
1518 * bugfix group_old -> size_old in XML code
1519 * skip armor header in signed files
1520
15211.2.8 (29-09-2001):
1522 * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid
1523 obscure compiler warning
1524 * Mac OS X: fix test scripts
1525 * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org
1526 * implement deadtime in syslog recv code to protect against flooding
1527 * sh_err_log: sl_close(fd) if lock|forward fails
1528 * compliance with Filesystem Hierarchy Standard -- Version 2.2 final
1529 * add policies User0, User1
1530 * fix compile problem (FreeBSD) in sh_suidchk.c
1531 * macro to check for debugger breakpoints (linux/i386)
1532 * check for solaris (does not work) in sh_derr (--enable-ptrace)
1533 * option to listen on 514/udp for syslog, drop root
1534 irrevocably if compiled thus
1535 * use (check_mask & MODI_ATM) to decide whether to reset utime
1536 * reset the policy masks on sighup
1537 * option to write XML log messages
1538 * cleanup of message catalog
1539 * modified error messages for BADCONN
1540 * error messages for Rijndael
1541 * block recursive error messages within sh_error_handler()
1542 - would hang the machine ... -
1543
15441.2.7:
1545 * sh_files, sh_utils: check top level directory
1546 * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess
1547 for reading from /dev/kmem
1548 * include /boot in default samhainrc
1549 * change source distribution signing/packaging system
1550 * Makefile, README, MANUAL: adhere to file system standard,
1551 document new locations
1552 * fix a bug in samhain_hide.c
1553
15541.2.6:
1555 * reset list of trusted users before config file re-read
1556 * TrustedUser=... can be a list
1557 * fix severity for files missing from IgnoreAll
1558
15591.2.5:
1560 * include example_pager.pl, example_sms.pl scripts
1561 * explain paging/sms setup in docs
1562 * allow manual exclusion of a directory in suidcheck
1563 * automatically track all file changes
1564 * remove missing files from in-memory database
1565 * add $(KERN) to DEPLOYFILES
1566
15671.2.4:
1568 * log IP address for login/logout events, if supported by the OS
1569 * release block in globerr (callback)
1570
1571-------------
1572
15731.2.3:
1574 * fix problem with reading stealth configuration
1575 * fix a few formats in sh_cat.c
1576 * always use strncmp for file system type check in sh_suidchk.c
1577 (trailing 'fs' may be system specific for some types)
1578 * no bare LF in messages (RFC 2822)
1579 * no lines longer than 998 chars (RFC 2822)
1580 * fix error in testrc_1
1581
15821.2.2:
1583 * make tmp file directory a compile time option
1584 * fix minor bugs in tmp file allocator (potential memory leak,
1585 double slash if root directory)
1586 * obsolete testpipe script removed
1587
15881.2.1:
1589 * fix memory alignment in rijndael-api-fst.c: blockEncrypt()
1590 * fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
1591 * removed a debug fprintf()
1592
15931.2.0:
1594 * fix a bug in the HMAC implementation (thanks to Cesar Tascon
1595 for help in tracking down this one)
1596 * module to check the file system for SUID/SGID files
1597
15981.1.16 (never released):
1599 * fix the recursion depth -1 option as described in the manual
1600 * optional database reload on SIGHUP
1601 * fix a race condition when checking that /dev/random is a charakter
1602 device
1603 * redirect stderr to /dev/null for c_random
1604 (AIX may segfault in netstat...)
1605 * check whether /dev/random is a charakter device in c_random.sh
1606 (we know at least one sysadmin who has set up a fake /dev/random ...)
1607 * don't give NULL as 2. and 3. arg to execve if not Linux - some
1608 Unices (notably Solaris) don't like it
1609 * init ptr = NULL in my_malloc (compiler warning)
1610 * make the bitmask for tests configureable (suggestion by A. Dunkel)
1611 * make the bitmask for tests a static variable
1612 * make (database/logfile/lockfile) path configurable
1613 (to run multiple instances of samhain from an NFS share - on the
1614 wishlist of J. Patton)
1615
16161.1.15 (never released):
1617 * fix minor error in testcompile.sh (rm test_log only at start)
1618 * return from subroutines on sig_terminate == 1
1619 (faster exit on SIGTERM)
1620 * fix re-configuration of addresses
1621 * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
1622 * SysV message queue as compile option
1623 * config file option to set console device
1624 * removed the pre 1.1.9 code bloat
1625 * don't print the LOGKEY to the console
1626
16271.1.14:
1628 * fix an error in the setup consistency check
1629 * make target to uninstall runtime files
1630 * trustfile.c: check return code of readlink(), fix off-by-one error
1631 * sh_files.c: fix placement of terminator after readlink() call
1632 * sh_files.c: fix a missing set_suid()/unset_suid()
1633 - suid should work, but is not recommended -
1634 * more debug statements in c/s code
1635 * avoid re-entry in sh_unix_sigexit
1636 * put a block around free() and malloc() in wrapper functions
1637 * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
1638 - i.e. avoid corrupting the heap from a signal handler -
1639
16401.1.13:
1641 * optimized the size of the configure script somewhat
1642 * modify the compile and hash test scripts
1643 * read '\0's in sh_unix_getline
1644 * exponential schedule for connection attempts
1645 * make stealth working properly with signed files
1646 - config file should be signed now before embedding in picture -
1647 * fix a race in using signed files
1648 * updated err messages for PWNULL, GRNULL
1649 * add missing shell script for test 11
1650 * add mandatory source file/line info with -p debug
1651 * add mandatory source line info with BADCONN
1652 * fix a latex error in the manual
1653
16541.1.12:
1655 * debug output to console if compiled with --enable-debug and
1656 running as daemon
1657 * make reportonlyonce=true the default
1658 * make sure state changes of a file are always reported, even
1659 with reportonlyonce=true
1660 * Linux kernel modules (samhain_hide, samhain_erase)
1661 * fixed incorrect return value of sh_util_flagval
1662 * fixed an error in sh_files.c: happens with -t init and first
1663 file that is checked does not exist
1664 * revised install/uninstall targets in the Makefile
1665 * module to check for clobbered kernel syscalls (tested on Linux 2.2)
1666 * more diagnostic error messages in sh_gpg.c
1667 * more diagnostic error messages in sh_mail.c
1668 * error in mail.c fixed
1669 (address -> address_list[i] for multiple recipients)
1670 * docs updated, better(?) explanation of signed files
1671 * skip over path in gpg checksum output
1672 * check client name against IP address and FQDN
1673 * fix for --disable-* in config file
1674 * fixed a server crash (MSG_TCP_OKMSG without arg)
1675 if the server is run with debug level output threshold
1676 * catch EAGAIN in sh_gpg.c pipe reader
1677 * fix the 'external logging' test to make it work on BSD
1678 * error message if no local path to init DB
1679 * check for i86/Solaris in configure (vsnprintf prototype)
1680 * make SRP the default
1681
16821.1.11:
1683 * make log file verification more convenient
1684 * fix problem with message classes in stealth mode
1685 * linux: do not try to read file attributes for devices
1686 * handle the root directory correctly (avoid "//" in listing)
1687 * fix problems with blockin on FIFOs/char dev
1688 pointed out by I. Rogalsky (rog@iis.fhg.de)
1689 - open in nonblocking mode for read, then set to blocking
1690 - open file only if regular
1691 * fix alignment in memory profiler
1692
16931.1.10:
1694 * minor code cleanup
1695 * fix an error in trustfile.c (handling of empty/incomplete
1696 group entries in /etc/group, bug report by A. Capriotti )
1697
16981.1.9:
1699 * compatibility option for old behaviour (plain hash instead
1700 of HMAC, ECB instead of CBC mode)
1701 * use CBC rather than ECB mode for encryption
1702 * use HMAC-TIGER for message authentication codes
1703 * handle NULL data in sh_tiger_hash
1704 * option to set syslog facility (default is LOG_AUTHPRIV)
1705 * longer timeout (300 sec) on /dev/random if no /dev/urandom
1706 * fix minor output error with stealth option
1707 * option not to log names of config/database files on startup
1708
17091.1.8:
1710 * fix error in syslog routine
1711 * fix missing 'test' in configure.in
1712 * fix error in replace_tab() in sh_html.c
1713 * fix minor memory leak in sh_util_regcmp()
1714
17151.1.7:
1716 * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
1717 * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
1718 * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
1719 * fix for Alpha: format string in sh_tiger0.sh
1720 * on Linux, now compiles cleanly with
1721 -Wall -W -Wstrict-prototypes -Wcast-align
1722 * fix problem with recursion depth
1723 (pointed out by Vic <hvicha@mail.ru>)
1724 * #include "sh_tools.h" in sh_unix.c and fix the
1725 --with-timeserver option (reported by Vic <hvicha@mail.ru>)
1726 * place read_port(), MSG_TCP_NETRP outside ifdefs
1727 * close fd/zero skey before execve
1728 * verify client name against socket peer
1729 * ... with configureable error priority
1730 * use strcmp() rather than strncmp() in search_register()
1731 * fix race between lstat() and open() for checksum
1732 (reported by dynamo <dynamo@ime.net>,
1733 JJohnson <JJohnson@penguincomputing.com>)
1734 * enable globbing for filenames
1735 * fix Solaris problem: siginfo_t may be NULL
1736 * fix missing SL_EBADGID in tf_trust_check
1737 * test case for external scripts, fix flushing pipe
1738 * fix a typo in sh_ext_type
1739 * do an fdexec w/checksum on Linux if calling external program
1740 * even safer tmp file creation
1741 * allow db update
1742 * fix compile options for --enable-debug
1743 * fixed a spelling error in the output
1744 * test program for full CS support (config/database download)
1745 * tell which file is searched for cs download
1746
17471.1.6:
1748 * fix bug in sh_readconf_line (segfault on erroneous config lines)
1749
17501.1.5:
1751 * sh_unix.c: sh_unix_getinfo_attr: f -> flags
1752 * use gettimeofday as last resort
17531.1.4:
1754 * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
1755 to (char *)
1756 * configure: add static link flags for some more os (from tar)
1757 * don't strip twice (some stupid systems abort)
1758 * fix for reading from /dev/random on non-Linux systems (untested)
1759 * sh_mail.c: end all message lines with \r\n
1760 * stealth: ignore \r, \"
1761 * take out tracing from --enable-debug (presently useless anyway)
1762 * fix some remaining cleartext with debug && stealth combined
1763 * fixed a small memory leak in sh_err_log.c
1764
17651.1.3:
1766 * fixed circular logic in taus_seed() (fallback method only)
1767 * fix for missing _SC_OPEN_MAX (runaway close())
1768
17691.1.2:
1770 * implement message classes
1771 * let server recognize client message severity and class
1772 * secondary log server
1773 * keep database in memory (allows to close file
1774 if retrieved from server)
1775 * encrypt client/server communication
1776
17771.1.1:
1778 * Compilation problems with native Solaris compiler fixed
1779 * fill in euid/ruid variable
1780 * manual.pdf --> MANUAL.pdf
1781 * debug sh_util_formatted()
1782 * http refresh 120sec for server stat page
1783 * trace/debug options
1784 * fixed problem with utmp.c options
1785 * fixed problem with sh_mail_setaddress
1786 * option for custom message header
1787 * fixed problem in compdata
1788 * fixed problem in mail verification
1789 * remove eventual trailing '/' in file names
1790 * fixed problem with report string for modified files
1791 * option to report in full detail
1792
17931.1.0:
1794 * Move error messages to catalog
1795 * Make error message format more uniform
1796 * Wrap sytem calls that could be interrupted by signals
1797 * Warn on append to database
1798 * Option for full details on mod. files
1799 * Option to report only once on mod. files
1800 * Generally speaking, major modifications with potential new bugs
1801
18020.9.5:
1803 * sh_hash.c: fixed erroneous checksum for config file
1804 * sh_html.c: fixed erroneous timestamp (last)
1805 * sh_tools.c: fixed connect_port (set port for cached address)
1806 * sh_srp.c: fix for '00' (='\0') in pw
1807 (last two fixes by Andreas Piesk)
1808
18090.9.4:
1810 * samhain.c: fcntl(1, ..) -> fcntl(2, ..)
1811 * sh_hash.c: copy 12 instead of 10 byte for c_attributes
1812 * 'empty directory' WARN -> INFO
1813
18140.9.3:
1815 * FreeBSD fixes:
1816 - c_random.sh: make sure /dev/random provides something
1817 rather than nothing
1818 - check for <netinet/in.h> and include it
1819 - include <sys/types.h> early
1820 - sh_utmp.c: fixed an occurence of ut_user
1821 - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
1822 - sh_forward.c: EBADMSG -> ENOMSG
1823 * sh_unix.c: check return value of gethostbyname
1824 * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
1825 more than 30 sec
1826 * ... and fix the timestamp format ...
1827
18280.9.2:
1829 * ISO 8601 timestamps
1830 * Bugfix in sh_utmp (timestring overwrite)
1831 * don't use siginfo_t on Linux (garbage as of 2.2.14)
1832 * check for Linux capabilities bug when dropping root
1833 * include README for gcc compiler bug (pointed out by A. Piesk)
1834 * explicitely set -fno-strength-reduce with gcc
1835 * fixed ignoring missing files with the IgnoreAll policy
1836
18370.9.1:
1838 * more ext2flags (breaks backward database compatibility on Linux)
1839 * IgnoreAll policy modified - missing/added files reported with
1840 SeverityIgnoreAll (to handle files that may or may not be present)
1841 * Check all files, not only regular ones
1842 (bug in sh_files, originally introduced because checksum of
1843 regular files only is computed)
1844
18450.9:
1846 * use O_NOATIME if supported
1847 * --with-nocl takes argument (PW to re-enable CL parsing)
1848 * no daemon mode if initializing database
1849 * fixed segfault in yule with 'unknown file type' request
1850 * enlarged MAX_GLOBS 24 -> 32 and made the array linear
1851 * server uses last registry entry for any given client now
1852 * deploy.sh script to deploy clients to remote hosts
1853 * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
1854 * allow y/Y/n/N for login monitoring (in addition to 0/1)
1855 * external logging scripts/programs
1856 * trustfile.c: define STICKY on Linux
1857 * reset signal mask when initializing
1858 * EINTR_RETRY wrapper
1859 * slib: sl_read, sl_write EINTR update
1860 * use sstrip when installing
1861 * more compact database format (breaks backward database compatibility)
1862 * larger download packets
1863 * TcpFlags unsigned char
1864 * cast to (char *) head in write_port
1865 * m(un)lock cast to (char *)
1866 * (1 << 31) --> (1UL << 31)
1867 * support e2fs attributes on Linux
1868 * fixes for AIX and Solaris native compilers
1869 * fixed Makefile for non-GNU make (pattern rule --> suffix rule)
1870
18710.8.1:
1872 * fixed 'is_numeric()' return value
1873
18740.8:
1875 * added option for static compilation
1876 * added option for stealth with non-hidden config file
1877 * added option for disabling command line parsing
1878 * all options can be set in the configuration file now
1879 * stealth: xor strings in database file
1880 * fixed bug in mailer code ([] in HELO)
1881 * print timestamp when asking for key
1882 * 'micro' stealth mode (no hidden configuration file)
1883 * simplified slib
1884 * int->long for uids/gids in trustfile
1885 * moved mailkey from data to code
1886 * shell script for entropy (stronger default key)
1887 * general code cleanup
1888 * better error checking in client/server code
1889 * detect out-of-sync messages
1890 * check state across protocol passes in server
1891 * make sure authentication is mutual
1892 * file download to client
1893 * reserve six file descriptors in server
1894 * mlock queue buffer if LOG_KEY
1895 * improved robustness in bignum (don't fail on free())
1896 * per-directory recursion depths
1897 * RFC821 compliance: empty line at end of header, To field, Date field
1898 * RFC821 compliance: make e-mail transfer relieable
1899 * fix detection of hardlink changes
1900 * checksum verification for calling gpg/pgp
1901 * CL option '-S' not required for server-only binary
1902 * eliminate CL options that may leak privileged information
1903 if the program is SUID
1904 * skip leading white space in configuration file
1905 * allow nested conditionals in configuration file
1906 * allow whitespace before and after '=' in configuration file
1907 * don't leak file descriptors to child processes
1908 * make message transfer relieable
1909 * always report error on abnormal termination of connection
1910
19110.7:
1912 * support for alpha machines
1913 * stop TCP logging after exit message
1914 * limit connections in server (DoS attacks)
1915 * move string handling to slib
1916 * move file handling to slib
1917 * timestring without space
1918 * changed report format
1919 * SUID bugfix - use euid when checking logfile ownership
1920 * SUID bugfix - get root for lstat()
1921 * SUID bugfix - get root for opendir()
1922 * store number of hardlinks
1923 * send no message if polling empty queue
1924 * include tiger 64-bit implementation (portability)
1925 * codes for error conditions
1926 * mail check: handle multiple, overlapping audit trails
1927 * security fix: no append to database if SUID
1928 * fix sh_entropy.c (BUFSIZ -> BUF_ENT)
1929 * read command line before config file
1930 * PGP signing of config/database files
1931 * checksum of config file reported
1932 * checking for attributes only
1933
19340.6:
1935 * more syslogish priority specification
1936 * fixed segfault in sh_mem_check, apparently this was also
1937 the reason for the segfault in atexit()
1938 * allow for compilation with SRP authentication
1939 * fixed tiger checksum computation
1940 * fixed broken logfile verification for second and further audit trails
1941 * test program added
1942 * documentation improved
1943 * sh_forward_make_client: bug fixed in[8]->in[i]
1944 * sh_error.h: fixed missing #include <errno.h>
1945 * configure.in: fixed missing strerror() test
1946 * sh_utmp.c: check logins/logouts
1947 * check for missing files
1948 * only reset access time if necessary
1949 * O_EXCL in open()
1950 * limit environment to TZ in execve (sh_entropy.c, not used on Linux)
1951 * use trustfile() to determine whether logfile dir is trustworthy
1952 * strip head instead of tail for numerical address
1953 * store messages in fifo during log server outage
1954 * re-init session key after server outage
1955
19560.5 (21-12-1999):
1957 * added option for mail relay server
1958 * own popen() implementation in sh_entropy() (portability)
1959 * fixed error in sh_util_basename() (returned NULL for base == "/")
1960 * fixed segfault in strlcpy/strlcat (check for src == NULL)
1961 * FILENAME_MAX -> PATH_MAX (HP-UX 10.20)
1962 * use TIGER for 32-byte compilers (portability)
1963 * fixed hash function (do not include stdlib.h)
1964 * flush buffer before write in mailer code (IBM AIX 4.1)
1965 * make mailer code non-forking
1966 * cast argument of is...() to int (portability)
1967 * return() after _exit() for braindead compilers (portability)
1968 * optionally use inet_addr (portability)
1969 * check for broken mlock() (HP-UX 10.20)
1970 * minor code cleanups
1971 * fixed incorrect size of munlock()'ed memory in sh_error_string()
1972 * fixed a buffer overflow in the error printing routine
1973 * fixed a buffer overflow in sh_util_safe_name ()
1974 * implement SRP session key exchange
1975 * implement client/server facility
1976 * implement @host/@end construct in configuration file
1977 * preferably use uname(), and do gethostbyname() for FQDN
1978 * make vernam cipher base numeric
1979 * make OnlyStderr private in sh_error
1980 * test -e "/dev/random" --> test -r "/dev/random" (portability)
1981 * check for libsocket (portability)
1982 * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
1983 * eliminate superfluous /proc test
1984 * some unreachable code removed
1985 * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash()
1986 * check for setresuid() if no seteuid() (HP-UX 10.20)
1987
19880.4 (09-11-1999):
1989 * make sure output from /dev/random has no NULL's
1990 * one-time pad encryption for emailed keys
1991 (better than nothing ...)
1992
19930.3 (04-11-1999):
1994 * logfile readable for group
1995 * verify signatures for any file
1996 * signature block in tarball
1997 * use select() in time server routine
1998 * better protection for session keys (mlock)
1999
20000.2:
2001 * fixed incorrect man page
2002 * fixed incorrect example rc file
2003 * recursive error logging should work now
2004
20050.1:
2006 * initial release -- on Samhain 1999, of course
2007
2008development start:
2009 * probably 29-06-1999
2010
Note: See TracBrowser for help on using the repository browser.