source: trunk/docs/Changelog@ 460

Last change on this file since 460 was 460, checked in by katerina, 10 years ago

Better error message for update and fix for deadlock in UNIX entropy collector. 3.1.3 final.
File size: 102.9 KB
Line 
13.1.3:
2 * remove initgroups() from the popen call in unix entropy gatherer
3 * Add error message for update mode if local baseline cannot be found
4
53.1.2:
6 * Fixed incorrect memset in sh_checksum.c (sha256)
7 * Circumvent a gcc compiler bug with inline asm (gcc 4.8)
8 * Allow multiple exclusions for SUID check
9 * Use calloc instead of malloc
10 * Add overflow check in minilzo.c (but the potential integer
11 overflow [CVE-2014-4607,LMS-2014-06-16-1] is irrelevant anyway
12 because the function is never used on external data).
13 * Fixed a minor bug in exepack_fill.c that was unearthed by the minilzo
14 overflow check (the required buffer length information for the check
15 wasn't provided)
16 * Fixed incorrect logic in setting the ALLIGNORE flag (more specific
17 directory / file directives were ignored)
18 * Fix for tickets #358 (repetitive lstat warning about deleted
19 directory) and #359 (reporting of deleted/added top level directory)
20 * Fix a free() on NULL (harmless but avoids spurious warning)
21
223.1.1 (01-0-2014):
23 * Disable inline asm on Cygwin (issue reported by Erik)
24 * Fix sh_ipvx_is_ipv4 such that numeric hostnames are not
25 incorrectly recognised as IP address (reported by A. Hofland)
26 * Fix sh_ipvx_is_ipv6
27
283.1.0 (31-10-2013):
29 * Add support for SHA2-256 checksum function
30 * Drop support for --enable-khide on kernel version 3.x and above
31 * Fix IgnoreAdded to anchor regex at beginning of path (reported by
32 R.Lindner)
33 * Add check to detect availability of pmap_getmaps() (missing in
34 static library on recent Linux systems as reported by Ian Baldwin)
35 * Fixes for Ubuntu 13.4:
36 - no error msg for failing stat on /run/user/Username/gvfs in
37 suidcheck
38 - no error message for failing hardlink check on /run/user/Username
39 - eliminate compiler warnings
40 * Add option '--disable-asm' to work around a gcc issue in Debian
41 unstable (reported by micah)
42 * Remove option '-i' from mkitab in samhain-install.sh.in (reported
43 by N. Kerski)
44
453.0.13 (11-06-2013):
46 * Fix detection of nonfunctional /dev/kmem
47 * Fix race condition in GrowingLogfiles policy that
48 causes spurious reports (problem noticed by J. Daubert)
49
503.0.12 (16-05-2013):
51 * Fix compiler warning in bignum.c (unused parameter)
52 * Detect if /var/run is a symlink and /run exists
53 * Fix for broken support for audit subsystem (reported
54 by isquish)
55 * Fix for incorrect use of sh_inotify_add_watch_later
56 which causes a steady increase in memory usage
57 (issue reported by Maxime V)
58 * Fix for potential minor memory leak
59 * Fix for bug in negated conditionals for config file
60 (reported by M. Ward)
61
623.0.11 (08-04-2013):
63 * Fix for compile error on HP-UX (reported by P. Alves)
64 * Propagate ERANGE error from getgrxxx_r (issue raised by C. Feikes)
65 * Fix reconnecting to database for Oracle
66 * Add better logrotate handling for the GrowingLogs policy (search
67 rotated log and verify it, don't report if this succeeds)
68 * Add ability to create debian packages with preset password (use
69 env var PASSWORD)
70 * Add option KernelCheckProc (bool) to suppress kernel /proc test
71 * Add option IgnoreModified to cover transient files that
72 not only get added/deleted but also modified
73
743.0.10 (13-01-2013):
75 * Revert to previous logic in samhain.c because it will block
76 otherwise (reported by Alexandr Sabitov)
77
783.0.9 (21-12-2012):
79 * Fixed a Cygwin compile warning
80 * Change logic in samhain.c to make sure inotify doesn't cause
81 excessive full scans
82 * Add option IgnoreTimestampsOnly in Windows registry check (ignore
83 changes if only timestamp has changed)
84 * Fix the probe command (misses clients if their startup message
85 has been missed)
86 * Fix the RPM spec file for --enable-network=client and no password
87 (reported by Mitch St Martin)
88 * Fix build error with Linux audit (reported by Andy Jack)
89 * Fix detection of utmpx.h (reported by D. Thiel)
90
913.0.8 (01-11-2012):
92 * rename to 3.0.8 for release
93 * useful exit status for samhainadmin.pl --examine
94
953.0.7a (25-12-2012):
96 * add ability to create RPM with preset password (use
97 env var PASSWORD)
98 * fix the rpm-light makefile target
99 * fix minor bug in samhain_setpwd.c (incorrect error message)
100
1013.0.7 (25-10-2012):
102 * update documentation for prelude
103 * fix configure to properly search for Oracle Instantclient SDK
104 * pass through TNS_ADMIN environment variable for Oracle
105 * optimize audit rules automatically
106 * zero out the html status file at server exit
107 * don't check for assembly optimization unless linux or *BSD
108
1093.0.6 (01-09-2012):
110 * install logrotate script if /etc/logrotate.d is detected
111 * new option --enable-suid for nagios
112 * fix for --enable-ptrace: make the save_tv variable thread specific
113 * fix bug in inotify code which made it follow symlinks (by [anonymous])
114 * fix two missing SH_MUTEX_LOCK(mutex_thread_nolog) (by [anonymous])
115 * fix for 'no such process' message from sh_fInotify_init_internal()
116 (by [anonymous])
117 * fix for --enable-ptrace with threads (by [anonymous])
118 * option SetReportFile for writing out summary after file check
119
1203.0.5 (11-07-2012):
121 * fix xml format templates for registry check
122 * fix database download on registry check init (reported by ldieu)
123
1243.0.4 (01-05-2012):
125 * fix verbosity of message for alerts on already deleted watches
126 (set it to debug - suggested by xrx)
127 * fix extraneous error messages about file not found from
128 sh_fInotify_init_internal() (bug reports by xrx and aj)
129
1303.0.3 (28-03-2012):
131 * fix potential deadlock in sh_ext_popen()
132 * make sure sh_processes_readps cannot hang forever
133 * fix for deadlock if sh_processes_readps hangs
134 * fix for deadlock if suid check and inotify are used together
135 (reported by A. Jack)
136 * fixed problem with samhain_stealth.c (handle input config
137 files that don't end with a newline)
138 * fixed compiler warnings for yulectl.c with stealth
139 * fixed lacking support for O_NOATIME on 64bit linux
140
1413.0.2a (23-02-2012):
142 * Fix compile error on Solaris 10
143
1443.0.2 (16-02-2012):
145 * change sql init scripts to make bigint fields unsigned (problem
146 reported by A. Sabitov)
147 * patch by Andy Jack for issue with the --with-gpg option (hangs with
148 high cpu load at startup)
149 * call ./samhain-install.sh as /bin/sh ./samhain-install.sh in the
150 RPM spec file, because /var might be mounted noexec (reported by GC)
151 * fixed configure.ac for the case that --with-gpg and --enable-nocl are
152 used (./samhain for gpg checksum; problem report by Andy Jack)
153 * fixed a potential NULL pointer dereference in sh_inotify.c on
154 systems where inotify is not available (reported by <anonymous>)
155 * fixed: the config file template mentions (in a comment) the
156 non-existent directive SetLockPath instead of the correct
157 SetLockfilePath (reported by Curtis).
158 * fixed: the definition of O_NOATIME isn't seen in sh_files.c.
159
1603.0.1 (07-12-2011):
161 * fix a memory leak (reported by C. Westlake)
162 * fix an uninitialized variable in the suidcheck code (problem
163 reports by T- Luettgert and Kai)
164 * fix a bug in the port check with --disable-ipv6 (reported
165 by C. Westlake)
166 * fix potential deadlock in sh_files.c (reported by S. Mirolo)
167 * change Makefile.in to stop on compile error rather than at link stage
168 (suggested by S. Mirolo)
169 * fix compile errors caused by missing #define (pthread disabled) and
170 wrong function call (OSX specific code), reported by S. Mirolo
171 * fix warning by the llvm/clang static checker
172 * fix compile issues on freebsd
173 * handle (ignore) SIGPIPE more thoroughly
174 * update config.guess, config.sub
175
1763.0.0a (06-10-2011):
177 * Fix compile-time issues on RHEL5 (reported by Thomas)
178
1793.0.0 (01-11-2011):
180 * Add support for the inotify API
181 * If --disable-shellexpand is used, also disable setting
182 the prelink/ps paths
183 * Fix missing check_mask storage for glob pattern
184 * Add support for integer keys in zAVL
185 * Fix compiler warnings with gcc 4.6.1 (variables that get set
186 but then remain unused)
187 * Add more server-side debugging for IPv6
188 * Make kern_head compile with 3.x kernels
189
1902.8.6 (20-09-2011):
191 * Manual updated.
192 * Added an option LogmonDeadtime to avoid repetitive reporting
193 on correlated events.
194 * Fix problems with timestamp handling in logfile correlation
195 (problem reported by D. Dearmore)
196 * List the policy under which a directory/file is checked
197 * Option to use a textfile with a list of files for update
198 * Fix --enable-db-reload option (reported by David L.)
199 * Fix samhain_kmem compilation, need to compile under chosen
200 name if --enable-install-name is used (reported by David L.)
201 * Fix uninitialized string in error message (reported by mimox)
202
2032.8.5a (16-06-2011):
204 * Fix autolocal.m4 for new configure option
205
2062.8.5 (15-06-2011):
207 * Detect non-working /dev/kmem in configure script, and fix
208 a bug in the samhain_kmem kernel module.
209 * Fix wrong handler for LogmonMarkSeverity (reported by S. Chittenden)
210 * Better protection against the 'intruder on server' scenario
211 pointed out by xrx. Add option to disable shell expansion in
212 configuration files, and check gpg signature earlier.
213 * Support /opt/local/bin in the Unix entropy gatherer (suggestion
214 by Sean Chittenden)
215 * Cache timeserver response for one second (suggestion by
216 Sean Chittenden)
217
2182.8.4a (11-05-2011):
219 * Fix for compile error with --with-prelude
220 (reported by Sean Chittenden), missing regression test added
221 * Fix for compile error with --enable-udp (reported by Sean Chittenden),
222 missing regression test added
223
2242.8.4 (30-04-2011):
225 * Fix another reload bug in the log monitoring module
226 * Add unit tests for IgnoreAdded/IgnoreDeleted configuration directives
227 * Fix deadlock after reload when compiled with --enable-login-watch
228 (reported by M. Teege and O. Cobanoglu)
229 * Fix compile error for samhain_hide.ko with recent kernel
230 * Include patch by J. Graumann to specify the location of the
231 secret keyring with samhainadmin.pl
232 * Fix potential timeout problem in sh_sub_stat_int() and propagate the
233 error (issue reported by mtg)
234 * Add support for X-Forwarded-For in apache logfile parser, add
235 option 'RE{regex}' to insert arbitrary regex
236 * New options PortcheckMinPort, PortcheckMaxPort for the open ports
237 check
238
2392.8.3a (23-03-2011):
240 * Fix two 'label at end of compound statement' errors on FreeBSD
241 (reported by David E. Thiel)
242
2432.8.3 (22-03-2011):
244 * init scripts: load samhain_kmem.ko before samhain starts
245 * slib.c: eliminate mutex from sl_create_ticket()
246 * sh_entropy.c: move pthread usage out of child
247 * sh_hash.c, sh_pthread.c, sh_pthread.h: sh_hash_hashdelete()
248 needs deadlock detection, may be called from within sh_hash_init()
249 via atexit handler on error condition
250 * sh_suidchk.c, sh_calls.c, sh_calls.h: need a nosub version of lstat()
251 to use with relative path after chdir()
252 * samhain.c, sh_calls.c, sh_calls.h: only run (l)stat() in subprocess
253 after reading config file (to allow disabling)
254 * sh_unix.c: run sh_sub_kill() in parent after forking the daemon
255 * fix zeroing of result from getnameinfo() (problem reported by Richard)
256 * fix spurious warnings about unsupported address family (reported
257 by N Silverman)
258 * option to run lstat/stat in subprocess to avoid hanging on NFS mounts
259 (off by default)
260 * fix Windows/Cygwin compile error (reported by A. Schmidt)
261
2622.8.2 (16-02-2011):
263 * add function to skip checksumming
264 * Fix missing check for recursion depth >= 0 if not IgnoreAll
265 * Fix hardcoded path for temp directory in deployment scripts
266 * Fix bad compile on CentOS 4.8 with gcc 4.1.2
267 * Fix minor bug in check_samhain.pl (pointed out by J.-S. Eon long ago)
268
2692.8.1 (17-11-2010):
270 * Document handling of missing files with secondary schedule
271 * Fix incorrect handling of missing files when secondary schedule
272 is used (reported by Sergey)
273 * Fix null pointer dereference in config parse handler for SetMailAlias
274 (reported by Sergey)
275 * Fix incorrect memset() in sh_kern.c (passed struct by value...),
276 reported by Roman and Stefan
277 * Fix 'make install' to create user-defined directory
278 * fix minor issues noticed by T. Luettgert (test code assumes port
279 0/tcp is unused, wrong ifdef order (without impact on compilation))
280 * fix compile error on AIX 5.3 with --enable-login-watch,
281 reported by M. El Nahass (time.h missing in src/sh_login_track.c)
282
2832.8.0 (01-11-2010):
284 * Support IPv6
285 * Add registry checking
286 * Use auditd records to find out who did it
287
2882.7.2c (23-09-2010):
289 * Fix uppercase hostname problem in client/server communication
290
291
2922.7.2b (05-09-2010):
293 * Fix compile errors on Solaris 10 (reported by A. Saheba)
294
2952.7.2a (23-08-2010):
296 * rewrote rijndaelKeySched() in a more conservative way to fix
297 compile problem on SLES 11.
298
2992.7.2 (16-08-2010):
300 * sh_utils.c: fixed an endianess issue that prevented cross-verification
301 of email signatures (reported by A. Zangerl)
302 * sh_login_track.c: fix compiler warning (ignored return value
303 of fwrite)
304 * sh_readconf.c: fix comparison of SeverityUserX string
305 (reported by max__)
306 * sh_processcheck.c: sh_prochk_set_maxpid: set retval on success
307 (reported by max__)
308 * fixed some compiler warnings on cygwin
309 * sh_extern.c: As reported by T. Luettgert, gcc 4.4.4 on Fedora 13
310 will throw a warning if execve is called with a NULL argv pointer.
311 Need to provide a dummy argp[].
312
3132.7.1 (07-06-2010):
314 * samhain_kmem.c: fix compile problems
315 * fix problems with config file parser: increase max. line length,
316 support quoting/escaping of filenames (as in 'ls --quoting-style=c')
317 * check for pcre_dfa_exec (not available in old versions
318 of libpcre, reported by Shinoj)
319 * patch to allow server to log client reports to prelude
320 (by J. Ventura)
321
3222.7.0a (09-05-2010):
323 * fix /dev/kmem detection (reported by S. Clormann)
324
3252.7.0 (01-05-2010):
326 * sh_utmp.c, sh_login_track.c: additional login checks
327 * sh_unix.c: use SIGTTIN as alternative for SIGABRT
328 (SIGABRT seems not to work on AIX, reported by Peter)
329 * sh_utmp.c: fix compile error without pthreads (inotify_watch used)
330 * sh_kern.c, kern_head.c: fix some 64bit issues
331 * dnmalloc.c: fix compiler warning (ignored ret value)
332 * Fix LSB init script for kernel module
333 * samhain_kmem kernel module for /proc/kmem added
334
3352.6.4 (22-03-2010):
336 * Don't read proc_root_iops in sh_kern.c (Problem report
337 by H. R.)
338 * Logfile check can check output of shell commands
339 * Use data directory as default for logfile checkpoints
340 * Fix broken checkpoint save/restore for logfiles
341
3422.6.3 (10-03-2010):
343 * Fix bug in mail module, recipients incorrectly flagged
344 as aliases, which breaks immediate mail for 'alert'
345 (reported by Jesse)
346
3472.6.2 (28-01-2010):
348 * Makefile.in: fix problem in deploy system caused
349 by adding build number for debs in 2.5.9 (reported
350 by roman)
351 * add option for per-rule email alias in log monitoring
352 module
353 * sh_readconf.c: make keywords case-independent
354 * sh_mail.c: on error, report full reply of mail server
355 * sh_mail.c: report smtp transcript at debug level
356 * make sure mail aliases are not emailed twice, and
357 recipients cannot be defined after aliasing them
358 * handle named pipes in log monitoring module
359 (open in nonblocking mode, ignore read error if empty)
360 * fix bug in the server function to probe for necessity
361 of configuration reload for client
362
3632.6.1b (23-12-2009):
364 * fix missing include for sh_inotify.h in sh_inotify.c
365 (reported by Ack)
366
3672.6.1a (22-12-2009):
368 * fix typo in code for older inotify versions without
369 inotify_init1(), reported by Forll
370
3712.6.1 (21-12-2009):
372 * add a routine to log monitoring module to guess the proper year
373 for timestamps without year (standard syslog)
374 * add feature to automatically detect and report bursts of
375 similar messages in log monitoring module
376 * add feature to check for missing heartbeat messages in
377 log monitoring module
378 * cache UIDs/GIDs to reduce the number of lookups
379 * use inotify to track login/logout (sh_inotify.c, sh_utmp.c)
380 * support event correlation in log monitoring module
381 * make sure host matching is done in a case insensitive way
382 (reported by Tracy)
383 * fix invalid use of mutex_mlock in src/sh_unix.c, function
384 sh_unix_count_mlock() (reported by Remco Landegge).
385
3862.6.0 (01-11-2009):
387 * don't use statvfs() for process checking on FreeBSD
388 * fix bug with parallel compilation of cutest in Makefile
389 * sh_mem.c: fix deadlock in debug-only code
390 * Evaluate glob patterns for each run of file check
391 * Add compile option to disable compiling with SSP
392 * Run SUID check in seperate thread
393 * By default disable scanning ..namedfork/rsrc (deprecated by Apple)
394
3952.5.10 (12-10-2009):
396 * sh_suidchk.c: handle $HOME/.gvfs mount gracefully
397 * slib.c: fix race condition caused by closing a stream and the fd
398
3992.5.9c (01-10-2009):
400 * move stale file record error message closer to problem zone
401 * sh_port2proc.c: fix flawed logic for interpreting /proc/net/udp,tcp
402
4032.5.9b (22-09-2009):
404 * remove stale file record when creating handle, and raise diagnostic
405 error to find origin of stale record
406 * sh_port2proc.c: check /proc/net/upd6 for IPv6-only UDP sockets
407
4082.5.9a (17-09-2009):
409 * fixed a race condition in closing of file handles
410
4112.5.9 (11-09-2009):
412 * added code to generate directory for pid file, since it
413 would get cleaned if /var/run is a tmpfs mount (problem
414 reported by M. Athanasiou)
415 * fixed a bug that prevented reporting of user/executable path
416 for open UDP ports (issue reported by N. Rath)
417 * added more debugging code
418
4192.5.8a (18-08-2009):
420 * fixed a bug in sh_files.c that would prevent samhain from
421 running on MacOS X (reported by David)
422
4232.5.8 (06-08-2009):
424 * fixed a bug in the MX resolver routine which causes it to fail
425 sometimes (issue reported by N. Rath).
426 * fixed deadlock with mutex_listall in sh_nmail_test_recipients() if
427 error occurs within sh_nmail_flush (problem reported by N. Rath)
428
4292.5.7 (21-07-2009):
430 * sh_userfiles.c: set userUids = NULL at reconfiguration (issue
431 reported by U. Melzer)
432 * if available, use %z to print timezone as hour offset from GMT
433 in email date headers (problem reported by NP, solution suggested
434 by TimB).
435 * eliminate C99-style comments (problem reported by
436 venkat)
437 * fix bad variable name for AC_CACHE_CHECK
438 * fix potential deadlock when external programm is called
439 (problem reported by A. Dunkel)
440
4412.5.6 (09-06-2009):
442 * recognize fdesc filesystem on MacOS X for suid check (Problem
443 reported by David)
444
4452.5.5 (01-05-2009):
446 * fix some warnings from gcc 4.4 (strict aliasing)
447 * fix minor memory leak in process check
448 * t-test1.c: change function names because of clashes with an
449 AIX system header file
450 * fix warnings with -fstack-check (too large stack frames)
451 * fix for incorrect handling of hostnames in database insertion
452 (reported by byron)
453
4542.5.4 (04-03-2009):
455 * fix for incorrect input check in SRP implementation (discovered
456 by Thomas Ptacek)
457 * option KernelCheckPCI to switch off check of PCI expansion ROMs
458
4592.5.3 (25-02-2009):
460 * disable dnmalloc on MacOS X, doesn't work properly
461 * stat -> lstat in sh_unix_file_exists (OS X nameforks, report
462 by David)
463 * Fix problem in standalone trustfile, does not work correctly on
464 group-writeable files (reported by David).
465 * Option SetThrottle to throttle throughput for db download
466 * Option SetConnectionTimeout to configure the client connection
467 timeout configurable
468 * Provide getrpcbynumber, getservbyname implementations
469 to avoid dependencies with static linkage
470 * Fix missing sh.host.(system|release|machine) on FreeBSD,
471 reported by D.Lowry
472 * New option SetMailPort to allow setting of SMTP port (patch
473 by lucas sizzo org)
474 * allow POSIX regexes for filters
475 * consolidate filtering code from sh_extern.c, sh_(n)mail.c
476 * rewrite mail subsystem to allow individual filtering
477 for recipients
478 * allow shell expansion for values of config file options
479 * allow list as value for option PortCheckInterface
480 * fix bug in trustfile.c (with slapping on "/../" for symlinks)
481 * lock baseline database upon writing
482
4832.5.2b (29-01-2009):
484 * turn warnings into errors in the compile test suite
485 * fix missing define in sh_portcheck.c to eliminate compiler warning
486 (reported by joerg)
487
4882.5.2a (26-01-2009):
489 * fix problem building deb package (bit rot; reported by joerg)
490
4912.5.2 (22-01-2009):
492 * samhain.c: report module failure with positive offset
493 * sh_database.c: parse numerical fields into ulong
494 * fix regression test script for postgresql
495 * fix regression test script for SELinux/ACL test
496 * fix reporting of user for open ports to prelude
497 * report process pid for open ports
498 * replace _exit() by raise(SIGKILL) b/o pthread problem
499 * new option LooseDirCheck ([false]/true), request by
500 Alexander
501 * improved help output of samhain_stealth (as suggested
502 by Michael Athanasiou)
503 * new option ProcessCheckIsOpenVZ ([false]/true)
504
5052.5.1 (07-12-2008):
506 * workaround for freebsd7 amd64 lossage (compiler toolchain,
507 no mmap to 32bit address space)
508 * samhain-install.sh: check for presence of stealth_template.ps
509 before trying to create it
510 * use -Wno-empty-body if supported to suppress warnings about
511 glibc pthread_cleanup_pop implementation
512 * fix text relocations for i386 in src/sh_tiger1.s
513 * implement server->client SCAN command to initiate file check
514 * implement @if / @else conditionals with more tests in config file
515 * new option SetDropCache to drop checksummed files from cache
516 * report process/user for open ports on FreeBSD (code
517 lifted from FreeBSD sockstat.c)
518 * fix for config reload issue with stealth mode (reported by
519 siim)
520 * add -fstack-protector flags to LDFLAGS
521 * cygwin fix: don't use dnmalloc, doesn't work with pthreads
522 * cygwin fix: make trust check in samhain-install.sh return zero
523 * improved diagnostics for file read errors
524 * fixed script permissions (754 -> 755), reported by Christoph
525 * constness patch by Joe MacDonald
526 * GnuPG key ID patch by Jim Dutton
527 * sh_kern.c: more error checking for reads from kernel
528
5292.5.0 (01-11-2008):
530 * dnmalloc.c: fix inconsistent chunksize on 64bit systems
531 * fix improved error reporting for failed fstat in checksumming
532 * report process/user for open ports (Linux only currently)
533 * fix deadlock on exit in sh_hash_init()
534 * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore)
535 * log monitoring support
536 * fixed constness in trustfile interface
537 * remove libprelude 0.8 support (obsolete)
538 * sh_forward.c: increase TIME_OUT_DEF to 900 secs
539 * dnmalloc.c: initialize rc in dnmalloc_fork_child(),
540 reported by B. Podlipnik
541
5422.4.6a (09-10-2008):
543 * fix compile problem on Fedora 9 (reported by pierpaolo),
544 'struct ucred' in sh_socket.c requires _GNU_SOURCE
545
5462.4.6 (27-08-2008):
547 * fix compile failure on win2k/cygwin (sh_unix_mlock prototype),
548 reported by jhamilton
549 * fix potential deadlock with dnmalloc upon fork()
550 * fix non-portable use of 'hostname -f' in regression test suite
551 (reported by Borut Podlipnik)
552
5532.4.5a (18-08-2008):
554 * fix compile problem in dnmalloc.c (remove prototypes for
555 memset/memcpy), problem reported by Juergen Daubert
556
5572.4.5 (07-08-2008):
558 * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10
559 bails out on a chmod on a dangling link
560 * fix bug in check_samhain.pl nagios script (J.-S. Eon)
561 * use the UNO static checker
562 * compile as position independent executable (PIE)
563 * handle EINPROGRESS error (Windows/cygwin issue)
564 * make sure every function uses less than one page of stack
565 (proactive security against gap jumping, Gael Delalleau)
566 * use dnmalloc instead of system malloc
567 (proactive security against heap buffer overflows)
568 * fix dnmalloc bugs and portability problems
569 * check for compressBound, since older zlibs don't have it
570
5712.4.4 (30-04-2008):
572 * sh_database.c: fix maximum size of sql query string, maximum
573 size of strings in struct dbins_
574 * sh_hash.c: fix maximum size of message string
575 * fix typo in the base64 decoder
576 * fix 'make cutest' for parallel compiling
577 * fix compile warnings with -Wstrict-prototypes
578 * sh_static.c: override getgrgid, getpwuid for libacl
579 * fix more warnings about variables clobbered by 'longjmp'
580 or 'vfork' (due to library internal handling of mutexes)
581 * fix configure warning about unused datarootdir
582 * configure.ac: warn, but accept nonexistent tmp dir
583 (Problem reported by Brian)
584 * sh_unix.c: undef P_ALL, P_PID, P_PGID before including
585 sys/wait.h (compile problem reported by Reputation)
586 * syslog function tested ok with Syslog Fuzzer v0.1
587 by Jaime Blasco (c) 2008
588 * slib.c: call fflush when writing trace to file
589 * sh_readconf.c: don't set OnlyStderr to false if gpg (problem
590 reported by Irene Reed)
591 * fix unconditional removal of pid file in atexit handler (bug
592 reported by Brian)
593 * fix invalid free() in sh_unix_checksum_size()
594 * sh_processcheck.c: workaround for stupid OpenBSD bug (returns
595 ENODEV instead of EAGAIN, because fgetc does
596 fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem
597 reported by Roman R.
598 * fix buf that cause incomplete reporting of modified symlink if
599 symlink has changed and both old and new paths are >48 bytes
600 * fix bug that prevented mount check from running in one-shot mode
601 * enable mount check for openbsd
602 * fix processcheck default options and test script for openbsd
603 * option --list-file to list content of file (if saved)
604 * sh_tools.c: use strcasecmp in reverse lookup since DNS is case
605 insensitive (bug reported by Phil)
606 * fill content if MODI_TXT, zlib compress, base64 encode and add
607 as link_path in sh_unix.c; add to report in sh_hash.c
608 * testsuite: add test for gpg fingerprint option
609 * sh_extern.c: add 'CloseCommand' for syntactic sugar,
610 add in testsuite
611
6122.4.3a (12-02-2008):
613 * fix compile error caused by open() with O_CREAT and no third argument
614 (reported by J.-S. Eon)
615
6162.4.3 (31-01-2008):
617 * sh_kern.c: don't require asm/segment.h for kernel check module
618 * use global var with pid of initial thread instead of getpid(),
619 since LinuxThreads returns different value in each thread (problem
620 reported by Steffen Mueller)
621 * sh_kern.c: no inode check for pci rom (creates spurious messages)
622 * slib.c: eliminate prototype for vsnprintf (compile problem reported
623 by eddy_cs)
624 * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS)
625 (reported by Matthias Ehrmann)
626
6272.4.2 (17-01-2008):
628 * fix broken option --with-checksum (reported by halosfan),
629 regression test added
630 * change HP-UX default optimization to +O2 since +O3 breaks
631 cutest unit testing framework
632 * put result vector of rng in skey struct
633 * fix more compiler warnings, and a potential (compiler-dependent)
634 NULL dereference in the unix entropy collector
635 * fix some compiler warnings
636 * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead
637 of -fstack-protector
638 * always add PTHREAD_CFLAGS to LDFLAGS
639 * sh_tiger0.c: checksum functions return length of file hashed,
640 needed to fix GrowingLogfile bug (researched by
641 siim at p6drad dash teel dot net)
642 * sh_static.c: fix more 'label at end of compound statement'
643 (SH_MUTEX_UNLOCK closing brace; reported anonymously)
644 * make sh_hash.c thread-safe
645 * remove plenty of tiny allocations
646 * improve sh_mem_dump
647 * modify port check to run as thread
648 * new option PortCheckSkip to skip ports
649 * fix unsetting of sh_thread_pause_flag (was too early)
650
6512.4.1a (28-11-2007):
652 * fix overwrite of ErrFlags (functionality bug)
653
6542.4.1 (26-11-2007):
655 * security fix: regression in the seeding routine for the PRNG
656 (detected by C. Mueller)
657 * regression test added for PRNG seeding routine
658 * fix problem with PCI ROM check (spurious messages about modified
659 timestamps, reported by S. Clormann)
660
6612.4.0a (08-11-2007):
662 * fix compile failure with --enable-static (reported by S. Clormann)
663 * fix potential deadlock if SIGHUP is received while suspended
664
6652.4.0 (01-11-2007):
666 * eliminate alarm() for I/O timeout (replaced by select)
667 * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r,
668 rand_r, strtok_r if available
669 * protect readdir(), getpwent(), gethostname() with mutexes
670 (readdir_r considered harmful)
671 * make checksum/hash, entropy, rng functions reentrant
672 * use thread-specific conversion buffer for globber()
673 * fixed compile problems and problems with test suite
674 * modify login watch to run as thread
675 * modify process check to run as thread
676
6772.3.8 (03-10-2007):
678 * new option PortCheckIgnore = interface:portlist
679
6802.3.7 (13-09-2007):
681 * Makefile.in: fix 'make deb' target, wrong name of config file
682 written to debian/conffiles (reported by marc)
683 * configure.ac: fix incorrect order of with-prelude, enable-static
684 (libprelude test was always without -static)
685
6862.3.6 (06-09-2007):
687 * added yuleadmin.pl script contributed by Riccardo Murri
688 * fix compile error with -f-stack-protector on some systems (reported
689 by marc); we now check for libssp
690 * fix local DoS attack on BSD systems lacking getpeereid() (reported
691 by Rob Holland).
692 * fix yulectl password reading from $HOME/.yulectl_cred, erroneously
693 rejected passwords with exactly 14 chars (reported by Jerry Brown)
694 * introduce 'fflags' flag for suid files to detect new files already
695 found in regular file check (problem reported by J. Crutchfield);
696 also add regression test to ascertain that files in baseline
697 database are not quarantined erroneously
698 * sh_hash.c: replace check for prefix 'K' with check for not prefix'/'
699 to allow for arbitrary module-specific store/lookup in db
700 * replace 'visited', 'reported', 'allignore' with generic 'fflags' field
701 * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if
702 port checking is used on same host as server (reported by kadafax)
703 * Install.sh: don't use --separate-output with non-checklist
704 widgets (problem discovered by D. Denton)
705 * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers
706
7072.3.5 (20-06-2007):
708 * sh_portcheck.c: try to tear down connections more gracefully
709 (request by S. Petersen)
710 * fix incorrect handling of files with zero size in GrowingLogFiles
711 (problem reported by S. Petersen)
712 * fix incorrect encoding of null checksums in stealth mode
713 * sh_hash.c: fix repeated printing of acl/attributes in database dump
714 * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and
715 useselinuxcheck are supported
716
7172.3.4 (01-05-2007):
718 * sh_processcheck.c: fix missing init of sh_prochk_res array before
719 check (leads to degrading functionality over time and 'fake pid'
720 warnings; reported by D. Ossenbrueggen and
721 soren dot petersen at musiker dot nu)
722 * sh_processcheck.c: fix memory leak
723 * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible
724 anymore? proc_root_inode.lookup != proc_root_lookup)
725 * sh_extern.c: flush streams before forking (problem if [Prelink]
726 used together with prelude logging, reported by M. deJong)
727 * fixed compilation of kern_head (regression cause by cross-compiling
728 fix; problem reported by S. Clormann)
729 * more typos fixed (reported by John Horne)
730
7312.3.3 (27-03-2007):
732 * fixed typos in configure.ac and manual (reported by John Horne)
733 * don't use mysql_options on x86_64, since libmysql is broken
734 * fixed cross-compiling (patch by Joe MacDonald)
735 * refactor sh_kern.c, sh_suidchk.c
736 * fix bug with leading slashes in linked path of symlinks within
737 the root directory
738 * sh_kern.c: check PCI ROM (Linux), refactor code
739 * move file descriptor closing more towards program startup
740 * kernel check: support OpenBSD 4.0 (wishlist)
741 * fix samhain_hide module (in-)compatibility with recent kernels
742 (reported by Jonny Halfmoon)
743
7442.3.2 (29-01-2007):
745 * fix regression in full stealth mode (incorrect comparison of
746 bytes read vs. maximum capacity), reported by B. Fleming
747
7482.3.1a (21-01-2007):
749 * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used
750 (reported by zeroXten)
751
7522.3.1 (21-01-2007):
753 * fix bug that may cause accidental closure of yule TCP socket
754 (problem reported by B. Masuda)
755 * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann)
756 * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump
757 (reported by B. Masuda)
758 * rm report.pl from rules.deb.in (reported by B. Masuda)
759 * samhainctl(): longer timeout (bad status reporting at startup,
760 reported by Phil and by Dan Track)
761 * sh_portcheck.c: make connect errors more descriptive
762 * sh_portcheck.c: fix ignored setting of PortCheckActive
763 * sh_processcheck.c: add statvfs, and wrap for EINTR
764 * sh_portcheck.c: add wrappers for EINTR
765 * report user and executable for hidden processes
766 * fix update failure if reportonlyonce = false (reported
767 by D. Strine)
768 * fix compile error in sh_portcheck.c (problem on cygwin
769 reported by J. D. Fiori)
770 * check filenames ending in space (also for utf8 spaces)
771 * check and escape csv formatted db listing
772 * cache results of sl_trustfile_euid()
773 * trustfile: use 4096 for MAXFILENAME, switch to strncpy
774 * CL option -v|--version for info on version and compiled-in options
775
7762.3.0a (01-11-2006):
777 * fix compile failure with portcheck + stealth (reported by lucas)
778
7792.3.0 (01-11-2006):
780 * fix concurrency for inserts in oracle db
781 * add acl_(new|old) to database schema
782 * check for selix attributes and/or posix acl
783 * new option UseSelinuxCheck (bool)
784 * new option UseAclCheck (bool)
785 * regression tests for above
786 * add module to check for open ports
787 * add module to check processes (hidden/fake/missing)
788 * use const char* for argument of module configuration callbacks
789
7902.2.6 (31-10-2006):
791 * fix missing support for MacOX X init script (reported
792 by Daniel Kowalewski)
793 * fix error about non-readable file with no checksum required
794 * fix server warning about 'no server name known'
795 * fix 'make deb' makefile target
796 * fix default export severity for server
797
7982.2.5 (05-10-2006):
799 * fix broken Install.sh, reported by Alexander Kraemer
800 * workaround for glob(3) sillyness on MacOS X (reported by David)
801 * fix for broken resorce fork check (reported by David)
802 * fix for broken compilation on cygwin (reported by Elias)
803
8042.2.4 (03-09-2006):
805 * add regression test for the GrowingLogFiles issue to test suite
806 * fixed sh_unix.c: bug in database init if GrowingLogFiles used
807 with signed database (reported by Timothy Stotts)
808 * bug in manual fixed (incorrect documentation of --enable-user,
809 noticed by M. Brown)
810 * rc.subr compatible init script for FreeBSD/NetBSD
811 * improve routine to find rpm after build
812 * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip)
813 * fix error in manual (location of lock file)
814 * fix bug with SuidExclude (files in directory were still checked)
815
8162.2.3 (31-07-2006):
817 * fix samhainadmin.pl: check for gpg-agent running if use-agent is set
818 (ticket #28 by anonymous)
819 * fix stealth mode (regression in parser), problem reported by
820 Joschi Kuphal
821 * fix minor typo in sh_database.c (compile problem reported by
822 Joschi Kuphal)
823
8242.2.2 (17-07-2006)
825 * minor fixes for regression test scripts
826 * minor updates to the manual (suggested by Brian A. Seklecki)
827 * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+
828 (problem reported by Leonhard Maylein)
829 * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM
830 is not defined
831
8322.2.1c (11-07-2006)
833 * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early
834 (Solaris 8 build failure reported by Jesse)
835 * fix sh_unix.c: wrong prototype for sh_unix_mlock()
836 if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by
837 Jonathan Kaufman)
838
8392.2.1b (20-06-2006):
840 * fix compile error on SuSE 10.1 (reported by Leonhard Maylein)
841
8422.2.1a (15-06-2006):
843 * fix compile error on i686/MacOS X (reported by Andreas Neth)
844
8452.2.1 (13-06-2006):
846 * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808)
847 * fix compiling with Oracle (noticed by Colapinto Giovanni)
848 * fix configure.ac for most recent autoconf version
849 (debian bug #369503)
850 * fix a regression that would make impossible local updates w/clients
851 * fix a few missing '\n' in sh_getopt.c
852 * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem
853 * fix Solaris package creation
854 * recognize Solaris doors and event ports
855 * fix the idmef_inode_t patch: provide required info to avoid stat()
856 * fix bug on database update: fill in dev and rdev fields
857 * fix get_file_infos() in sh_prelude.c: avoid premature return
858 * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK
859 * deploy.sh: allow to set a group for hosts upon installation
860 * patch by Yoann: fix an issue when setting the idmef_inode_t object
861 * fix memory leaks in error paths in sh_prelude.c
862 * fix concurrent inserts with postgres in sh_database.c
863 * code cleanup
864 * fix manual version in spec file, first noticed by Imre Gergely
865
8662.2.0 (01-05-2006):
867 * patch by Jim Simmons for samhainadmin.pl.in
868 * fix testsuite portability problems
869 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700
870 * fix potential NULL dereference in sh_utmp_endutent()
871 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)
872 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)
873 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)
874 * fix bug in sh_utils_obscurename (check isascii)
875 * scan h_aliases for FQDN if h_name is not
876 * add copyright/license info to test scripts
877 * add copyright/license info to deployment system scripts
878 * support server-to-server relay
879 * new CL option --server-port
880 * minor improvements in manual
881 * patch by Yoann Vandoorselaere for sh_prelude.c
882 * allow --longopt arg as well as --longopt=arg
883 * verify checksum of growing log files (up to previous size)
884 * rewrite of the test suite
885 * added a bit of unit testing
886 * minor optimizations in various places
887 * optimized implementation of tiger checksum algorithm
888 * read in 64k blocks (faster than 4k)
889 * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux
890 file attribute code
891 * kern_head: fix compilation of kernel check module on OpenBSD
892 * updated samhainrc.linux, samhainrc.freebsd
893 * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..)
894 * sh_files.c: fix missing use of flag_err_info
895 * sh_tiger0.c: remove repetitive use of mlock
896 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
897 add function sl_read_timeout_prep
898
8992.1.3 (13-03-2006):
900 * fix compile problem in slib.c (reported by Lawrence Bowie)
901 * fix bug with combination of one-shot update mode and file check
902 schedule (reportedby Dan Track)
903 * improved the windows howto according to suggestions by
904 Jorge Morgado
905 * fix samhain_hide kernel module for new linux kernel versions
906 * fix minor problem with dead client detection (problem reported
907 by Michal Kustosik)
908
9092.1.2 (10-01-2006):
910 * fix startup error with combination of gpg+prelude
911
9122.1.1a (22-12-2005):
913 * fixed a stupid bug in sh_files.c (break if file = dir)
914
9152.1.1 (21-12-2005):
916 * sh_calls.c: protect sh_calls_set_bind_addr against overriding
917 * comINSTALL, updateDB: use locking
918 * samhainadmin.pl: use locking
919 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts)
920 * improve zAVLSearch (remove redundant strcmp)
921 * use AVL tree in sh_files.c instead of linked list (better scaling)
922 * fix bug with suidcheck (no update/check in one-shot mode with
923 schedule instead of check interval; noticed by R. Rati)
924 * fix for problem with '-t update -i' if daemon mode (problem report
925 by Peter van der Does)
926 * fix for bug in sh_util_ask_update (two returns were required ...)
927
9282.1.0 (31-10-2005):
929 * minor fix for cross-compiling with --with-kcheck
930 * sh_forward.c: handle bad fds in the select() fd sets
931 (reported by hmy)
932 * sh_extern.c: fix debugging code
933 * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME
934 (reported by Gabor Kiss)
935 * makefile.in: fix for solaris package creation
936 * sh_mail.c, sh_readconf.c: mail filtering options
937 * sh_database.c: Oracle reconnect on connection failure
938 (bug report by Alexander A. Sobyanin)
939 * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable
940 (problem reported by Peter)
941 * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix
942 * fixes for gcc 4.0.2 compiler warnings
943 * ability to use daemon mode together with update
944 (wishlist Yoan Vandoorselaere)
945 * fixes for debugging
946
9472.0.10a (22-08-2005):
948 * fix for overlapping directory check specification (reported by Bub)
949
9502.0.10 (21-08-2005):
951 * fix for segfault (free() on a constant string) with libprelude
952 (problem reported by Grae Noble)
953 * upgrade FreeBSD kernel check to 5.4, minor fixes
954 * useful script for users of Linux kernel check
955 (contributed by marc heisterkamp)
956 * documentation improvements (suggested by Brian Seklecki and Robby)
957
9582.0.9 (25-08-2005):
959 * samhain_erase.c: add #define for NULL
960 * sh_suidchk.c: fix incorrect use of escaped filename
961 * sh_prelude.[ch], sh_readconf.c: configurable mapping from
962 samhain severity to prelude severity
963 * sh_unix.h: second arg of gettimeofday should be NULL
964 * sh_files.c: fix checking of directory special file (use specified
965 policy, not that of parent dir, problem found by Brian A. Seklecki)
966 * sh_entropy.c: longer timeout for entropy collector
967 * sh_socket.c, sh_forward.c: allow probing of clients for
968 necessity of configuration reload
969 * yulectl: minor fixes, option -v (verbose), new command PROBE
970 * fix 'File not found' messages for files flagged with IgnoreMissing
971 * sh_database.c: strip newline from oracle error messages
972 * sh_files.c: fix rsrc fork issue with MacOS X Tiger
973 (reported by A. Koren)
974 * never compute checksum if not checked (problem report by D.Hughes)
975 * sh_prelude.c: cleanup and bugfix by Yoann
976 * sh_hash.c: for prelude, make sure mode is supplied with user/group
977 and vice versa
978 * sh_prelude.c: provide proper FileAccess objects (bug
979 report by Mihai Ilinca)
980
9812.0.8 (03-07-2005):
982 * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than
983 $LIBPRELUDE_CFLAGS (bugfix by Yoann)
984 * samhain.spec.in: remove support for chkconfig (it's too buggy).
985 Strangely, if invoked as install_initd it behaves sanely ...
986 * src/sh_err_log.c: fix key input (this time for real)
987 * fix --with-altlogserver (bug from 2.0.7b)
988 * remove server socket in start/stop script
989
9902.0.7e (not released):
991 * Makefile.in: introduce a total of 6 sec delay for 'make' utilities
992 that use 1 sec resolution, and consider target out-of-date if
993 timestamp(target) = timestamp(dependency) ...
994 * src/sh_err_log.c: fix key input
995 * another fix for yulectl (use pwent->pw_dir)
996 * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH
997
9982.0.7d (not released):
999 * one more fix for the spec file (stupid rpm finds tags in comments!!!)
1000
10012.0.7c (not released):
1002 * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH
1003 * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes
1004 * samhain-install.sh.in: fix test -z $verbose
1005 * sh_hash.c: speedup database reading
1006 * Makefile.in: fix the problem that BSD make would make too much
1007 * deploy: yulerc.clients -> yulerc.install.db, provide
1008 $defdatabase for backward compatibility
1009 * deploy: allow for comma in client_install_date
1010
10112.0.7b (not released):
1012 * hp_ux.psf.in: fix psf file
1013 * dsys/comINSTALL: fix $yule_date -> $yule_data
1014 * Makefile.in: fix 'make depot'
1015 * sh_tools.c, sh_unix.c: fix detection of open file limit
1016 * sh_readconf.c: reset read_mode after reading conf file
1017 * yulectl.c: better error messages, use homedir from getpwuid(geteuid)
1018 * init/samhain.startLSB.in: fix misleading message in lsb init script
1019 * sh_forward.c: better display for nonce u in debug mode
1020 * sh_tiger*.c: fix checksum for HP-UX 64bit
1021 * samhain.c: don't fetch database twice
1022 * configure.ac: accept nodename for --with-logserver=...
1023 * samhain_setpwd.c: return proper exit status for samhain_setpwd
1024 * respond to SIGTERM on initializing
1025 * fix problems with samhainadmin.pl
1026 * sh_utils.c: fix bug with AddOKChars (found by Karol)
1027
10282.0.7a (not released):
1029 * remove 'df' from entropy gatherer (NFS may hang)
1030 * modify va_copy check (doesn't work with HP-UX PA64 compiler)
1031 * fix compile warnings in sh_database.c
1032 * samhain-install.sh.in: check for /usr/bin/false in /etc/shells
1033 * fix install-boot on HP-UX
1034 * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE
1035
10362.0.7 (11-06-2005):
1037 * yet another fix for the spec file (use internal dependency generator)
1038 * sh_error.c, sh_prelude.c: init libprelude after open fds are closed
1039 * error message if queue is full
1040 * fix two compiler warnings on HP-UX
1041 * fix sh_mail.c for Interix (no resolver routines)
1042 * fix sh_unix_initgroups2() if no initgroups() function (bug reported
1043 by Geries Handal)
1044 * remove references to 'struct timezone' (Interix; problem
1045 reported by Geries Handal)
1046 * init/stop for prelude on SIGHUP
1047 * sh_cat.h: fix a stupid bug with messages classes
1048 * manual: new section on nagios (with help from kiarna),
1049 more on prelude
1050 * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere)
1051 * default prelude profile name now is 'samhain' (lowercase)
1052 * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere)
1053 * remove obsolete check for linux/module.h, linux/unistd.h
1054 * remove dependency on virtual/glibc in gentoo ebuild
1055 (problem reported by Willis Sarka)
1056
10572.0.6 (01-03-2005):
1058 * sh_prelude.c, configure.ac, aclocal.m4: support for
1059 libprelude 0.9 (Yoann Vandoorselaere)
1060 * sh_html.c: fix bug with entry.html template (reported by
1061 Stephane Sanchez)
1062 * Install.sh: fix mandir option (reported by Rodney Smith)
1063 * Fixed Linux/64bit bug in definition of EUIDSLOT
1064 * New targets 'make depot', 'make depot-light' (HP-UX, untested)
1065 * Use sstrip for RPMs and DEBs (automatic stripping disabled)
1066 * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al.,
1067 problem noticed by Yoann Vandoorselaere)
1068 * Modify samhain.spec.in to disable automatic stripping upon install
1069 * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb'
1070 for '--with-khide' (problems reported by Mark)
1071 * Fix compile error in sh_tools.c on HP-UX 10.20
1072 (problem reported by Dennis Boylan)
1073 * Runtime configuration of server listening port (wishlist)
1074 * Runtime configuration of server listening interface (wishlist)
1075 * Ignore SIGTTIN (consistency)
1076 * Use SIGTTOU to force file check (wishlist)
1077
10782.0.5b (01-04-2005):
1079 * Fix build problem b/o timestamp on stamp file
1080
10812.0.5a (16-03-2005):
1082 * Fix problem with 'make rpm' (reported by Dirk Brümmer)
1083
10842.0.5 (02-03-2005):
1085 * Fix bug with partial reads from clients in server
1086 (bug report by Brian)
1087 * Support gpg checksum bootstrap with yule
1088 * Support mount option check on HP-UX
1089 * For MAIL FROM, use 'example.com' as domain part if
1090 hostname is numeric (problem reported by Eric Raymond)
1091 * The HOWTO-write-modules has been updated.
1092 * Convenience functions to insert data in database have been
1093 added.
1094 * Use int0x03 only on i386 in sh_derr() (portability problem
1095 reported by John Mandeville)
1096
10972.0.4 (09-02-2005):
1098 * Fixed broken 'make deb' (problem report by olfi)
1099 * Fixed minor bug in test scripts (detection of gmake vs. make)
1100 * Fixed Tru64/OSF compile warnings (reported by B. Terp)
1101 * Normalize list parsing to allow comma, space, and tab as separators
1102 * Some more descriptive error messages in kern_head.c
1103 * Absolute path to utilities in init/samhain.startLinux.in
1104 * Fixed is_root variable in deploy.sh
1105 * Fixed 'deploy.sh info'
1106 * Fixed 'deploy.sh install' client startup
1107 * Fixed 'make tbz': don't remove ebuild scripts in 'make dist'
1108 (issue reported by W. Sarky)
1109
11102.0.3 (14-12-2004):
1111 * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith)
1112 * Fix missing sys/time.h include in slib.c (reported by Jonas)
1113 * Workaround for file closing problem with Prelude+GPG
1114 * Fixed memory leak with Prelude.
1115 * Fixed bug in samhain_stealth (PGP signature not correctly
1116 retrieved from hidden configuration; report and patch by V. Tuska)
1117 * Added Perl script to concatenate file signature database files
1118 * Fix compile error with combination of --enable-nocl and
1119 --enable-stealth (reported by Zdenek Polach)
1120 * Fix bug in dsys/initscript with --enable-nocl
1121 * Fix declaration of sh_kern_timer()
1122 * Fix missing Mounts+Userfiles options in appendix of manual
1123 * Updated the README (bug report by H. Franzke)
1124 * Fix some compiler warnings
1125
11262.0.2a (09-11-2004):
1127 * Fixed OoM condition when client rc file not found (reported by Eilko)
1128
11292.0.2 (08-11-2004):
1130 * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code)
1131 * Fixed uninitialized variable in sh_mail_msg() (problem reported
1132 by Michael Milvich)
1133 * Fixed potential NULL pointer dereference in sh_hash_compdata()
1134
11352.0.1 (01-11-2004):
1136 * Fixed compilation bug reported by jue (--with-kcheck broken).
1137 * Fixed start option (bug reported by sanek). Behaviour wrt.
1138 environment variables depended on the way the daemon was started.
1139
11402.0.0 (31-10-2004):
1141 * The deployment system has been rewritten from scratch in
1142 a cleaner and more modular and extensible way. Deployment
1143 of native packages is supported now.
1144 * The build system has been revised. Building outside the source
1145 directory is supported now.
1146 * Support for checksumming of prelinked executables / libraries
1147 has been added.
1148 * The configure script now checks for the SSP/ProPolice patch in GCC,
1149 and enables it if present.
1150 * The install-boot option in samhain-install.sh has been fixed
1151 (use absolute paths for sbin utilities).
1152 * A nagios plugin (scripts/check_samhain.pl) has been added.
1153 * The LSB (Linux Standard Base) init script has been fixed (the output
1154 was incorrect).
1155 * Fetching of built binary packages has been
1156 fixed ($(PACKAGE)->@install_name@).
1157 * For files in proc, the timeout has been reduced, and no error
1158 messages are issued upon timeout.
1159 * A function has been added to print out full details for missing
1160 files if encountered while in sh_files().
1161 * The reporting for SuidCheck has been fixed (incorrect policy
1162 noticed by JiM).
1163 * On Linux, SuidCheck does not report on files marked as candidates
1164 for mandatory locking (group-id bit set, group-execute bit cleared).
1165 * Fix for oracle init script (by Matt Warner)
1166
11671.8.12b (11-10-2004):
1168 * fix bug in MSG_MSTAMP (%ld -> %lu)
1169 * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL,
1170 mkdir mode for quarantine directory
1171 * fix the fix for modlist_lock search in System.map
1172
11731.8.12a (01-10-2004):
1174 * fix bug in samhain-install.sh.in (only occurs on Solaris), reported
1175 by J. Roland
1176
11771.8.12 (27-09-2004):
1178 * fix compile bug with --enable-static + --with-database=postgresql
1179 * fix search for modlist_lock in System.map
1180 * password auth for yule command socket (request by D. Kocic)
1181 * more info about pending/sent commands to clients
1182
11831.8.11 (30-08-2004):
1184 * fix static linking on Linux by use of replacement routines from
1185 uClib - however, this means, there is no NIS support anymore
1186 * new option AddOKChars=... to modify the set of characters for
1187 filenames considered 'obscure'
1188 * new option HardlinkOffset=... to specify an offset from the canonical
1189 hardlink count for a directory
1190 * fix some warning with HP 11.23 native compiler
1191 * fix minor OpenBSD portability problems (EIDRM, compiler warning)
1192 * samhainrc.5, samhain.8: updated the man pages
1193 * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name'
1194 for AllIgnore
1195 * sh_kern.c: fix 'update' to display modifications
1196 * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized
1197 fields)
1198 * stealth kernel modules: fix for linux 2.6, fix
1199 redefine of KERNEL_VERSION
1200 * warn about stealth kernel module problem with 2.6 in manual
1201 * sh_unix.c: remove some cruft
1202 * fix a typo in the manual (noticed by J. Rubin)
1203 * configure.ac: re-order output from libprelude-config (required
1204 for static linking - problem reported by E. Neber)
1205 * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel
1206
12071.8.10b (13-07-2004):
1208 * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported
1209 by Pat Smith)
1210
12111.8.10a (13-07-2004):
1212 * depend-gen.c: fix for FreeBSD 'make' which does not understand
1213 the dependencies ... (problem reported by David Thiel)
1214
12151.8.10 (13-07-2004):
1216 * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy
1217 (bug report by VZoubkov)
1218 * fix some warnings (unreachable statement) with HP-UX native compiler
1219 * kern_check.c: silence warning about 'sendfile' for 4.10
1220 (noticed by Ryan Beasley)
1221 * modify depend-gen.c to ignore sh_gpg_chksum.h
1222 * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h)
1223 * .. and for fingerprint
1224 * sh_suidchk.c: fix some compiler warnings on solaris
1225 * allow commas to separate multiple entries in a RedefXXX= directive
1226 * replace sleep/usleep with nanosleep wrapper function
1227 * replace alarm() for read timeout with select() in sl_read_timeout
1228 (should fix bug reported by Scott Kelley)
1229 * increase lstat/open timeout to 6 sec
1230
12311.8.9 (16-06-2004):
1232 * made 'no action specified' error message more informative
1233 (suggested by Stephen Gill)
1234 * fix memory leak in mysql sh_database_query() (bug report by Dejan)
1235 * remove some cruft from the code
1236 * sh_files.c: check MacOS X resource forks (idea from Osiris)
1237 * sh_files.c: no hardlink check for MacOS X
1238 * sh_util_ask_update: fix bug with no terminal in non-interactive mode
1239 (report and debug data by Kris Dom)
1240 * manual refactored
1241 * fix redundant messages when updating with suidcheck
1242 * allow interactive update for suid files
1243 * don't remove the TZ environment variable to guard against
1244 misconfigured hosts
1245 * also use gethostname if uname returns possibly truncated name
1246 * fix improper file descriptor handling in sh_mail.c (bug report
1247 by Alex Weiss)
1248 * cleanup MBLK cruft
1249 * use SH_ALLOC/SH_FREE in sh_prelude.c
1250 * update sstrip to Version 2.0
1251
12521.8.8 (25-05-2004):
1253 * fix compilation problem on AIX 5.2 (nameser_compat.h; report by
1254 Tim Evans and Ian McCulloch)
1255 * don't check for trusted paths on Cygwin
1256 * add Windows HOWTO written by Kris Dom
1257 * kern_check.h: extend FreeBSD syscall table for 5.x
1258
12591.8.7a (03-05-2004):
1260 * sh_mail.c: fix subject length
1261 * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom)
1262 * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug
1263 (compile problem reported by Kris Dom)
1264
12651.8.7 (01-05-2004):
1266 * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing
1267 empty mails (introduced with segfault fix in 1.8.6, report
1268 by Kris Dom)
1269 * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal,
1270 try to reopen on controlling terminal if not
1271 * sh_utmp.c: fix order of options (problem report by Uri)
1272 * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop
1273 (may cause segfault on null dereference for missing files)
1274 * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type,
1275 sh_unix_getinfo_attr)
1276 * don't use dh_installmanpages in 'make deb' (samhain/yule conflict
1277 reported by xavier)
1278 * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c
1279 (suggested by Kris)
1280 * include nameser_compat.h in sh_mail.c (for MacOS X,
1281 suggestion by jna)
1282 * sh_utmp.c: fix time for logout events (reported by Erich
1283 van der Velde)
1284
12851.8.6 (15-04-2004):
1286 * add CL option to set threshold for prelude and RDBMS
1287 * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer
1288 dereference; reported by Micha Silver)
1289 * fix compiling with --disable-encrypt (reported by Pat Smith)
1290 * fix minor problem in scheduler (don't return before all schedules
1291 are tested, to set last_exec correctly)
1292
12931.8.5 (05-04-2004):
1294 * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD
1295 problem (endless loop; report and debugging aid by Joe MacDonald)
1296 * fix hardlink check (null dereference in error message, segfaults
1297 on solaris - noticed by Bob Bloom)
1298 * sh_suidcheck: don't truncate quarantined file if nlink > 1
1299 * fix Install.sh (no --seperate-output with --radiolist); patch by
1300 Greg Kimberly
1301
13021.8.4 (17-03-2004):
1303 * add Prelude patch by Patrice Bourgin
1304 * add license statement to sh_mounts.c, sh_userfiles.c after
1305 receiving a clarifying e-mail from Cian Synnott
1306 * support UsePersistent = no for Oracle (problem spotted and fix
1307 tested by Michael Somers)
1308 * fix bug in samhainadmin.pl
1309 * sh_gpg.c: describe type of gpg error (if any)
1310 * fix persistent connections with postgresql (reported by
1311 Erwin Van de Velde)
1312 * prelude: local 'meaning' shadows global in sh_prelude_alert
1313 (spotted by David Maciejak)
1314 * uname: workaround for cases where nodename would be a possibly
1315 truncated FQDN (problem reported by Cian Synnott)
1316 * re-write parts of sh_kern.c, store kernel info in baseline database
1317 -> no need to recompile after kernel upgrade
1318 * modify timeouts in sh_unix_getinfo, add timeout warning
1319 * change handling of dangling symlinks (store in db)
1320 * fix typo with MSG_FI_OBSC2 (double slash)
1321 * remove redundant operation in sh_utils_safe_name
1322 * fix occasional random start bytes of long messages in
1323 sh_error_string (sl_strlcat -> sl_strlcpy)
1324 * provide details for missing files (as for added files)
1325 * remove duplicate message for no such group/user
1326 * add fixes for samhain.oracle.init (supplied by Michael Somers)
1327 * fix date insertion for Oracle (fix by Michael Somers)
1328 * manual: fix incorrect statement about RPM (noticed by
1329 Lars Kellogg-Stedman)
1330
13311.8.3 (02-02-2004):
1332 * add a HOWTO-client+server-troubleshooting document
1333 * fix another bug with SIGUSR2 (suspend mode)
1334 * new option SetBindAddress (--bind-address=...) to force
1335 interface for outgoing connections on multi-interface box
1336 * don't link against libgmp if not required (i.e. standalone)
1337 * test for ext2fs/ext2_fs.h or linux/ext2_fs.h
1338 * new make targets 'emerge' and 'tbz2' for gentoo
1339 * update rules.deb.in based on the Debian package
1340 by Javier Fernandez-Sanguino
1341 * updated config.guess, config.sub to version 2002-09-05
1342 * external command: report failure only once
1343 * console: reset failure status after success
1344 * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility
1345 * use persistent connection to database by default
1346 * option UsePersistent=no to switch off persistent connection
1347
13481.8.2 (19-01-2004):
1349 * sh_userfiles.c: new option UserfilesCheckUids (requested)
1350 * sh_error.c: server: don't log to logfile before dropping root
1351 * new script scripts/samhainadmin.pl (administrative tasks for
1352 signed config/database files)
1353 * add changes code to log_msg for reports on modified files
1354 * change default log threshold to 'mark', as 'none' tends
1355 to confuse new users
1356 * faster response time for SIGUSR2
1357 * revised (mostly backward-compatible) message classes
1358 * fix missing check of mailTime in server select loop
1359 * add support for libprelude (version 0.8.10)
1360 * fix format for MSG_E_GRNULL (reported by Stefan Hudson)
1361 * fix Bourne shell incompatibility (export) in samhain-install.sh
1362 (first reported by David Thiel)
1363 * fix typo in spec file (first reported by Christian Vanguers)
1364 * remove some cruft (signal handler, memory handling)
1365 * return from sigterm handler, rather than exit directly
1366 (re-entrancy problem causes more problems than it's worth)
1367
13681.8.1 (03-12-2003):
1369 * fix gmp detection (problem pointed out by Nix)
1370 * fix/improve the error message if test compiling with mysql fails
1371 * new CL option --interactive for interactive db update
1372 * fix some compiler warnings from IRIX MIPS compiler
1373 * kern_head.h, kern_head.c: option to disable IDT check
1374 * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6)
1375 * sh_utmp.c: count number of logins (request by Erwin Van De Velde)
1376 * change username -> userid, remove (long) userid (bug noticed
1377 by Erwin Van De Velde)
1378 * emit ADDED message for new SUID/SGID files
1379 * add trailing slash to excluded directory if there is none
1380
13811.8.0a (04-11-2003):
1382 * sh_error.c: remove two debug printf's
1383
13841.8.0 (31-10-2003):
1385 * manual: make ps file fit on both a4 and letter paper
1386 * sh_socket.c, sh_socket.h, sh_forward.c: socket interface
1387 to send (quit/reload) commands to clients
1388 * sh_forward.c, configure.ac: enable build with libwrap
1389 (Wietse Venema's TCP Wrappers library)
1390 * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c:
1391 new option to suppress messages for new and/or deleted files
1392 * samhainrc.aix5.2.0: contributed by Christoph Kiefer
1393 * samhain.c: fix compile warning on solaris (noticed by Ian Hunt)
1394 * sh_database.c: undef debug code for oracle
1395 * samhain.oracle.init: contributed by Joern Michael Krueger
1396 * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c,
1397 sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h:
1398 check-mounts and userfiles modules contributed by eircom.net
1399 * sh_utils.c: fix off-by-one bug in sh_util_compress()
1400 * sh_forward.c, sh_tools.c, configure.ac:
1401 version 2 client/server protocol
1402 * sh_mail.c: add %S to include severity in subject (user request)
1403 * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD
1404 * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline
1405 for --enable-ptrace
1406 * samhain.c: lower priority for 'uninitialized module' message
1407 * sh_entropy.c: lower priority for message if /dev/random blocks and
1408 /dev/urandom is available
1409 * improved error messages in sh_readconf.c
1410 * print system error message for getpwuid, getgrgid
1411 * fix missing module init after SIGHUP (noticed by Cian Synnott)
1412
14131.7.12 (13-10-2003):
1414 * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10)
1415 thanks to bug reports by Jason Martin and Matthew P. Cox
1416
14171.7.11 (01-09-2003):
1418 * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h:
1419 - change SIG_USR1 to switch between dbg on/off
1420 - change SIG_USR2 to switch between suspend on/off
1421 - fix CLT_ILLEGAL to actually work
1422 - introduce new state CLT_SUSPEND
1423 - force reauthentication after suspend
1424 * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024
1425 * sh_suidchk.c: better AIX fs detection (Christoph)
1426 * sh_entropy.c: increase buffer size for unix entropy gatherer
1427 (problem reported by D. Danielson)
1428 * default config files: add lots of comments, list more options
1429 * sh_error.c: set default severities to 'crit'
1430 * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config
1431 file syntax, issue warnings (triggered by C. Kiefer)
1432 * Makefile.in: handle depend-gen errors more gracefully
1433 * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens)
1434 * configure.ac: workaround for mysql_config weird output
1435 (reported by G. Faron)
1436 * sh_unix.c, sh_tiger0.c: check IO limit during read of large files
1437 * depend-gen.c: close streams before attempting to rename (Cygwin)
1438 * Makefile.in: fail gracefully if depend-gen fails
1439 * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER
1440
14411.7.10 (27-07-2003):
1442 * FreeBSD init script: define $pidfile (reported by D. Thiel)
1443 * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2
1444 * sh_schedule.c: fix bad array size
1445 * samhain.c: fix pid_t <> int casts
1446 * sh_kern.c: fix repetitive messages
1447 * configure.ac: try to bootstrap if TIGER192 not supported by gpg,
1448 provide a detailed error message
1449 * configure.ac: try harder to locate mysql
1450 * docs/Changelog: retroactively add release dates, if known
1451 * sh_mail.c: fix potential message truncation in mailer
1452 * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable
1453 * sh_readconf.c: fix segfault (dereference of uninitialized pointer)
1454 if --with-gpg and --enable-stealth are used together (reported
1455 by Anthony Caetano)
1456 * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive
1457 error messages (larger GLOB_LEN, stat fills aud_err_message)
1458
14591.7.9 (30-06-2003):
1460 * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory),
1461 problems with SIGABRT noticed by Brian and Alf B Lervåg
1462 * deploy.sh.in: fix some bugs (found by Alf B Lervåg)
1463 * scripts/chroot.sh: fix typo (found by Alf B Lervåg)
1464 * configure.ac (khide): search also for 'd sys_call_table' (noted by
1465 cuek_saja)
1466 * strip whitespace before checking gpg checksum (noted by D. Thiel)
1467 * manual (faq section): explain how to stop console output
1468 * Makefile.in: fix re-naming of yule with --enable-install-name
1469 * HOWTO-client+server.html: fix typo (noted by xavier renaut)
1470 * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1)
1471
14721.7.8 (28-05-2003):
1473 * sh_unix.c: new mlock implementation with reference count
1474 and page alignment (fix for solaris problem)
1475 * kern_head.c: search also for 'xxxxxxxx d sys_call_table'
1476 * sh_html.c: write status comment (for Beltane 2)
1477 * add CL option --delimited for comma-delimited signature database dump
1478 * sh_mail.c: check exit status of push_list to fix counting bug
1479 (bug reported by Alan Moore)
1480 * configure.ac: add error message to --with-libs
1481 * fix spelling of $DAEMON in init script (noted by C. Grigoriu)
1482 * fix missing initgroups()
1483
14841.7.7 (06-05-2003):
1485 * sh_forward.c: fix bug if compiled with --enable-udp, but disabled
1486 in config file (found by Andy OBrien)
1487 * sh_database.c: sh_database_entry(): size -> c_size (two places)
1488 to fix writing of '\0' to arbitrary places :(
1489 (problem pointed out by Stefan Giesen)
1490 * profiles/*/configopts: fix --with-base -> --enable-base
1491
14921.7.6 (24-04-2003):
1493 * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen
1494 * fix samhain_hide for the O(1) scheduler used by RedHat:
1495 configure.ac, acconfig.h: check for next_task in struct task_struct
1496 samhain_hide.c: use find_task_by_pid if no next_task in task_struct
1497 * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning
1498
14991.7.5 (15-04-2003):
1500 * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag
1501 * manual: point out the bmaxdata problem on AIX in faq section
1502 * trustfile.c: don't check symlinks (permissions of directory count)
1503 * sh_schedule.c: fix problem with daylight saving switchover
1504 * sh_samhain.c: close all open fd's >2 before reading the conf file
1505 * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing
1506 user
1507 * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error
1508 * sh_forward.c: place timestamp code before select() timeout handler
1509 * fix incorrect class of timestamp messages (conflict with manual)
1510 * sh_readconf.c, sh_forward.c: new config option SetStripDomain
1511 * configure.ac: add warning if /lib/modules/`uname -r`/build/include
1512 not found
1513 * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table
1514 address from System.map)
1515 * sh_err_syslog.c: fix for Solaris
1516 * samhain.spec.in: strip REQ_FROM_SERVER from config file install path
1517
15181.7.4 (21-03-2003):
1519 * configure.ac: fix bug in defargs (--with-base > --enable-base)
1520 * aclocal.ac: detect unsupported options
1521 * kern_check: add syscalls, skip unused syscalls
1522 * fix Manual (--enable.../--with... inconsistency)
1523 * add two HOWTOs (signed files, server/client)
1524 * moved manual into new subdirectory docs/
1525 * add admin scripts by S.Bailey/M.Redinger
1526 * option to have a version string in db file
1527
15281.7.3 (23-02-2003):
1529 * samhain-install.sh: use yule user key for signing on install
1530 * fix a bug in sh_err_console.c (attempted write to const char)
1531 * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg
1532 * Makefile.in: make target 'trustfile' depend on config.h
1533 * configure.ac: don't use install_name before it is defined ...
1534 * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2
1535 * samhain.c: make sure daemon cannot be forced into 'update' mode
1536 * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile)
1537
15381.7.2 (04-02-2003):
1539 * sh_kern.c: use sys_call_table address from System.map
1540 * fix for reserved SQL keyword 'group'
1541 * add AC_SYS_LARGEFILE to configure.ac
1542 * allow separate client-specific log files for server
1543 * sstrip.c: compile sstrip code only for i386
1544 * sh_unix.c: closeall: don't close trace file
1545 * slib.c: don't trace sl_is_suid (leads to recursion in trace handler)
1546 * samhain-install.sh.in: fix detection of LSB compliant systems
1547 * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks
1548 * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd
1549 (may block otherwise, for no good reason apparently ...)
1550 * samhain.spec.in: replace %configure with ./configure
1551 * sh_unix.c: re-write signal handling (use __malloc_hook et al. to
1552 check whether we are in the middle of a free/malloc/realloc/memalign)
1553 * sh_unix.c: use new safe_logger() function to log from signal handler
1554 * sh_err_log.c: fix xml
1555 *
1556 * fix Makefile.in to exit non-zero on compile failure
1557 * database init: create index on log_host, entry_status
1558 * sh_suidchk.c: fix path building
1559 * sh_tiger0.c: read larger blocks
1560 * sh_hash.c: cast inode to UINT32
1561 * sh_tools.c: check that config/database files size fits in uint
1562 * sh_error.c: export flag_err_debug to avoid unnecessary calls
1563 * sh_unix.c: save the open() call in sh_unix_getinfo_attr()
1564 * profiles/redhat_i386/bootscript: add # description field
1565 * deploy.sh.in: set owner + permissions for files in yule_filedir
1566 * profiles/debianlinux_i386: fix bootscript
1567 * Makefile.in: fix deploy file lists and targets (include init+scripts)
1568 * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE
1569 * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h)
1570 * sh_err_syslog.c: split long messages rather than truncating
1571 * sh_error.c: allocate msg to fix truncation limit
1572 * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited
1573 filedescriptors may exceed FOPEN_MAX, causing problems in
1574 sl_open_file)
1575 * sh_err_console.c: avoid stdio
1576 * trustfile: dirz: make swp[] static
1577 * slib.c: speed up sl_strlcat
1578 * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX)
1579 * remove some unused code
1580 * slib.c: support long long int in the snprintf replacement
1581 * configure.ac: new configure macro to check whether sa_sigaction works
1582 * Makefile.in: make sstrip, encode dependent on config.h
1583
15841.7.1a (08-01-2003):
1585 * fix a syntax error in samhain-install.sh.in
1586
15871.7.1 (07-01-2003):
1588 * search runlevel scripts in ./init or ./
1589 * handle all distro-specific Linux runlevel script issues
1590 within a single script
1591 * support install-boot on Yellow Dog Linux and Slackware
1592 * samhain-install.sh: fix a bug for unknown Linux
1593 ('"' not closed, DVER not set)
1594 * samhain-install.sh: check for /etc/yellowdog-release
1595 * sh_database.c: fix missing entry for 'userid' in attr_tab[]
1596 * fix debian.rules.in (disable sstrip)
1597 * update make targets: 'srpm', 'srpm-dist', 'rpm'
1598 * check for zlib if mysql is used
1599 * workaround for NetBSD bug with libresolve
1600 * fixed problems with spec files
1601
16021.7.0 (22-12-2002):
1603 * improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>)
1604 * sh_unix.c: fix a dereferenced static pointer in tf_trust_check
1605 * runlevel scripts: remove pid file after stop
1606 * make the data directory read-only for the daemon
1607 * treat 'localhost' specially in MX resolver
1608 * sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail>
1609 * deploy.sh.in: fix quoting (fix by Simon Bailey)
1610 * slib.c: make sl_get_euid et al. behave well if uids not stored
1611 * trustfile.c: use euid = uid(SH_IDENT) if server
1612 * sh_mail.c: include an MX resolver
1613 * Makefile.in: install-user routine for user installation
1614 * have yule drop root
1615 * sh_tools.c: open_temp use logdir if server
1616 * unified options for runlevel script
1617 * HP-UX, IRIX runlevel scripts
1618 * AIX inittab entry
1619
16201.6.6 (13-12-2002):
1621 * configure.ac: solaris cc -O2 -> -xO2
1622 * sstrip.c: avoid alpha architecture
1623 * profiles/solaris/configopts: no --enable-static
1624 * sh_forward.c: sh_forward_req_file: copy argument to local array
1625
16261.6.5 (04-12-2002):
1627 * sh_utmp.c: set userlist = NULL in sh_utmp_end ()
1628 * sh_unix.c: do not assume that environ is sane
1629 * exit handler: write </trail>
1630 * sh_log_file(NULL): test sh.flag.log_start != S_TRUE
1631 * FreeBSD rc script does not blindly accept content of pid file
1632 * configure.ac: allow 'localhost' for log server
1633 * sh_calls.c: retry_connect: ntohs (port)
1634 * testrun_2[abc].sh: --with-logserver=localhost for client
1635
16361.6.4 (12-11-2002):
1637 * sh_tools.c: fix error when escaping '=<'
1638 * fix the 'make srpm' target
1639 * deploy.sh.in: avoid that client is named 'yule'
1640 * define memset to sl_memset
1641 * fix type cast of uid_t, gid_t
1642
16431.6.3 (31-10-2002):
1644 * fix options for Sun/Solaris native compiler
1645 * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error
1646 * test sstrip on freebsd
1647 * default config file for freebsd
1648 * make target to build .deb packages
1649 * sh_readconf.c: fix bug in error message
1650 * samhain.c, sh_suidchk.c: fix initialization of suidchk
1651 * samhain-install.sh.in: don't remove config file by default
1652 * samhain-install.sh.in: support complete de-installation
1653 * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris
1654 * samhain-install.sh.in: check more paths
1655 * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue]
1656 * sh_calls.c: save error message in retry_lstat()
1657
16581.6.2 (04-10-2002):
1659 * make target to build rpms
1660 * update samhain.spec.in, samhain.startRedHat
1661 * support DESTDIR, as in 'make DESTDIR=/what/ever install'
1662 * explicitely set -fno-omit-frame-pointer b/o gcc bug
1663 * mv configure.in to configure.ac to benefit from autoconf wrapper
1664 * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP
1665 * slib.c: fix debug messages (no msgs for dlogActive <= 1)
1666 * sh_schedule.c, samhain.c, sh_suidchk.c:
1667 scheduler may accept multiple schedules
1668
16691.6.1 (04-09-2002):
1670 * sh_schedule.c: bugfix (executes only after first day)
1671 * rm obsolete WITH_TRACE stuff
1672 * new dlog() function for debug logging
1673 * some more descriptive error messages
1674
16751.6.0 (27-08-2002):
1676 * omit the -fomit-frame-pointer option (bugs in some gcc versions ?)
1677 * sh_error.c: fix escape mode when logging to database
1678 * sh_forward.c: fix error (twice escape) in recv_syslog_socket
1679 * sh_tools.c: change escape mode for server-received data
1680 * sh_mem.c: change ulong -> size_t in sh_mem_malloc()
1681 * configure.in: fix localstatedir if --prefix=USR
1682 * sh_hash.c: snprintf() -> sl_snprintf()
1683
16841.5.5 (07-08-2002):
1685 * sh_err_log.c: fix incorrect xml syntax for client messages
1686 logged by server
1687 * sh_err_log.c: fix incorrect '</trail>' entries on client EXIT
1688 * sh_files.c: introduce file_class_next
1689 this fixes the problem that a policy for the directory
1690 inode erroneously becomes a policy for the directory itself.
1691
16921.5.4 (17-07-2002):
1693 * sh_hash.c: fix buffer overflow with (micro-)stealth
1694 * sh_database.c: set path[] 1024 -> 12288
1695 * sh_database.c: set query[] 2048 -> 16383
1696 * sh_database.c: set values[] 1024 -> 16383
1697 * sh_forward.c: larger limit for message size (16 kB)
1698 * trustfile.c: set MAXFILENAME 2048 -> 4096
1699 * fixed a bug in the handling of filenames with embedded newlines
1700 * sh_files.c: fix missing sh_util_safe_name() in debug output
1701 * --with-sender can specify a full address
1702 * fix xml log in a backwards compatible way
1703
17041.5.3 (03-07-2002):
1705 * fix combination of stealth and sql logging
1706 * fix some more places where invalid UIDs/GIDs trigger errors
1707
17081.5.2 (01-07-2002):
1709 * include solaris config file from (sean [at] boran d.o.t com)
1710 * test for files/dirz defined twice in the configuration file
1711 * option to disable reverse lookup on outbound connections
1712 * option to use socket peer as client name (with name resolving)
1713 * sh_html.c: fix an HTML bug (twice </head><body>)
1714 * sh_suidchk.c: fix warning on AIX b/o dirname()
1715 * allow logging server -> syslog if yule is NOT configured to
1716 receive syslog messages
1717 * define PRIi64 to "lld" if undefined
1718 * invalid UIDs: use gid/uid as name, error level SeverityNames
1719 * minor fixes for connect_port
1720 * sh_hash.c: flush output of db listing before _exit()
1721 * configure.in: fix incorrect default ${install_name} for server
1722 * configure.in: try harder to find mysql.h / libpq-fe.h
1723 * sh_files.c: sh_files_checkdir:
1724 closedir() early to not exhaust OPEN_MAX
1725
17261.5.1a (30-05-2002):
1727 * fix missing LSB init script
1728
17291.5.1 (27-05-2002):
1730 * fix '-t update' option
1731
17321.5.0a (23-05-2002):
1733 * fix configure.in
1734
17351.5.0 (22-05-2002):
1736 * include solaris nosuid patch from (nathoo [at] co d.o.t ru)
1737 * similar fix for bsd nosuid
1738 * speed up -t update
1739 * convert manual to DocBook, distribute html and ps
1740 * fix some more problems with configure.in, Makefile.in
1741 * fix testsuite, add tests for udp, mysql
1742 * MSG_TCP_MSG: host -> remote_host
1743 * convert to autoconf 2.53
1744 * make c_bits.sh exit with status 0
1745 * sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h
1746 to avoid dependency tracking problems
1747 * samhain.c remove *YULE* #ifdefs
1748 * acconfig.h remove *YULE* #undefs
1749 * samhain.c: procdirSamhain: lstat --> stat (allow symlink)
1750 * configure.in: add checks for correct user input
1751 * Makefile.in: add automatic dependency tracking
1752 * depend-gen: tool to figure out dependencies
1753 * chkconfig comments in redhat start scripts
1754
17551.4.8:
1756 * sh_database.c: fix missing attr_old, attr_new, (from)host columns
1757 * configure.in, Makefile.in: fix an error in the configfile
1758 definition with REQ_FROM_SERVER
1759 * sh_err_console, sh_err_log: avoid recurrent failure messages
1760 * timeout on read from files (/proc)
1761 * fix errrors with setjmp/longjmp/alarm
1762 * fix memory leak in server (~20 byte/file download in sh_tools, 930)
1763 * check gpg signature for files downloaded from server, add a
1764 regression test
1765 * fix chown in solaris bootscript
1766 * provide second scheduler for file check
1767 * provide scheduler for file check
1768 * provide scheduler for SUID check
1769
17701.4.7 (08-04-2002):
1771 * make daemon control LSB-compliant (arguments, exit status)
1772 * set log_ref = 0 for server messages
1773 * boolean option SetDBServerTstamp to disable entering server
1774 timestamps for received client messages into database
1775 * sh_suidcheck: check for "nosuid" mount option if getmntent is used
1776 * fix logrotate script in manual (reported by Scott Worthington)
1777 * don't strip numerical IP addresses
1778 * check item->status_now != CLT_TOOLONG in client_time_check()
1779 * set log_host to client in db client message
1780
17811.4.6a (20-03-2002):
1782 * define prefix in deploy.sh
1783
17841.4.6 (19-03-2002):
1785 * modify samhain_hide.c to hide processes on new Linux kernels
1786 * better error diagnostics in kern_head.c
1787 * fix compile error in all_items ()
1788 * check length of install-name in enable-khide (max is 15)
1789 * define exec_prefix in deploy.sh.in
1790 * make configure a bit more cross-compiler friendly
1791
17921.4.5 (07-03-2002):
1793 * Make sure missing file is reported even if ptr->reported == S_TRUE
1794 because the file has been added.
1795 * propagate 'reported' flag from sh_files_checkdir() into file list
1796 * close checkfd in sh_gpg_check_file_sign()
1797 * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...)
1798 * use sh.srvcons.name in dbg() to get debugging info from daemon
1799 * option to log file timestamps with localtime instead of GMT
1800 * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory
1801 sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c
1802 * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk()
1803 to make sure re-disappearing will get reported
1804 * new function sh_hash_set_missing() to remove file record
1805 without (duplicate) 'missing' message
1806 * make sure all items are reported for added files
1807 * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h)
1808 * clarify in the documentation which gpg options to use for signing
1809
18101.4.4 (11-02-2002):
1811 * check that parent process has exited before writing PID file
1812 * promote MGG_W_CHDIR to SH_ERR_ERR
1813 * add error message to sh_unix_testlock
1814 * fix missing _() macro in sh_aud_set_functions
1815
18161.4.3 (05-02-2002):
1817 * don't check attributes for symlinks (may cause device access)
1818 * add USE mysql; USE samhain; to samhain.mysql.init
1819 * point out the MessageHeader/mysql problem in manual
1820 * add -lz to LIBS for mysql
1821 * strip after install, avoid double strip
1822
18231.4.2 (27-01-2002):
1824 * support for EGD
1825 * fix some more problems with install-deploy / deploy.sh
1826 * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_)
1827 * fixed the 'external logging' test (init rather than none in rc file)
1828
18291.4.1:
1830 * SuSE: include run level 4+5
1831 * install location of hiding kernel modules changed - some insmod
1832 variants do not test for /lib/modules/$(uname -r)/module_name.o
1833 * new make targets 'install-deploy', 'uninstall-deploy'
1834 * fixed make targets 'deploydir', 'deploydirfast'
1835 * bail on unsupported CL option in deploy.sh
1836 * fix various bugs in deploy.sh
1837
18381.4.0 (16-01-2002):
1839 * fixed missing 'dirname' on Mac OS X
1840 * fixed && tested for/with postgres
1841 * 'user=' -> 'userid=' (reserved word in sql)
1842 * fix the endianess + size of file database; this changes db format
1843 for any non-Linux OS
1844 * --enable-old-format for old (V1.3) database format
1845 * getopt, samhain.c, samhain.h: option -f to loop if not daemon
1846 * sh_hash: list numeric + char data to allow file db update on
1847 server side
1848 * sh_database: modify handling of integer (long) data
1849 * sh_database: datetime in database
1850 * sh_database: hash field in database
1851 * sh_database: rewrite database insert string construction
1852 [use INSERT INTO log (fields) VALUES (values);]
1853 * makefile suse 7.x runlevel entries
1854
18551.3.7 (06-01-2002):
1856 * fix incorrect escape in sh_tools_safe_name
1857 * fix sh_error_handle (4. argument) in sh_extern.c
1858
18591.3.6c:
1860 * fix segfault in sh_database (mysql logging) on solaris
1861
18621.3.6b (03-01-2002):
1863 * fix syntax error ('==') in Makefile.in
1864 * fix configure.in (path for /lib/modules/$(uname -r)/build/include)
1865 * fix sh_kern.c (redeclaration of 'j')
1866
18671.3.6 (03-01-2002):
1868 * sh_kern.c: check integrity of int 80h vector
1869 (SucKIT rootkit - Phrack 58)
1870 * make sure childs in sh_kern are wait()'ed for
1871 * provide start/stop/restart/reload/status interface
1872 * fix a potential segfault (dereferenced NULL pointer) in the server
1873 * use sh_util_flagval for sh_unix_setdaemon
1874 * documentation for logging to SQL database
1875 * configure.in: check for -I/lib/modules/$(uname -r)/build/include
1876 * fix trustfile.c to ignore invalid users
1877 * separate 'make install-samhain' and 'make install-yule'
1878 * separate default log/pid/config files for server/client
1879 - less problems running server and client on same host
1880 * rewrite deploy.sh(.in):
1881 - don't use (make|install) if deploying
1882 - use command line options
1883 - better integrate into server environment
1884 - write install db
1885 * always write a pidfile if daemon
1886 * don't use server's config file as fallback for downloading client
1887 * don't overwrite config file when doing 'make install'
1888
18891.3.5 (28-12-2001):
1890 * fix --enable-message-queue for newer glibc versions
1891 * log to SQL database: implemented, but undocumented yet,
1892 needs to be tested further
1893 * xml: escape received syslog messages
1894 * xml: rename 'time' to 'tstamp'
1895 * make targets: make [un]install-[boot-]yule
1896 (for server-only installation)
1897 * fix samhain_hide.c for 2.4 kernel
1898 * fix sh_kern for updated samhain_hide.c
1899 * new option -j to just list the logfile
1900 * sh_getopt.c: recognize -Dt check for -D -t check
1901 * sh_tiger0.c: fix compiler warning (memmove) on Solaris
1902
19031.3.4 (12-12-2001):
1904 * sh_suidchk.c: option to limit files per second
1905 * sh_unix.c: option to limit (kilo)bytes per second
1906 * sh_hash.c: fix potential problem with '\n' in filename
1907 (not backward compatible if there are filenames with '=')
1908
19091.3.3 (03-12-2001):
1910 * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c:
1911 option SetNiceLevel to set scheduling priority
1912 * sh_hash.c: bugfix for database listing on Solaris
1913 * taus_seed: bugfix for emergency backup rng seed
1914 * sh_util_safe_name: fix for XML
1915 * sh_utmp_set_login_activate: use sh_util_flagval
1916 * sh_utils.c: sh_util_obscurename: rm 'space' from list
1917 * more backtrace macros
1918 * sh_util_flagval: fix bug to recognize 1/0
1919 * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5)
1920 * rm stray debug fprintf in sh_srp.c
1921
19221.3.2 (27-11-2001):
1923 * sh_hash.c: fix an error introduced in 1.3.1
1924 * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug
1925
19261.3.1 (25-11-2001):
1927 * slib.c: get backtrace with --enable-debug
1928 * sh_unix.c: allow core dumps when --enable-debug
1929 * configure.in: fix default message queue permissions
1930 * sh_suidchk.c: automatically include suid/sgid files in database
1931 * sh_suidchk.c: check all suid/sgid files
1932 * sh_hash.c: don't insert duplicates when reading the database
1933 * sh_utmp, sh_kern, samhain: fix 1sec offset in timer
1934 * sh_unix.c: don't require /dev/random to be non-world-writeable
1935 * server: fix segfault in zAVLTree.c if avltree == NULL (no clients)
1936 * client: fix segfault on Solaris if path_conf == NULL
1937 * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed
1938
19391.3.0 (31-10-2001):
1940 * support compiling with GNU gmp library
1941 * set 3 sec timer on client_time_check to avoid excessive (and
1942 unnecessary) calls under heavy load
1943 * replace sl_strlen with a macro
1944 * store client_t structure in AVL tree
1945 * database format incompatible with previous format, up the magic#
1946 * sh_html.c: cache entry template for speedup
1947 * slib.c: reset islong(double) in sl_printf_count
1948 * sh_hash.c: report on rdev change
1949 * sh_hash.c: print size in 64 bit
1950 * sh_hash.c: save in absolute size types
1951 * sh_unix.c: get values as appropriate type (time_t, dev_t, ...)
1952
19531.2.10:
1954 * update MANUAL
1955 * sh_unix.c: tiger_hash -> tiger_generic_hash
1956 * sh_readcon.c: DigestAlgo option
1957 * sh_tiger0.c: add MD5 and SHA1
1958 * sh_unix.c: fix minor problem with win2k/cygwin
1959
19601.2.9 (17-10-2001):
1961 * fix problem with entry template/empty hostname
1962 * fix MASK_USER_ (MTM -> ATM)
1963 * typo fixed in configure.in (${install_name} -> {install_name})
1964 * bugfix group_old -> size_old in XML code
1965 * skip armor header in signed files
1966
19671.2.8 (29-09-2001):
1968 * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid
1969 obscure compiler warning
1970 * Mac OS X: fix test scripts
1971 * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org
1972 * implement deadtime in syslog recv code to protect against flooding
1973 * sh_err_log: sl_close(fd) if lock|forward fails
1974 * compliance with Filesystem Hierarchy Standard -- Version 2.2 final
1975 * add policies User0, User1
1976 * fix compile problem (FreeBSD) in sh_suidchk.c
1977 * macro to check for debugger breakpoints (linux/i386)
1978 * check for solaris (does not work) in sh_derr (--enable-ptrace)
1979 * option to listen on 514/udp for syslog, drop root
1980 irrevocably if compiled thus
1981 * use (check_mask & MODI_ATM) to decide whether to reset utime
1982 * reset the policy masks on sighup
1983 * option to write XML log messages
1984 * cleanup of message catalog
1985 * modified error messages for BADCONN
1986 * error messages for Rijndael
1987 * block recursive error messages within sh_error_handler()
1988 - would hang the machine ... -
1989
19901.2.7:
1991 * sh_files, sh_utils: check top level directory
1992 * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess
1993 for reading from /dev/kmem
1994 * include /boot in default samhainrc
1995 * change source distribution signing/packaging system
1996 * Makefile, README, MANUAL: adhere to file system standard,
1997 document new locations
1998 * fix a bug in samhain_hide.c
1999
20001.2.6:
2001 * reset list of trusted users before config file re-read
2002 * TrustedUser=... can be a list
2003 * fix severity for files missing from IgnoreAll
2004
20051.2.5:
2006 * include example_pager.pl, example_sms.pl scripts
2007 * explain paging/sms setup in docs
2008 * allow manual exclusion of a directory in suidcheck
2009 * automatically track all file changes
2010 * remove missing files from in-memory database
2011 * add $(KERN) to DEPLOYFILES
2012
20131.2.4:
2014 * log IP address for login/logout events, if supported by the OS
2015 * release block in globerr (callback)
2016
2017-------------
2018
20191.2.3:
2020 * fix problem with reading stealth configuration
2021 * fix a few formats in sh_cat.c
2022 * always use strncmp for file system type check in sh_suidchk.c
2023 (trailing 'fs' may be system specific for some types)
2024 * no bare LF in messages (RFC 2822)
2025 * no lines longer than 998 chars (RFC 2822)
2026 * fix error in testrc_1
2027
20281.2.2:
2029 * make tmp file directory a compile time option
2030 * fix minor bugs in tmp file allocator (potential memory leak,
2031 double slash if root directory)
2032 * obsolete testpipe script removed
2033
20341.2.1:
2035 * fix memory alignment in rijndael-api-fst.c: blockEncrypt()
2036 * fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
2037 * removed a debug fprintf()
2038
20391.2.0:
2040 * fix a bug in the HMAC implementation (thanks to Cesar Tascon
2041 for help in tracking down this one)
2042 * module to check the file system for SUID/SGID files
2043
20441.1.16 (never released):
2045 * fix the recursion depth -1 option as described in the manual
2046 * optional database reload on SIGHUP
2047 * fix a race condition when checking that /dev/random is a charakter
2048 device
2049 * redirect stderr to /dev/null for c_random
2050 (AIX may segfault in netstat...)
2051 * check whether /dev/random is a charakter device in c_random.sh
2052 (we know at least one sysadmin who has set up a fake /dev/random ...)
2053 * don't give NULL as 2. and 3. arg to execve if not Linux - some
2054 Unices (notably Solaris) don't like it
2055 * init ptr = NULL in my_malloc (compiler warning)
2056 * make the bitmask for tests configureable (suggestion by A. Dunkel)
2057 * make the bitmask for tests a static variable
2058 * make (database/logfile/lockfile) path configurable
2059 (to run multiple instances of samhain from an NFS share - on the
2060 wishlist of J. Patton)
2061
20621.1.15 (never released):
2063 * fix minor error in testcompile.sh (rm test_log only at start)
2064 * return from subroutines on sig_terminate == 1
2065 (faster exit on SIGTERM)
2066 * fix re-configuration of addresses
2067 * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
2068 * SysV message queue as compile option
2069 * config file option to set console device
2070 * removed the pre 1.1.9 code bloat
2071 * don't print the LOGKEY to the console
2072
20731.1.14:
2074 * fix an error in the setup consistency check
2075 * make target to uninstall runtime files
2076 * trustfile.c: check return code of readlink(), fix off-by-one error
2077 * sh_files.c: fix placement of terminator after readlink() call
2078 * sh_files.c: fix a missing set_suid()/unset_suid()
2079 - suid should work, but is not recommended -
2080 * more debug statements in c/s code
2081 * avoid re-entry in sh_unix_sigexit
2082 * put a block around free() and malloc() in wrapper functions
2083 * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
2084 - i.e. avoid corrupting the heap from a signal handler -
2085
20861.1.13:
2087 * optimized the size of the configure script somewhat
2088 * modify the compile and hash test scripts
2089 * read '\0's in sh_unix_getline
2090 * exponential schedule for connection attempts
2091 * make stealth working properly with signed files
2092 - config file should be signed now before embedding in picture -
2093 * fix a race in using signed files
2094 * updated err messages for PWNULL, GRNULL
2095 * add missing shell script for test 11
2096 * add mandatory source file/line info with -p debug
2097 * add mandatory source line info with BADCONN
2098 * fix a latex error in the manual
2099
21001.1.12:
2101 * debug output to console if compiled with --enable-debug and
2102 running as daemon
2103 * make reportonlyonce=true the default
2104 * make sure state changes of a file are always reported, even
2105 with reportonlyonce=true
2106 * Linux kernel modules (samhain_hide, samhain_erase)
2107 * fixed incorrect return value of sh_util_flagval
2108 * fixed an error in sh_files.c: happens with -t init and first
2109 file that is checked does not exist
2110 * revised install/uninstall targets in the Makefile
2111 * module to check for clobbered kernel syscalls (tested on Linux 2.2)
2112 * more diagnostic error messages in sh_gpg.c
2113 * more diagnostic error messages in sh_mail.c
2114 * error in mail.c fixed
2115 (address -> address_list[i] for multiple recipients)
2116 * docs updated, better(?) explanation of signed files
2117 * skip over path in gpg checksum output
2118 * check client name against IP address and FQDN
2119 * fix for --disable-* in config file
2120 * fixed a server crash (MSG_TCP_OKMSG without arg)
2121 if the server is run with debug level output threshold
2122 * catch EAGAIN in sh_gpg.c pipe reader
2123 * fix the 'external logging' test to make it work on BSD
2124 * error message if no local path to init DB
2125 * check for i86/Solaris in configure (vsnprintf prototype)
2126 * make SRP the default
2127
21281.1.11:
2129 * make log file verification more convenient
2130 * fix problem with message classes in stealth mode
2131 * linux: do not try to read file attributes for devices
2132 * handle the root directory correctly (avoid "//" in listing)
2133 * fix problems with blockin on FIFOs/char dev
2134 pointed out by I. Rogalsky (rog@iis.fhg.de)
2135 - open in nonblocking mode for read, then set to blocking
2136 - open file only if regular
2137 * fix alignment in memory profiler
2138
21391.1.10:
2140 * minor code cleanup
2141 * fix an error in trustfile.c (handling of empty/incomplete
2142 group entries in /etc/group, bug report by A. Capriotti )
2143
21441.1.9:
2145 * compatibility option for old behaviour (plain hash instead
2146 of HMAC, ECB instead of CBC mode)
2147 * use CBC rather than ECB mode for encryption
2148 * use HMAC-TIGER for message authentication codes
2149 * handle NULL data in sh_tiger_hash
2150 * option to set syslog facility (default is LOG_AUTHPRIV)
2151 * longer timeout (300 sec) on /dev/random if no /dev/urandom
2152 * fix minor output error with stealth option
2153 * option not to log names of config/database files on startup
2154
21551.1.8:
2156 * fix error in syslog routine
2157 * fix missing 'test' in configure.in
2158 * fix error in replace_tab() in sh_html.c
2159 * fix minor memory leak in sh_util_regcmp()
2160
21611.1.7:
2162 * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
2163 * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
2164 * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
2165 * fix for Alpha: format string in sh_tiger0.sh
2166 * on Linux, now compiles cleanly with
2167 -Wall -W -Wstrict-prototypes -Wcast-align
2168 * fix problem with recursion depth
2169 (pointed out by Vic <hvicha@mail.ru>)
2170 * #include "sh_tools.h" in sh_unix.c and fix the
2171 --with-timeserver option (reported by Vic <hvicha@mail.ru>)
2172 * place read_port(), MSG_TCP_NETRP outside ifdefs
2173 * close fd/zero skey before execve
2174 * verify client name against socket peer
2175 * ... with configureable error priority
2176 * use strcmp() rather than strncmp() in search_register()
2177 * fix race between lstat() and open() for checksum
2178 (reported by dynamo <dynamo@ime.net>,
2179 JJohnson <JJohnson@penguincomputing.com>)
2180 * enable globbing for filenames
2181 * fix Solaris problem: siginfo_t may be NULL
2182 * fix missing SL_EBADGID in tf_trust_check
2183 * test case for external scripts, fix flushing pipe
2184 * fix a typo in sh_ext_type
2185 * do an fdexec w/checksum on Linux if calling external program
2186 * even safer tmp file creation
2187 * allow db update
2188 * fix compile options for --enable-debug
2189 * fixed a spelling error in the output
2190 * test program for full CS support (config/database download)
2191 * tell which file is searched for cs download
2192
21931.1.6:
2194 * fix bug in sh_readconf_line (segfault on erroneous config lines)
2195
21961.1.5:
2197 * sh_unix.c: sh_unix_getinfo_attr: f -> flags
2198 * use gettimeofday as last resort
21991.1.4:
2200 * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
2201 to (char *)
2202 * configure: add static link flags for some more os (from tar)
2203 * don't strip twice (some stupid systems abort)
2204 * fix for reading from /dev/random on non-Linux systems (untested)
2205 * sh_mail.c: end all message lines with \r\n
2206 * stealth: ignore \r, \"
2207 * take out tracing from --enable-debug (presently useless anyway)
2208 * fix some remaining cleartext with debug && stealth combined
2209 * fixed a small memory leak in sh_err_log.c
2210
22111.1.3:
2212 * fixed circular logic in taus_seed() (fallback method only)
2213 * fix for missing _SC_OPEN_MAX (runaway close())
2214
22151.1.2:
2216 * implement message classes
2217 * let server recognize client message severity and class
2218 * secondary log server
2219 * keep database in memory (allows to close file
2220 if retrieved from server)
2221 * encrypt client/server communication
2222
22231.1.1:
2224 * Compilation problems with native Solaris compiler fixed
2225 * fill in euid/ruid variable
2226 * manual.pdf --> MANUAL.pdf
2227 * debug sh_util_formatted()
2228 * http refresh 120sec for server stat page
2229 * trace/debug options
2230 * fixed problem with utmp.c options
2231 * fixed problem with sh_mail_setaddress
2232 * option for custom message header
2233 * fixed problem in compdata
2234 * fixed problem in mail verification
2235 * remove eventual trailing '/' in file names
2236 * fixed problem with report string for modified files
2237 * option to report in full detail
2238
22391.1.0:
2240 * Move error messages to catalog
2241 * Make error message format more uniform
2242 * Wrap sytem calls that could be interrupted by signals
2243 * Warn on append to database
2244 * Option for full details on mod. files
2245 * Option to report only once on mod. files
2246 * Generally speaking, major modifications with potential new bugs
2247
22480.9.5:
2249 * sh_hash.c: fixed erroneous checksum for config file
2250 * sh_html.c: fixed erroneous timestamp (last)
2251 * sh_tools.c: fixed connect_port (set port for cached address)
2252 * sh_srp.c: fix for '00' (='\0') in pw
2253 (last two fixes by Andreas Piesk)
2254
22550.9.4:
2256 * samhain.c: fcntl(1, ..) -> fcntl(2, ..)
2257 * sh_hash.c: copy 12 instead of 10 byte for c_attributes
2258 * 'empty directory' WARN -> INFO
2259
22600.9.3:
2261 * FreeBSD fixes:
2262 - c_random.sh: make sure /dev/random provides something
2263 rather than nothing
2264 - check for <netinet/in.h> and include it
2265 - include <sys/types.h> early
2266 - sh_utmp.c: fixed an occurence of ut_user
2267 - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
2268 - sh_forward.c: EBADMSG -> ENOMSG
2269 * sh_unix.c: check return value of gethostbyname
2270 * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
2271 more than 30 sec
2272 * ... and fix the timestamp format ...
2273
22740.9.2:
2275 * ISO 8601 timestamps
2276 * Bugfix in sh_utmp (timestring overwrite)
2277 * don't use siginfo_t on Linux (garbage as of 2.2.14)
2278 * check for Linux capabilities bug when dropping root
2279 * include README for gcc compiler bug (pointed out by A. Piesk)
2280 * explicitely set -fno-strength-reduce with gcc
2281 * fixed ignoring missing files with the IgnoreAll policy
2282
22830.9.1:
2284 * more ext2flags (breaks backward database compatibility on Linux)
2285 * IgnoreAll policy modified - missing/added files reported with
2286 SeverityIgnoreAll (to handle files that may or may not be present)
2287 * Check all files, not only regular ones
2288 (bug in sh_files, originally introduced because checksum of
2289 regular files only is computed)
2290
22910.9:
2292 * use O_NOATIME if supported
2293 * --with-nocl takes argument (PW to re-enable CL parsing)
2294 * no daemon mode if initializing database
2295 * fixed segfault in yule with 'unknown file type' request
2296 * enlarged MAX_GLOBS 24 -> 32 and made the array linear
2297 * server uses last registry entry for any given client now
2298 * deploy.sh script to deploy clients to remote hosts
2299 * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
2300 * allow y/Y/n/N for login monitoring (in addition to 0/1)
2301 * external logging scripts/programs
2302 * trustfile.c: define STICKY on Linux
2303 * reset signal mask when initializing
2304 * EINTR_RETRY wrapper
2305 * slib: sl_read, sl_write EINTR update
2306 * use sstrip when installing
2307 * more compact database format (breaks backward database compatibility)
2308 * larger download packets
2309 * TcpFlags unsigned char
2310 * cast to (char *) head in write_port
2311 * m(un)lock cast to (char *)
2312 * (1 << 31) --> (1UL << 31)
2313 * support e2fs attributes on Linux
2314 * fixes for AIX and Solaris native compilers
2315 * fixed Makefile for non-GNU make (pattern rule --> suffix rule)
2316
23170.8.1:
2318 * fixed 'is_numeric()' return value
2319
23200.8:
2321 * added option for static compilation
2322 * added option for stealth with non-hidden config file
2323 * added option for disabling command line parsing
2324 * all options can be set in the configuration file now
2325 * stealth: xor strings in database file
2326 * fixed bug in mailer code ([] in HELO)
2327 * print timestamp when asking for key
2328 * 'micro' stealth mode (no hidden configuration file)
2329 * simplified slib
2330 * int->long for uids/gids in trustfile
2331 * moved mailkey from data to code
2332 * shell script for entropy (stronger default key)
2333 * general code cleanup
2334 * better error checking in client/server code
2335 * detect out-of-sync messages
2336 * check state across protocol passes in server
2337 * make sure authentication is mutual
2338 * file download to client
2339 * reserve six file descriptors in server
2340 * mlock queue buffer if LOG_KEY
2341 * improved robustness in bignum (don't fail on free())
2342 * per-directory recursion depths
2343 * RFC821 compliance: empty line at end of header, To field, Date field
2344 * RFC821 compliance: make e-mail transfer relieable
2345 * fix detection of hardlink changes
2346 * checksum verification for calling gpg/pgp
2347 * CL option '-S' not required for server-only binary
2348 * eliminate CL options that may leak privileged information
2349 if the program is SUID
2350 * skip leading white space in configuration file
2351 * allow nested conditionals in configuration file
2352 * allow whitespace before and after '=' in configuration file
2353 * don't leak file descriptors to child processes
2354 * make message transfer relieable
2355 * always report error on abnormal termination of connection
2356
23570.7:
2358 * support for alpha machines
2359 * stop TCP logging after exit message
2360 * limit connections in server (DoS attacks)
2361 * move string handling to slib
2362 * move file handling to slib
2363 * timestring without space
2364 * changed report format
2365 * SUID bugfix - use euid when checking logfile ownership
2366 * SUID bugfix - get root for lstat()
2367 * SUID bugfix - get root for opendir()
2368 * store number of hardlinks
2369 * send no message if polling empty queue
2370 * include tiger 64-bit implementation (portability)
2371 * codes for error conditions
2372 * mail check: handle multiple, overlapping audit trails
2373 * security fix: no append to database if SUID
2374 * fix sh_entropy.c (BUFSIZ -> BUF_ENT)
2375 * read command line before config file
2376 * PGP signing of config/database files
2377 * checksum of config file reported
2378 * checking for attributes only
2379
23800.6:
2381 * more syslogish priority specification
2382 * fixed segfault in sh_mem_check, apparently this was also
2383 the reason for the segfault in atexit()
2384 * allow for compilation with SRP authentication
2385 * fixed tiger checksum computation
2386 * fixed broken logfile verification for second and further audit trails
2387 * test program added
2388 * documentation improved
2389 * sh_forward_make_client: bug fixed in[8]->in[i]
2390 * sh_error.h: fixed missing #include <errno.h>
2391 * configure.in: fixed missing strerror() test
2392 * sh_utmp.c: check logins/logouts
2393 * check for missing files
2394 * only reset access time if necessary
2395 * O_EXCL in open()
2396 * limit environment to TZ in execve (sh_entropy.c, not used on Linux)
2397 * use trustfile() to determine whether logfile dir is trustworthy
2398 * strip head instead of tail for numerical address
2399 * store messages in fifo during log server outage
2400 * re-init session key after server outage
2401
24020.5 (21-12-1999):
2403 * added option for mail relay server
2404 * own popen() implementation in sh_entropy() (portability)
2405 * fixed error in sh_util_basename() (returned NULL for base == "/")
2406 * fixed segfault in strlcpy/strlcat (check for src == NULL)
2407 * FILENAME_MAX -> PATH_MAX (HP-UX 10.20)
2408 * use TIGER for 32-byte compilers (portability)
2409 * fixed hash function (do not include stdlib.h)
2410 * flush buffer before write in mailer code (IBM AIX 4.1)
2411 * make mailer code non-forking
2412 * cast argument of is...() to int (portability)
2413 * return() after _exit() for braindead compilers (portability)
2414 * optionally use inet_addr (portability)
2415 * check for broken mlock() (HP-UX 10.20)
2416 * minor code cleanups
2417 * fixed incorrect size of munlock()'ed memory in sh_error_string()
2418 * fixed a buffer overflow in the error printing routine
2419 * fixed a buffer overflow in sh_util_safe_name ()
2420 * implement SRP session key exchange
2421 * implement client/server facility
2422 * implement @host/@end construct in configuration file
2423 * preferably use uname(), and do gethostbyname() for FQDN
2424 * make vernam cipher base numeric
2425 * make OnlyStderr private in sh_error
2426 * test -e "/dev/random" --> test -r "/dev/random" (portability)
2427 * check for libsocket (portability)
2428 * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
2429 * eliminate superfluous /proc test
2430 * some unreachable code removed
2431 * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash()
2432 * check for setresuid() if no seteuid() (HP-UX 10.20)
2433
24340.4 (09-11-1999):
2435 * make sure output from /dev/random has no NULL's
2436 * one-time pad encryption for emailed keys
2437 (better than nothing ...)
2438
24390.3 (04-11-1999):
2440 * logfile readable for group
2441 * verify signatures for any file
2442 * signature block in tarball
2443 * use select() in time server routine
2444 * better protection for session keys (mlock)
2445
24460.2:
2447 * fixed incorrect man page
2448 * fixed incorrect example rc file
2449 * recursive error logging should work now
2450
24510.1:
2452 * initial release -- on Samhain 1999, of course
2453
2454development start:
2455 * probably 29-06-1999
2456
Note: See TracBrowser for help on using the repository browser.