source: trunk/docs/Changelog@ 57

Last change on this file since 57 was 57, checked in by rainer, 18 years ago

Fix for manual, and tweks to include netbsd rc file. Also fix problem with the gpg checksum warning.

File size: 69.2 KB
Line 
12.2.4:
2 * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip)
3 * fix error in manual (location of lock file)
4 * fix bug with SuidExclude (files in directory were still checked)
5
62.2.3:
7 * fix samhainadmin.pl: check for gpg-agent running if use-agent is set
8 (ticket #28 by anonymous)
9 * fix stealth mode (regression in parser), problem reported by
10 Joschi Kuphal
11 * fix minor typo in sh_database.c (compile problem reported by
12 Joschi Kuphal)
13
142.2.2 (17-07-2006)
15 * minor fixes for regression test scripts
16 * minor updates to the manual (suggested by Brian A. Seklecki)
17 * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+
18 (problem reported by Leonhard Maylein)
19 * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM
20 is not defined
21
222.2.1c (11-07-2006)
23 * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early
24 (Solaris 8 build failure reported by Jesse)
25 * fix sh_unix.c: wrong prototype for sh_unix_mlock()
26 if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by
27 Jonathan Kaufman)
28
292.2.1b (20-06-2006):
30 * fix compile error on SuSE 10.1 (reported by Leonhard Maylein)
31
322.2.1a (15-06-2006):
33 * fix compile error on i686/MacOS X (reported by Andreas Neth)
34
352.2.1 (13-06-2006):
36 * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808)
37 * fix compiling with Oracle (noticed by Colapinto Giovanni)
38 * fix configure.ac for most recent autoconf version
39 (debian bug #369503)
40 * fix a regression that would make impossible local updates w/clients
41 * fix a few missing '\n' in sh_getopt.c
42 * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem
43 * fix Solaris package creation
44 * recognize Solaris doors and event ports
45 * fix the idmef_inode_t patch: provide required info to avoid stat()
46 * fix bug on database update: fill in dev and rdev fields
47 * fix get_file_infos() in sh_prelude.c: avoid premature return
48 * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK
49 * deploy.sh: allow to set a group for hosts upon installation
50 * patch by Yoann: fix an issue when setting the idmef_inode_t object
51 * fix memory leaks in error paths in sh_prelude.c
52 * fix concurrent inserts with postgres in sh_database.c
53 * code cleanup
54 * fix manual version in spec file, first noticed by Imre Gergely
55
562.2.0 (01-05-2006):
57 * patch by Jim Simmons for samhainadmin.pl.in
58 * fix testsuite portability problems
59 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700
60 * fix potential NULL dereference in sh_utmp_endutent()
61 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)
62 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)
63 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)
64 * fix bug in sh_utils_obscurename (check isascii)
65 * scan h_aliases for FQDN if h_name is not
66 * add copyright/license info to test scripts
67 * add copyright/license info to deployment system scripts
68 * support server-to-server relay
69 * new CL option --server-port
70 * minor improvements in manual
71 * patch by Yoann Vandoorselaere for sh_prelude.c
72 * allow --longopt arg as well as --longopt=arg
73 * verify checksum of growing log files (up to previous size)
74 * rewrite of the test suite
75 * added a bit of unit testing
76 * minor optimizations in various places
77 * optimized implementation of tiger checksum algorithm
78 * read in 64k blocks (faster than 4k)
79 * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux
80 file attribute code
81 * kern_head: fix compilation of kernel check module on OpenBSD
82 * updated samhainrc.linux, samhainrc.freebsd
83 * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..)
84 * sh_files.c: fix missing use of flag_err_info
85 * sh_tiger0.c: remove repetitive use of mlock
86 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
87 add function sl_read_timeout_prep
88
892.1.3 (13-03-2006):
90 * fix compile problem in slib.c (reported by Lawrence Bowie)
91 * fix bug with combination of one-shot update mode and file check
92 schedule (reportedby Dan Track)
93 * improved the windows howto according to suggestions by
94 Jorge Morgado
95 * fix samhain_hide kernel module for new linux kernel versions
96 * fix minor problem with dead client detection (problem reported
97 by Michal Kustosik)
98
992.1.2 (10-01-2006):
100 * fix startup error with combination of gpg+prelude
101
1022.1.1a (22-12-2005):
103 * fixed a stupid bug in sh_files.c (break if file = dir)
104
1052.1.1 (21-12-2005):
106 * sh_calls.c: protect sh_calls_set_bind_addr against overriding
107 * comINSTALL, updateDB: use locking
108 * samhainadmin.pl: use locking
109 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts)
110 * improve zAVLSearch (remove redundant strcmp)
111 * use AVL tree in sh_files.c instead of linked list (better scaling)
112 * fix bug with suidcheck (no update/check in one-shot mode with
113 schedule instead of check interval; noticed by R. Rati)
114 * fix for problem with '-t update -i' if daemon mode (problem report
115 by Peter van der Does)
116 * fix for bug in sh_util_ask_update (two returns were required ...)
117
1182.1.0 (31-10-2005):
119 * minor fix for cross-compiling with --with-kcheck
120 * sh_forward.c: handle bad fds in the select() fd sets
121 (reported by hmy)
122 * sh_extern.c: fix debugging code
123 * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME
124 (reported by Gabor Kiss)
125 * makefile.in: fix for solaris package creation
126 * sh_mail.c, sh_readconf.c: mail filtering options
127 * sh_database.c: Oracle reconnect on connection failure
128 (bug report by Alexander A. Sobyanin)
129 * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable
130 (problem reported by Peter)
131 * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix
132 * fixes for gcc 4.0.2 compiler warnings
133 * ability to use daemon mode together with update
134 (wishlist Yoan Vandoorselaere)
135 * fixes for debugging
136
1372.0.10a (22-08-2005):
138 * fix for overlapping directory check specification (reported by Bub)
139
1402.0.10 (21-08-2005):
141 * fix for segfault (free() on a constant string) with libprelude
142 (problem reported by Grae Noble)
143 * upgrade FreeBSD kernel check to 5.4, minor fixes
144 * useful script for users of Linux kernel check
145 (contributed by marc heisterkamp)
146 * documentation improvements (suggested by Brian Seklecki and Robby)
147
1482.0.9 (25-08-2005):
149 * samhain_erase.c: add #define for NULL
150 * sh_suidchk.c: fix incorrect use of escaped filename
151 * sh_prelude.[ch], sh_readconf.c: configurable mapping from
152 samhain severity to prelude severity
153 * sh_unix.h: second arg of gettimeofday should be NULL
154 * sh_files.c: fix checking of directory special file (use specified
155 policy, not that of parent dir, problem found by Brian A. Seklecki)
156 * sh_entropy.c: longer timeout for entropy collector
157 * sh_socket.c, sh_forward.c: allow probing of clients for
158 necessity of configuration reload
159 * yulectl: minor fixes, option -v (verbose), new command PROBE
160 * fix 'File not found' messages for files flagged with IgnoreMissing
161 * sh_database.c: strip newline from oracle error messages
162 * sh_files.c: fix rsrc fork issue with MacOS X Tiger
163 (reported by A. Koren)
164 * never compute checksum if not checked (problem report by D.Hughes)
165 * sh_prelude.c: cleanup and bugfix by Yoann
166 * sh_hash.c: for prelude, make sure mode is supplied with user/group
167 and vice versa
168 * sh_prelude.c: provide proper FileAccess objects (bug
169 report by Mihai Ilinca)
170
1712.0.8 (03-07-2005):
172 * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than
173 $LIBPRELUDE_CFLAGS (bugfix by Yoann)
174 * samhain.spec.in: remove support for chkconfig (it's too buggy).
175 Strangely, if invoked as install_initd it behaves sanely ...
176 * src/sh_err_log.c: fix key input (this time for real)
177 * fix --with-altlogserver (bug from 2.0.7b)
178 * remove server socket in start/stop script
179
1802.0.7e (not released):
181 * Makefile.in: introduce a total of 6 sec delay for 'make' utilities
182 that use 1 sec resolution, and consider target out-of-date if
183 timestamp(target) = timestamp(dependency) ...
184 * src/sh_err_log.c: fix key input
185 * another fix for yulectl (use pwent->pw_dir)
186 * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH
187
1882.0.7d (not released):
189 * one more fix for the spec file (stupid rpm finds tags in comments!!!)
190
1912.0.7c (not released):
192 * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH
193 * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes
194 * samhain-install.sh.in: fix test -z $verbose
195 * sh_hash.c: speedup database reading
196 * Makefile.in: fix the problem that BSD make would make too much
197 * deploy: yulerc.clients -> yulerc.install.db, provide
198 $defdatabase for backward compatibility
199 * deploy: allow for comma in client_install_date
200
2012.0.7b (not released):
202 * hp_ux.psf.in: fix psf file
203 * dsys/comINSTALL: fix $yule_date -> $yule_data
204 * Makefile.in: fix 'make depot'
205 * sh_tools.c, sh_unix.c: fix detection of open file limit
206 * sh_readconf.c: reset read_mode after reading conf file
207 * yulectl.c: better error messages, use homedir from getpwuid(geteuid)
208 * init/samhain.startLSB.in: fix misleading message in lsb init script
209 * sh_forward.c: better display for nonce u in debug mode
210 * sh_tiger*.c: fix checksum for HP-UX 64bit
211 * samhain.c: don't fetch database twice
212 * configure.ac: accept nodename for --with-logserver=...
213 * samhain_setpwd.c: return proper exit status for samhain_setpwd
214 * respond to SIGTERM on initializing
215 * fix problems with samhainadmin.pl
216 * sh_utils.c: fix bug with AddOKChars (found by Karol)
217
2182.0.7a (not released):
219 * remove 'df' from entropy gatherer (NFS may hang)
220 * modify va_copy check (doesn't work with HP-UX PA64 compiler)
221 * fix compile warnings in sh_database.c
222 * samhain-install.sh.in: check for /usr/bin/false in /etc/shells
223 * fix install-boot on HP-UX
224 * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE
225
2262.0.7 (11-06-2005):
227 * yet another fix for the spec file (use internal dependency generator)
228 * sh_error.c, sh_prelude.c: init libprelude after open fds are closed
229 * error message if queue is full
230 * fix two compiler warnings on HP-UX
231 * fix sh_mail.c for Interix (no resolver routines)
232 * fix sh_unix_initgroups2() if no initgroups() function (bug reported
233 by Geries Handal)
234 * remove references to 'struct timezone' (Interix; problem
235 reported by Geries Handal)
236 * init/stop for prelude on SIGHUP
237 * sh_cat.h: fix a stupid bug with messages classes
238 * manual: new section on nagios (with help from kiarna),
239 more on prelude
240 * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere)
241 * default prelude profile name now is 'samhain' (lowercase)
242 * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere)
243 * remove obsolete check for linux/module.h, linux/unistd.h
244 * remove dependency on virtual/glibc in gentoo ebuild
245 (problem reported by Willis Sarka)
246
2472.0.6 (01-03-2005):
248 * sh_prelude.c, configure.ac, aclocal.m4: support for
249 libprelude 0.9 (Yoann Vandoorselaere)
250 * sh_html.c: fix bug with entry.html template (reported by
251 Stephane Sanchez)
252 * Install.sh: fix mandir option (reported by Rodney Smith)
253 * Fixed Linux/64bit bug in definition of EUIDSLOT
254 * New targets 'make depot', 'make depot-light' (HP-UX, untested)
255 * Use sstrip for RPMs and DEBs (automatic stripping disabled)
256 * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al.,
257 problem noticed by Yoann Vandoorselaere)
258 * Modify samhain.spec.in to disable automatic stripping upon install
259 * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb'
260 for '--with-khide' (problems reported by Mark)
261 * Fix compile error in sh_tools.c on HP-UX 10.20
262 (problem reported by Dennis Boylan)
263 * Runtime configuration of server listening port (wishlist)
264 * Runtime configuration of server listening interface (wishlist)
265 * Ignore SIGTTIN (consistency)
266 * Use SIGTTOU to force file check (wishlist)
267
2682.0.5b (01-04-2005):
269 * Fix build problem b/o timestamp on stamp file
270
2712.0.5a (16-03-2005):
272 * Fix problem with 'make rpm' (reported by Dirk Brümmer)
273
2742.0.5 (02-03-2005):
275 * Fix bug with partial reads from clients in server
276 (bug report by Brian)
277 * Support gpg checksum bootstrap with yule
278 * Support mount option check on HP-UX
279 * For MAIL FROM, use 'example.com' as domain part if
280 hostname is numeric (problem reported by Eric Raymond)
281 * The HOWTO-write-modules has been updated.
282 * Convenience functions to insert data in database have been
283 added.
284 * Use int0x03 only on i386 in sh_derr() (portability problem
285 reported by John Mandeville)
286
2872.0.4 (09-02-2005):
288 * Fixed broken 'make deb' (problem report by olfi)
289 * Fixed minor bug in test scripts (detection of gmake vs. make)
290 * Fixed Tru64/OSF compile warnings (reported by B. Terp)
291 * Normalize list parsing to allow comma, space, and tab as separators
292 * Some more descriptive error messages in kern_head.c
293 * Absolute path to utilities in init/samhain.startLinux.in
294 * Fixed is_root variable in deploy.sh
295 * Fixed 'deploy.sh info'
296 * Fixed 'deploy.sh install' client startup
297 * Fixed 'make tbz': don't remove ebuild scripts in 'make dist'
298 (issue reported by W. Sarky)
299
3002.0.3 (14-12-2004):
301 * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith)
302 * Fix missing sys/time.h include in slib.c (reported by Jonas)
303 * Workaround for file closing problem with Prelude+GPG
304 * Fixed memory leak with Prelude.
305 * Fixed bug in samhain_stealth (PGP signature not correctly
306 retrieved from hidden configuration; report and patch by V. Tuska)
307 * Added Perl script to concatenate file signature database files
308 * Fix compile error with combination of --enable-nocl and
309 --enable-stealth (reported by Zdenek Polach)
310 * Fix bug in dsys/initscript with --enable-nocl
311 * Fix declaration of sh_kern_timer()
312 * Fix missing Mounts+Userfiles options in appendix of manual
313 * Updated the README (bug report by H. Franzke)
314 * Fix some compiler warnings
315
3162.0.2a (09-11-2004):
317 * Fixed OoM condition when client rc file not found (reported by Eilko)
318
3192.0.2 (08-11-2004):
320 * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code)
321 * Fixed uninitialized variable in sh_mail_msg() (problem reported
322 by Michael Milvich)
323 * Fixed potential NULL pointer dereference in sh_hash_compdata()
324
3252.0.1 (01-11-2004):
326 * Fixed compilation bug reported by jue (--with-kcheck broken).
327 * Fixed start option (bug reported by sanek). Behaviour wrt.
328 environment variables depended on the way the daemon was started.
329
3302.0.0 (31-10-2004):
331 * The deployment system has been rewritten from scratch in
332 a cleaner and more modular and extensible way. Deployment
333 of native packages is supported now.
334 * The build system has been revised. Building outside the source
335 directory is supported now.
336 * Support for checksumming of prelinked executables / libraries
337 has been added.
338 * The configure script now checks for the SSP/ProPolice patch in GCC,
339 and enables it if present.
340 * The install-boot option in samhain-install.sh has been fixed
341 (use absolute paths for sbin utilities).
342 * A nagios plugin (scripts/check_samhain.pl) has been added.
343 * The LSB (Linux Standard Base) init script has been fixed (the output
344 was incorrect).
345 * Fetching of built binary packages has been
346 fixed ($(PACKAGE)->@install_name@).
347 * For files in proc, the timeout has been reduced, and no error
348 messages are issued upon timeout.
349 * A function has been added to print out full details for missing
350 files if encountered while in sh_files().
351 * The reporting for SuidCheck has been fixed (incorrect policy
352 noticed by JiM).
353 * On Linux, SuidCheck does not report on files marked as candidates
354 for mandatory locking (group-id bit set, group-execute bit cleared).
355 * Fix for oracle init script (by Matt Warner)
356
3571.8.12b (11-10-2004):
358 * fix bug in MSG_MSTAMP (%ld -> %lu)
359 * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL,
360 mkdir mode for quarantine directory
361 * fix the fix for modlist_lock search in System.map
362
3631.8.12a (01-10-2004):
364 * fix bug in samhain-install.sh.in (only occurs on Solaris), reported
365 by J. Roland
366
3671.8.12 (27-09-2004):
368 * fix compile bug with --enable-static + --with-database=postgresql
369 * fix search for modlist_lock in System.map
370 * password auth for yule command socket (request by D. Kocic)
371 * more info about pending/sent commands to clients
372
3731.8.11 (30-08-2004):
374 * fix static linking on Linux by use of replacement routines from
375 uClib - however, this means, there is no NIS support anymore
376 * new option AddOKChars=... to modify the set of characters for
377 filenames considered 'obscure'
378 * new option HardlinkOffset=... to specify an offset from the canonical
379 hardlink count for a directory
380 * fix some warning with HP 11.23 native compiler
381 * fix minor OpenBSD portability problems (EIDRM, compiler warning)
382 * samhainrc.5, samhain.8: updated the man pages
383 * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name'
384 for AllIgnore
385 * sh_kern.c: fix 'update' to display modifications
386 * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized
387 fields)
388 * stealth kernel modules: fix for linux 2.6, fix
389 redefine of KERNEL_VERSION
390 * warn about stealth kernel module problem with 2.6 in manual
391 * sh_unix.c: remove some cruft
392 * fix a typo in the manual (noticed by J. Rubin)
393 * configure.ac: re-order output from libprelude-config (required
394 for static linking - problem reported by E. Neber)
395 * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel
396
3971.8.10b (13-07-2004):
398 * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported
399 by Pat Smith)
400
4011.8.10a (13-07-2004):
402 * depend-gen.c: fix for FreeBSD 'make' which does not understand
403 the dependencies ... (problem reported by David Thiel)
404
4051.8.10 (13-07-2004):
406 * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy
407 (bug report by VZoubkov)
408 * fix some warnings (unreachable statement) with HP-UX native compiler
409 * kern_check.c: silence warning about 'sendfile' for 4.10
410 (noticed by Ryan Beasley)
411 * modify depend-gen.c to ignore sh_gpg_chksum.h
412 * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h)
413 * .. and for fingerprint
414 * sh_suidchk.c: fix some compiler warnings on solaris
415 * allow commas to separate multiple entries in a RedefXXX= directive
416 * replace sleep/usleep with nanosleep wrapper function
417 * replace alarm() for read timeout with select() in sl_read_timeout
418 (should fix bug reported by Scott Kelley)
419 * increase lstat/open timeout to 6 sec
420
4211.8.9 (16-06-2004):
422 * made 'no action specified' error message more informative
423 (suggested by Stephen Gill)
424 * fix memory leak in mysql sh_database_query() (bug report by Dejan)
425 * remove some cruft from the code
426 * sh_files.c: check MacOS X resource forks (idea from Osiris)
427 * sh_files.c: no hardlink check for MacOS X
428 * sh_util_ask_update: fix bug with no terminal in non-interactive mode
429 (report and debug data by Kris Dom)
430 * manual refactored
431 * fix redundant messages when updating with suidcheck
432 * allow interactive update for suid files
433 * don't remove the TZ environment variable to guard against
434 misconfigured hosts
435 * also use gethostname if uname returns possibly truncated name
436 * fix improper file descriptor handling in sh_mail.c (bug report
437 by Alex Weiss)
438 * cleanup MBLK cruft
439 * use SH_ALLOC/SH_FREE in sh_prelude.c
440 * update sstrip to Version 2.0
441
4421.8.8 (25-05-2004):
443 * fix compilation problem on AIX 5.2 (nameser_compat.h; report by
444 Tim Evans and Ian McCulloch)
445 * don't check for trusted paths on Cygwin
446 * add Windows HOWTO written by Kris Dom
447 * kern_check.h: extend FreeBSD syscall table for 5.x
448
4491.8.7a (03-05-2004):
450 * sh_mail.c: fix subject length
451 * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom)
452 * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug
453 (compile problem reported by Kris Dom)
454
4551.8.7 (01-05-2004):
456 * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing
457 empty mails (introduced with segfault fix in 1.8.6, report
458 by Kris Dom)
459 * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal,
460 try to reopen on controlling terminal if not
461 * sh_utmp.c: fix order of options (problem report by Uri)
462 * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop
463 (may cause segfault on null dereference for missing files)
464 * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type,
465 sh_unix_getinfo_attr)
466 * don't use dh_installmanpages in 'make deb' (samhain/yule conflict
467 reported by xavier)
468 * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c
469 (suggested by Kris)
470 * include nameser_compat.h in sh_mail.c (for MacOS X,
471 suggestion by jna)
472 * sh_utmp.c: fix time for logout events (reported by Erich
473 van der Velde)
474
4751.8.6 (15-04-2004):
476 * add CL option to set threshold for prelude and RDBMS
477 * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer
478 dereference; reported by Micha Silver)
479 * fix compiling with --disable-encrypt (reported by Pat Smith)
480 * fix minor problem in scheduler (don't return before all schedules
481 are tested, to set last_exec correctly)
482
4831.8.5 (05-04-2004):
484 * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD
485 problem (endless loop; report and debugging aid by Joe MacDonald)
486 * fix hardlink check (null dereference in error message, segfaults
487 on solaris - noticed by Bob Bloom)
488 * sh_suidcheck: don't truncate quarantined file if nlink > 1
489 * fix Install.sh (no --seperate-output with --radiolist); patch by
490 Greg Kimberly
491
4921.8.4 (17-03-2004):
493 * add Prelude patch by Patrice Bourgin
494 * add license statement to sh_mounts.c, sh_userfiles.c after
495 receiving a clarifying e-mail from Cian Synnott
496 * support UsePersistent = no for Oracle (problem spotted and fix
497 tested by Michael Somers)
498 * fix bug in samhainadmin.pl
499 * sh_gpg.c: describe type of gpg error (if any)
500 * fix persistent connections with postgresql (reported by
501 Erwin Van de Velde)
502 * prelude: local 'meaning' shadows global in sh_prelude_alert
503 (spotted by David Maciejak)
504 * uname: workaround for cases where nodename would be a possibly
505 truncated FQDN (problem reported by Cian Synnott)
506 * re-write parts of sh_kern.c, store kernel info in baseline database
507 -> no need to recompile after kernel upgrade
508 * modify timeouts in sh_unix_getinfo, add timeout warning
509 * change handling of dangling symlinks (store in db)
510 * fix typo with MSG_FI_OBSC2 (double slash)
511 * remove redundant operation in sh_utils_safe_name
512 * fix occasional random start bytes of long messages in
513 sh_error_string (sl_strlcat -> sl_strlcpy)
514 * provide details for missing files (as for added files)
515 * remove duplicate message for no such group/user
516 * add fixes for samhain.oracle.init (supplied by Michael Somers)
517 * fix date insertion for Oracle (fix by Michael Somers)
518 * manual: fix incorrect statement about RPM (noticed by
519 Lars Kellogg-Stedman)
520
5211.8.3 (02-02-2004):
522 * add a HOWTO-client+server-troubleshooting document
523 * fix another bug with SIGUSR2 (suspend mode)
524 * new option SetBindAddress (--bind-address=...) to force
525 interface for outgoing connections on multi-interface box
526 * don't link against libgmp if not required (i.e. standalone)
527 * test for ext2fs/ext2_fs.h or linux/ext2_fs.h
528 * new make targets 'emerge' and 'tbz2' for gentoo
529 * update rules.deb.in based on the Debian package
530 by Javier Fernandez-Sanguino
531 * updated config.guess, config.sub to version 2002-09-05
532 * external command: report failure only once
533 * console: reset failure status after success
534 * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility
535 * use persistent connection to database by default
536 * option UsePersistent=no to switch off persistent connection
537
5381.8.2 (19-01-2004):
539 * sh_userfiles.c: new option UserfilesCheckUids (requested)
540 * sh_error.c: server: don't log to logfile before dropping root
541 * new script scripts/samhainadmin.pl (administrative tasks for
542 signed config/database files)
543 * add changes code to log_msg for reports on modified files
544 * change default log threshold to 'mark', as 'none' tends
545 to confuse new users
546 * faster response time for SIGUSR2
547 * revised (mostly backward-compatible) message classes
548 * fix missing check of mailTime in server select loop
549 * add support for libprelude (version 0.8.10)
550 * fix format for MSG_E_GRNULL (reported by Stefan Hudson)
551 * fix Bourne shell incompatibility (export) in samhain-install.sh
552 (first reported by David Thiel)
553 * fix typo in spec file (first reported by Christian Vanguers)
554 * remove some cruft (signal handler, memory handling)
555 * return from sigterm handler, rather than exit directly
556 (re-entrancy problem causes more problems than it's worth)
557
5581.8.1 (03-12-2003):
559 * fix gmp detection (problem pointed out by Nix)
560 * fix/improve the error message if test compiling with mysql fails
561 * new CL option --interactive for interactive db update
562 * fix some compiler warnings from IRIX MIPS compiler
563 * kern_head.h, kern_head.c: option to disable IDT check
564 * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6)
565 * sh_utmp.c: count number of logins (request by Erwin Van De Velde)
566 * change username -> userid, remove (long) userid (bug noticed
567 by Erwin Van De Velde)
568 * emit ADDED message for new SUID/SGID files
569 * add trailing slash to excluded directory if there is none
570
5711.8.0a (04-11-2003):
572 * sh_error.c: remove two debug printf's
573
5741.8.0 (31-10-2003):
575 * manual: make ps file fit on both a4 and letter paper
576 * sh_socket.c, sh_socket.h, sh_forward.c: socket interface
577 to send (quit/reload) commands to clients
578 * sh_forward.c, configure.ac: enable build with libwrap
579 (Wietse Venema's TCP Wrappers library)
580 * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c:
581 new option to suppress messages for new and/or deleted files
582 * samhainrc.aix5.2.0: contributed by Christoph Kiefer
583 * samhain.c: fix compile warning on solaris (noticed by Ian Hunt)
584 * sh_database.c: undef debug code for oracle
585 * samhain.oracle.init: contributed by Joern Michael Krueger
586 * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c,
587 sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h:
588 check-mounts and userfiles modules contributed by eircom.net
589 * sh_utils.c: fix off-by-one bug in sh_util_compress()
590 * sh_forward.c, sh_tools.c, configure.ac:
591 version 2 client/server protocol
592 * sh_mail.c: add %S to include severity in subject (user request)
593 * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD
594 * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline
595 for --enable-ptrace
596 * samhain.c: lower priority for 'uninitialized module' message
597 * sh_entropy.c: lower priority for message if /dev/random blocks and
598 /dev/urandom is available
599 * improved error messages in sh_readconf.c
600 * print system error message for getpwuid, getgrgid
601 * fix missing module init after SIGHUP (noticed by Cian Synnott)
602
6031.7.12 (13-10-2003):
604 * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10)
605 thanks to bug reports by Jason Martin and Matthew P. Cox
606
6071.7.11 (01-09-2003):
608 * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h:
609 - change SIG_USR1 to switch between dbg on/off
610 - change SIG_USR2 to switch between suspend on/off
611 - fix CLT_ILLEGAL to actually work
612 - introduce new state CLT_SUSPEND
613 - force reauthentication after suspend
614 * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024
615 * sh_suidchk.c: better AIX fs detection (Christoph)
616 * sh_entropy.c: increase buffer size for unix entropy gatherer
617 (problem reported by D. Danielson)
618 * default config files: add lots of comments, list more options
619 * sh_error.c: set default severities to 'crit'
620 * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config
621 file syntax, issue warnings (triggered by C. Kiefer)
622 * Makefile.in: handle depend-gen errors more gracefully
623 * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens)
624 * configure.ac: workaround for mysql_config weird output
625 (reported by G. Faron)
626 * sh_unix.c, sh_tiger0.c: check IO limit during read of large files
627 * depend-gen.c: close streams before attempting to rename (Cygwin)
628 * Makefile.in: fail gracefully if depend-gen fails
629 * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER
630
6311.7.10 (27-07-2003):
632 * FreeBSD init script: define $pidfile (reported by D. Thiel)
633 * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2
634 * sh_schedule.c: fix bad array size
635 * samhain.c: fix pid_t <> int casts
636 * sh_kern.c: fix repetitive messages
637 * configure.ac: try to bootstrap if TIGER192 not supported by gpg,
638 provide a detailed error message
639 * configure.ac: try harder to locate mysql
640 * docs/Changelog: retroactively add release dates, if known
641 * sh_mail.c: fix potential message truncation in mailer
642 * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable
643 * sh_readconf.c: fix segfault (dereference of uninitialized pointer)
644 if --with-gpg and --enable-stealth are used together (reported
645 by Anthony Caetano)
646 * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive
647 error messages (larger GLOB_LEN, stat fills aud_err_message)
648
6491.7.9 (30-06-2003):
650 * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory),
651 problems with SIGABRT noticed by Brian and Alf B Lervåg
652 * deploy.sh.in: fix some bugs (found by Alf B Lervåg)
653 * scripts/chroot.sh: fix typo (found by Alf B Lervåg)
654 * configure.ac (khide): search also for 'd sys_call_table' (noted by
655 cuek_saja)
656 * strip whitespace before checking gpg checksum (noted by D. Thiel)
657 * manual (faq section): explain how to stop console output
658 * Makefile.in: fix re-naming of yule with --enable-install-name
659 * HOWTO-client+server.html: fix typo (noted by xavier renaut)
660 * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1)
661
6621.7.8 (28-05-2003):
663 * sh_unix.c: new mlock implementation with reference count
664 and page alignment (fix for solaris problem)
665 * kern_head.c: search also for 'xxxxxxxx d sys_call_table'
666 * sh_html.c: write status comment (for Beltane 2)
667 * add CL option --delimited for comma-delimited signature database dump
668 * sh_mail.c: check exit status of push_list to fix counting bug
669 (bug reported by Alan Moore)
670 * configure.ac: add error message to --with-libs
671 * fix spelling of $DAEMON in init script (noted by C. Grigoriu)
672 * fix missing initgroups()
673
6741.7.7 (06-05-2003):
675 * sh_forward.c: fix bug if compiled with --enable-udp, but disabled
676 in config file (found by Andy OBrien)
677 * sh_database.c: sh_database_entry(): size -> c_size (two places)
678 to fix writing of '\0' to arbitrary places :(
679 (problem pointed out by Stefan Giesen)
680 * profiles/*/configopts: fix --with-base -> --enable-base
681
6821.7.6 (24-04-2003):
683 * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen
684 * fix samhain_hide for the O(1) scheduler used by RedHat:
685 configure.ac, acconfig.h: check for next_task in struct task_struct
686 samhain_hide.c: use find_task_by_pid if no next_task in task_struct
687 * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning
688
6891.7.5 (15-04-2003):
690 * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag
691 * manual: point out the bmaxdata problem on AIX in faq section
692 * trustfile.c: don't check symlinks (permissions of directory count)
693 * sh_schedule.c: fix problem with daylight saving switchover
694 * sh_samhain.c: close all open fd's >2 before reading the conf file
695 * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing
696 user
697 * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error
698 * sh_forward.c: place timestamp code before select() timeout handler
699 * fix incorrect class of timestamp messages (conflict with manual)
700 * sh_readconf.c, sh_forward.c: new config option SetStripDomain
701 * configure.ac: add warning if /lib/modules/`uname -r`/build/include
702 not found
703 * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table
704 address from System.map)
705 * sh_err_syslog.c: fix for Solaris
706 * samhain.spec.in: strip REQ_FROM_SERVER from config file install path
707
7081.7.4 (21-03-2003):
709 * configure.ac: fix bug in defargs (--with-base > --enable-base)
710 * aclocal.ac: detect unsupported options
711 * kern_check: add syscalls, skip unused syscalls
712 * fix Manual (--enable.../--with... inconsistency)
713 * add two HOWTOs (signed files, server/client)
714 * moved manual into new subdirectory docs/
715 * add admin scripts by S.Bailey/M.Redinger
716 * option to have a version string in db file
717
7181.7.3 (23-02-2003):
719 * samhain-install.sh: use yule user key for signing on install
720 * fix a bug in sh_err_console.c (attempted write to const char)
721 * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg
722 * Makefile.in: make target 'trustfile' depend on config.h
723 * configure.ac: don't use install_name before it is defined ...
724 * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2
725 * samhain.c: make sure daemon cannot be forced into 'update' mode
726 * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile)
727
7281.7.2 (04-02-2003):
729 * sh_kern.c: use sys_call_table address from System.map
730 * fix for reserved SQL keyword 'group'
731 * add AC_SYS_LARGEFILE to configure.ac
732 * allow separate client-specific log files for server
733 * sstrip.c: compile sstrip code only for i386
734 * sh_unix.c: closeall: don't close trace file
735 * slib.c: don't trace sl_is_suid (leads to recursion in trace handler)
736 * samhain-install.sh.in: fix detection of LSB compliant systems
737 * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks
738 * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd
739 (may block otherwise, for no good reason apparently ...)
740 * samhain.spec.in: replace %configure with ./configure
741 * sh_unix.c: re-write signal handling (use __malloc_hook et al. to
742 check whether we are in the middle of a free/malloc/realloc/memalign)
743 * sh_unix.c: use new safe_logger() function to log from signal handler
744 * sh_err_log.c: fix xml
745 *
746 * fix Makefile.in to exit non-zero on compile failure
747 * database init: create index on log_host, entry_status
748 * sh_suidchk.c: fix path building
749 * sh_tiger0.c: read larger blocks
750 * sh_hash.c: cast inode to UINT32
751 * sh_tools.c: check that config/database files size fits in uint
752 * sh_error.c: export flag_err_debug to avoid unnecessary calls
753 * sh_unix.c: save the open() call in sh_unix_getinfo_attr()
754 * profiles/redhat_i386/bootscript: add # description field
755 * deploy.sh.in: set owner + permissions for files in yule_filedir
756 * profiles/debianlinux_i386: fix bootscript
757 * Makefile.in: fix deploy file lists and targets (include init+scripts)
758 * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE
759 * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h)
760 * sh_err_syslog.c: split long messages rather than truncating
761 * sh_error.c: allocate msg to fix truncation limit
762 * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited
763 filedescriptors may exceed FOPEN_MAX, causing problems in
764 sl_open_file)
765 * sh_err_console.c: avoid stdio
766 * trustfile: dirz: make swp[] static
767 * slib.c: speed up sl_strlcat
768 * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX)
769 * remove some unused code
770 * slib.c: support long long int in the snprintf replacement
771 * configure.ac: new configure macro to check whether sa_sigaction works
772 * Makefile.in: make sstrip, encode dependent on config.h
773
7741.7.1a (08-01-2003):
775 * fix a syntax error in samhain-install.sh.in
776
7771.7.1 (07-01-2003):
778 * search runlevel scripts in ./init or ./
779 * handle all distro-specific Linux runlevel script issues
780 within a single script
781 * support install-boot on Yellow Dog Linux and Slackware
782 * samhain-install.sh: fix a bug for unknown Linux
783 ('"' not closed, DVER not set)
784 * samhain-install.sh: check for /etc/yellowdog-release
785 * sh_database.c: fix missing entry for 'userid' in attr_tab[]
786 * fix debian.rules.in (disable sstrip)
787 * update make targets: 'srpm', 'srpm-dist', 'rpm'
788 * check for zlib if mysql is used
789 * workaround for NetBSD bug with libresolve
790 * fixed problems with spec files
791
7921.7.0 (22-12-2002):
793 * improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>)
794 * sh_unix.c: fix a dereferenced static pointer in tf_trust_check
795 * runlevel scripts: remove pid file after stop
796 * make the data directory read-only for the daemon
797 * treat 'localhost' specially in MX resolver
798 * sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail>
799 * deploy.sh.in: fix quoting (fix by Simon Bailey)
800 * slib.c: make sl_get_euid et al. behave well if uids not stored
801 * trustfile.c: use euid = uid(SH_IDENT) if server
802 * sh_mail.c: include an MX resolver
803 * Makefile.in: install-user routine for user installation
804 * have yule drop root
805 * sh_tools.c: open_temp use logdir if server
806 * unified options for runlevel script
807 * HP-UX, IRIX runlevel scripts
808 * AIX inittab entry
809
8101.6.6 (13-12-2002):
811 * configure.ac: solaris cc -O2 -> -xO2
812 * sstrip.c: avoid alpha architecture
813 * profiles/solaris/configopts: no --enable-static
814 * sh_forward.c: sh_forward_req_file: copy argument to local array
815
8161.6.5 (04-12-2002):
817 * sh_utmp.c: set userlist = NULL in sh_utmp_end ()
818 * sh_unix.c: do not assume that environ is sane
819 * exit handler: write </trail>
820 * sh_log_file(NULL): test sh.flag.log_start != S_TRUE
821 * FreeBSD rc script does not blindly accept content of pid file
822 * configure.ac: allow 'localhost' for log server
823 * sh_calls.c: retry_connect: ntohs (port)
824 * testrun_2[abc].sh: --with-logserver=localhost for client
825
8261.6.4 (12-11-2002):
827 * sh_tools.c: fix error when escaping '=<'
828 * fix the 'make srpm' target
829 * deploy.sh.in: avoid that client is named 'yule'
830 * define memset to sl_memset
831 * fix type cast of uid_t, gid_t
832
8331.6.3 (31-10-2002):
834 * fix options for Sun/Solaris native compiler
835 * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error
836 * test sstrip on freebsd
837 * default config file for freebsd
838 * make target to build .deb packages
839 * sh_readconf.c: fix bug in error message
840 * samhain.c, sh_suidchk.c: fix initialization of suidchk
841 * samhain-install.sh.in: don't remove config file by default
842 * samhain-install.sh.in: support complete de-installation
843 * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris
844 * samhain-install.sh.in: check more paths
845 * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue]
846 * sh_calls.c: save error message in retry_lstat()
847
8481.6.2 (04-10-2002):
849 * make target to build rpms
850 * update samhain.spec.in, samhain.startRedHat
851 * support DESTDIR, as in 'make DESTDIR=/what/ever install'
852 * explicitely set -fno-omit-frame-pointer b/o gcc bug
853 * mv configure.in to configure.ac to benefit from autoconf wrapper
854 * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP
855 * slib.c: fix debug messages (no msgs for dlogActive <= 1)
856 * sh_schedule.c, samhain.c, sh_suidchk.c:
857 scheduler may accept multiple schedules
858
8591.6.1 (04-09-2002):
860 * sh_schedule.c: bugfix (executes only after first day)
861 * rm obsolete WITH_TRACE stuff
862 * new dlog() function for debug logging
863 * some more descriptive error messages
864
8651.6.0 (27-08-2002):
866 * omit the -fomit-frame-pointer option (bugs in some gcc versions ?)
867 * sh_error.c: fix escape mode when logging to database
868 * sh_forward.c: fix error (twice escape) in recv_syslog_socket
869 * sh_tools.c: change escape mode for server-received data
870 * sh_mem.c: change ulong -> size_t in sh_mem_malloc()
871 * configure.in: fix localstatedir if --prefix=USR
872 * sh_hash.c: snprintf() -> sl_snprintf()
873
8741.5.5 (07-08-2002):
875 * sh_err_log.c: fix incorrect xml syntax for client messages
876 logged by server
877 * sh_err_log.c: fix incorrect '</trail>' entries on client EXIT
878 * sh_files.c: introduce file_class_next
879 this fixes the problem that a policy for the directory
880 inode erroneously becomes a policy for the directory itself.
881
8821.5.4 (17-07-2002):
883 * sh_hash.c: fix buffer overflow with (micro-)stealth
884 * sh_database.c: set path[] 1024 -> 12288
885 * sh_database.c: set query[] 2048 -> 16383
886 * sh_database.c: set values[] 1024 -> 16383
887 * sh_forward.c: larger limit for message size (16 kB)
888 * trustfile.c: set MAXFILENAME 2048 -> 4096
889 * fixed a bug in the handling of filenames with embedded newlines
890 * sh_files.c: fix missing sh_util_safe_name() in debug output
891 * --with-sender can specify a full address
892 * fix xml log in a backwards compatible way
893
8941.5.3 (03-07-2002):
895 * fix combination of stealth and sql logging
896 * fix some more places where invalid UIDs/GIDs trigger errors
897
8981.5.2 (01-07-2002):
899 * include solaris config file from (sean [at] boran d.o.t com)
900 * test for files/dirz defined twice in the configuration file
901 * option to disable reverse lookup on outbound connections
902 * option to use socket peer as client name (with name resolving)
903 * sh_html.c: fix an HTML bug (twice </head><body>)
904 * sh_suidchk.c: fix warning on AIX b/o dirname()
905 * allow logging server -> syslog if yule is NOT configured to
906 receive syslog messages
907 * define PRIi64 to "lld" if undefined
908 * invalid UIDs: use gid/uid as name, error level SeverityNames
909 * minor fixes for connect_port
910 * sh_hash.c: flush output of db listing before _exit()
911 * configure.in: fix incorrect default ${install_name} for server
912 * configure.in: try harder to find mysql.h / libpq-fe.h
913 * sh_files.c: sh_files_checkdir:
914 closedir() early to not exhaust OPEN_MAX
915
9161.5.1a (30-05-2002):
917 * fix missing LSB init script
918
9191.5.1 (27-05-2002):
920 * fix '-t update' option
921
9221.5.0a (23-05-2002):
923 * fix configure.in
924
9251.5.0 (22-05-2002):
926 * include solaris nosuid patch from (nathoo [at] co d.o.t ru)
927 * similar fix for bsd nosuid
928 * speed up -t update
929 * convert manual to DocBook, distribute html and ps
930 * fix some more problems with configure.in, Makefile.in
931 * fix testsuite, add tests for udp, mysql
932 * MSG_TCP_MSG: host -> remote_host
933 * convert to autoconf 2.53
934 * make c_bits.sh exit with status 0
935 * sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h
936 to avoid dependency tracking problems
937 * samhain.c remove *YULE* #ifdefs
938 * acconfig.h remove *YULE* #undefs
939 * samhain.c: procdirSamhain: lstat --> stat (allow symlink)
940 * configure.in: add checks for correct user input
941 * Makefile.in: add automatic dependency tracking
942 * depend-gen: tool to figure out dependencies
943 * chkconfig comments in redhat start scripts
944
9451.4.8:
946 * sh_database.c: fix missing attr_old, attr_new, (from)host columns
947 * configure.in, Makefile.in: fix an error in the configfile
948 definition with REQ_FROM_SERVER
949 * sh_err_console, sh_err_log: avoid recurrent failure messages
950 * timeout on read from files (/proc)
951 * fix errrors with setjmp/longjmp/alarm
952 * fix memory leak in server (~20 byte/file download in sh_tools, 930)
953 * check gpg signature for files downloaded from server, add a
954 regression test
955 * fix chown in solaris bootscript
956 * provide second scheduler for file check
957 * provide scheduler for file check
958 * provide scheduler for SUID check
959
9601.4.7 (08-04-2002):
961 * make daemon control LSB-compliant (arguments, exit status)
962 * set log_ref = 0 for server messages
963 * boolean option SetDBServerTstamp to disable entering server
964 timestamps for received client messages into database
965 * sh_suidcheck: check for "nosuid" mount option if getmntent is used
966 * fix logrotate script in manual (reported by Scott Worthington)
967 * don't strip numerical IP addresses
968 * check item->status_now != CLT_TOOLONG in client_time_check()
969 * set log_host to client in db client message
970
9711.4.6a (20-03-2002):
972 * define prefix in deploy.sh
973
9741.4.6 (19-03-2002):
975 * modify samhain_hide.c to hide processes on new Linux kernels
976 * better error diagnostics in kern_head.c
977 * fix compile error in all_items ()
978 * check length of install-name in enable-khide (max is 15)
979 * define exec_prefix in deploy.sh.in
980 * make configure a bit more cross-compiler friendly
981
9821.4.5 (07-03-2002):
983 * Make sure missing file is reported even if ptr->reported == S_TRUE
984 because the file has been added.
985 * propagate 'reported' flag from sh_files_checkdir() into file list
986 * close checkfd in sh_gpg_check_file_sign()
987 * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...)
988 * use sh.srvcons.name in dbg() to get debugging info from daemon
989 * option to log file timestamps with localtime instead of GMT
990 * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory
991 sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c
992 * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk()
993 to make sure re-disappearing will get reported
994 * new function sh_hash_set_missing() to remove file record
995 without (duplicate) 'missing' message
996 * make sure all items are reported for added files
997 * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h)
998 * clarify in the documentation which gpg options to use for signing
999
10001.4.4 (11-02-2002):
1001 * check that parent process has exited before writing PID file
1002 * promote MGG_W_CHDIR to SH_ERR_ERR
1003 * add error message to sh_unix_testlock
1004 * fix missing _() macro in sh_aud_set_functions
1005
10061.4.3 (05-02-2002):
1007 * don't check attributes for symlinks (may cause device access)
1008 * add USE mysql; USE samhain; to samhain.mysql.init
1009 * point out the MessageHeader/mysql problem in manual
1010 * add -lz to LIBS for mysql
1011 * strip after install, avoid double strip
1012
10131.4.2 (27-01-2002):
1014 * support for EGD
1015 * fix some more problems with install-deploy / deploy.sh
1016 * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_)
1017 * fixed the 'external logging' test (init rather than none in rc file)
1018
10191.4.1:
1020 * SuSE: include run level 4+5
1021 * install location of hiding kernel modules changed - some insmod
1022 variants do not test for /lib/modules/$(uname -r)/module_name.o
1023 * new make targets 'install-deploy', 'uninstall-deploy'
1024 * fixed make targets 'deploydir', 'deploydirfast'
1025 * bail on unsupported CL option in deploy.sh
1026 * fix various bugs in deploy.sh
1027
10281.4.0 (16-01-2002):
1029 * fixed missing 'dirname' on Mac OS X
1030 * fixed && tested for/with postgres
1031 * 'user=' -> 'userid=' (reserved word in sql)
1032 * fix the endianess + size of file database; this changes db format
1033 for any non-Linux OS
1034 * --enable-old-format for old (V1.3) database format
1035 * getopt, samhain.c, samhain.h: option -f to loop if not daemon
1036 * sh_hash: list numeric + char data to allow file db update on
1037 server side
1038 * sh_database: modify handling of integer (long) data
1039 * sh_database: datetime in database
1040 * sh_database: hash field in database
1041 * sh_database: rewrite database insert string construction
1042 [use INSERT INTO log (fields) VALUES (values);]
1043 * makefile suse 7.x runlevel entries
1044
10451.3.7 (06-01-2002):
1046 * fix incorrect escape in sh_tools_safe_name
1047 * fix sh_error_handle (4. argument) in sh_extern.c
1048
10491.3.6c:
1050 * fix segfault in sh_database (mysql logging) on solaris
1051
10521.3.6b (03-01-2002):
1053 * fix syntax error ('==') in Makefile.in
1054 * fix configure.in (path for /lib/modules/$(uname -r)/build/include)
1055 * fix sh_kern.c (redeclaration of 'j')
1056
10571.3.6 (03-01-2002):
1058 * sh_kern.c: check integrity of int 80h vector
1059 (SucKIT rootkit - Phrack 58)
1060 * make sure childs in sh_kern are wait()'ed for
1061 * provide start/stop/restart/reload/status interface
1062 * fix a potential segfault (dereferenced NULL pointer) in the server
1063 * use sh_util_flagval for sh_unix_setdaemon
1064 * documentation for logging to SQL database
1065 * configure.in: check for -I/lib/modules/$(uname -r)/build/include
1066 * fix trustfile.c to ignore invalid users
1067 * separate 'make install-samhain' and 'make install-yule'
1068 * separate default log/pid/config files for server/client
1069 - less problems running server and client on same host
1070 * rewrite deploy.sh(.in):
1071 - don't use (make|install) if deploying
1072 - use command line options
1073 - better integrate into server environment
1074 - write install db
1075 * always write a pidfile if daemon
1076 * don't use server's config file as fallback for downloading client
1077 * don't overwrite config file when doing 'make install'
1078
10791.3.5 (28-12-2001):
1080 * fix --enable-message-queue for newer glibc versions
1081 * log to SQL database: implemented, but undocumented yet,
1082 needs to be tested further
1083 * xml: escape received syslog messages
1084 * xml: rename 'time' to 'tstamp'
1085 * make targets: make [un]install-[boot-]yule
1086 (for server-only installation)
1087 * fix samhain_hide.c for 2.4 kernel
1088 * fix sh_kern for updated samhain_hide.c
1089 * new option -j to just list the logfile
1090 * sh_getopt.c: recognize -Dt check for -D -t check
1091 * sh_tiger0.c: fix compiler warning (memmove) on Solaris
1092
10931.3.4 (12-12-2001):
1094 * sh_suidchk.c: option to limit files per second
1095 * sh_unix.c: option to limit (kilo)bytes per second
1096 * sh_hash.c: fix potential problem with '\n' in filename
1097 (not backward compatible if there are filenames with '=')
1098
10991.3.3 (03-12-2001):
1100 * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c:
1101 option SetNiceLevel to set scheduling priority
1102 * sh_hash.c: bugfix for database listing on Solaris
1103 * taus_seed: bugfix for emergency backup rng seed
1104 * sh_util_safe_name: fix for XML
1105 * sh_utmp_set_login_activate: use sh_util_flagval
1106 * sh_utils.c: sh_util_obscurename: rm 'space' from list
1107 * more backtrace macros
1108 * sh_util_flagval: fix bug to recognize 1/0
1109 * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5)
1110 * rm stray debug fprintf in sh_srp.c
1111
11121.3.2 (27-11-2001):
1113 * sh_hash.c: fix an error introduced in 1.3.1
1114 * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug
1115
11161.3.1 (25-11-2001):
1117 * slib.c: get backtrace with --enable-debug
1118 * sh_unix.c: allow core dumps when --enable-debug
1119 * configure.in: fix default message queue permissions
1120 * sh_suidchk.c: automatically include suid/sgid files in database
1121 * sh_suidchk.c: check all suid/sgid files
1122 * sh_hash.c: don't insert duplicates when reading the database
1123 * sh_utmp, sh_kern, samhain: fix 1sec offset in timer
1124 * sh_unix.c: don't require /dev/random to be non-world-writeable
1125 * server: fix segfault in zAVLTree.c if avltree == NULL (no clients)
1126 * client: fix segfault on Solaris if path_conf == NULL
1127 * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed
1128
11291.3.0 (31-10-2001):
1130 * support compiling with GNU gmp library
1131 * set 3 sec timer on client_time_check to avoid excessive (and
1132 unnecessary) calls under heavy load
1133 * replace sl_strlen with a macro
1134 * store client_t structure in AVL tree
1135 * database format incompatible with previous format, up the magic#
1136 * sh_html.c: cache entry template for speedup
1137 * slib.c: reset islong(double) in sl_printf_count
1138 * sh_hash.c: report on rdev change
1139 * sh_hash.c: print size in 64 bit
1140 * sh_hash.c: save in absolute size types
1141 * sh_unix.c: get values as appropriate type (time_t, dev_t, ...)
1142
11431.2.10:
1144 * update MANUAL
1145 * sh_unix.c: tiger_hash -> tiger_generic_hash
1146 * sh_readcon.c: DigestAlgo option
1147 * sh_tiger0.c: add MD5 and SHA1
1148 * sh_unix.c: fix minor problem with win2k/cygwin
1149
11501.2.9 (17-10-2001):
1151 * fix problem with entry template/empty hostname
1152 * fix MASK_USER_ (MTM -> ATM)
1153 * typo fixed in configure.in (${install_name} -> {install_name})
1154 * bugfix group_old -> size_old in XML code
1155 * skip armor header in signed files
1156
11571.2.8 (29-09-2001):
1158 * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid
1159 obscure compiler warning
1160 * Mac OS X: fix test scripts
1161 * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org
1162 * implement deadtime in syslog recv code to protect against flooding
1163 * sh_err_log: sl_close(fd) if lock|forward fails
1164 * compliance with Filesystem Hierarchy Standard -- Version 2.2 final
1165 * add policies User0, User1
1166 * fix compile problem (FreeBSD) in sh_suidchk.c
1167 * macro to check for debugger breakpoints (linux/i386)
1168 * check for solaris (does not work) in sh_derr (--enable-ptrace)
1169 * option to listen on 514/udp for syslog, drop root
1170 irrevocably if compiled thus
1171 * use (check_mask & MODI_ATM) to decide whether to reset utime
1172 * reset the policy masks on sighup
1173 * option to write XML log messages
1174 * cleanup of message catalog
1175 * modified error messages for BADCONN
1176 * error messages for Rijndael
1177 * block recursive error messages within sh_error_handler()
1178 - would hang the machine ... -
1179
11801.2.7:
1181 * sh_files, sh_utils: check top level directory
1182 * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess
1183 for reading from /dev/kmem
1184 * include /boot in default samhainrc
1185 * change source distribution signing/packaging system
1186 * Makefile, README, MANUAL: adhere to file system standard,
1187 document new locations
1188 * fix a bug in samhain_hide.c
1189
11901.2.6:
1191 * reset list of trusted users before config file re-read
1192 * TrustedUser=... can be a list
1193 * fix severity for files missing from IgnoreAll
1194
11951.2.5:
1196 * include example_pager.pl, example_sms.pl scripts
1197 * explain paging/sms setup in docs
1198 * allow manual exclusion of a directory in suidcheck
1199 * automatically track all file changes
1200 * remove missing files from in-memory database
1201 * add $(KERN) to DEPLOYFILES
1202
12031.2.4:
1204 * log IP address for login/logout events, if supported by the OS
1205 * release block in globerr (callback)
1206
1207-------------
1208
12091.2.3:
1210 * fix problem with reading stealth configuration
1211 * fix a few formats in sh_cat.c
1212 * always use strncmp for file system type check in sh_suidchk.c
1213 (trailing 'fs' may be system specific for some types)
1214 * no bare LF in messages (RFC 2822)
1215 * no lines longer than 998 chars (RFC 2822)
1216 * fix error in testrc_1
1217
12181.2.2:
1219 * make tmp file directory a compile time option
1220 * fix minor bugs in tmp file allocator (potential memory leak,
1221 double slash if root directory)
1222 * obsolete testpipe script removed
1223
12241.2.1:
1225 * fix memory alignment in rijndael-api-fst.c: blockEncrypt()
1226 * fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
1227 * removed a debug fprintf()
1228
12291.2.0:
1230 * fix a bug in the HMAC implementation (thanks to Cesar Tascon
1231 for help in tracking down this one)
1232 * module to check the file system for SUID/SGID files
1233
12341.1.16 (never released):
1235 * fix the recursion depth -1 option as described in the manual
1236 * optional database reload on SIGHUP
1237 * fix a race condition when checking that /dev/random is a charakter
1238 device
1239 * redirect stderr to /dev/null for c_random
1240 (AIX may segfault in netstat...)
1241 * check whether /dev/random is a charakter device in c_random.sh
1242 (we know at least one sysadmin who has set up a fake /dev/random ...)
1243 * don't give NULL as 2. and 3. arg to execve if not Linux - some
1244 Unices (notably Solaris) don't like it
1245 * init ptr = NULL in my_malloc (compiler warning)
1246 * make the bitmask for tests configureable (suggestion by A. Dunkel)
1247 * make the bitmask for tests a static variable
1248 * make (database/logfile/lockfile) path configurable
1249 (to run multiple instances of samhain from an NFS share - on the
1250 wishlist of J. Patton)
1251
12521.1.15 (never released):
1253 * fix minor error in testcompile.sh (rm test_log only at start)
1254 * return from subroutines on sig_terminate == 1
1255 (faster exit on SIGTERM)
1256 * fix re-configuration of addresses
1257 * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
1258 * SysV message queue as compile option
1259 * config file option to set console device
1260 * removed the pre 1.1.9 code bloat
1261 * don't print the LOGKEY to the console
1262
12631.1.14:
1264 * fix an error in the setup consistency check
1265 * make target to uninstall runtime files
1266 * trustfile.c: check return code of readlink(), fix off-by-one error
1267 * sh_files.c: fix placement of terminator after readlink() call
1268 * sh_files.c: fix a missing set_suid()/unset_suid()
1269 - suid should work, but is not recommended -
1270 * more debug statements in c/s code
1271 * avoid re-entry in sh_unix_sigexit
1272 * put a block around free() and malloc() in wrapper functions
1273 * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
1274 - i.e. avoid corrupting the heap from a signal handler -
1275
12761.1.13:
1277 * optimized the size of the configure script somewhat
1278 * modify the compile and hash test scripts
1279 * read '\0's in sh_unix_getline
1280 * exponential schedule for connection attempts
1281 * make stealth working properly with signed files
1282 - config file should be signed now before embedding in picture -
1283 * fix a race in using signed files
1284 * updated err messages for PWNULL, GRNULL
1285 * add missing shell script for test 11
1286 * add mandatory source file/line info with -p debug
1287 * add mandatory source line info with BADCONN
1288 * fix a latex error in the manual
1289
12901.1.12:
1291 * debug output to console if compiled with --enable-debug and
1292 running as daemon
1293 * make reportonlyonce=true the default
1294 * make sure state changes of a file are always reported, even
1295 with reportonlyonce=true
1296 * Linux kernel modules (samhain_hide, samhain_erase)
1297 * fixed incorrect return value of sh_util_flagval
1298 * fixed an error in sh_files.c: happens with -t init and first
1299 file that is checked does not exist
1300 * revised install/uninstall targets in the Makefile
1301 * module to check for clobbered kernel syscalls (tested on Linux 2.2)
1302 * more diagnostic error messages in sh_gpg.c
1303 * more diagnostic error messages in sh_mail.c
1304 * error in mail.c fixed
1305 (address -> address_list[i] for multiple recipients)
1306 * docs updated, better(?) explanation of signed files
1307 * skip over path in gpg checksum output
1308 * check client name against IP address and FQDN
1309 * fix for --disable-* in config file
1310 * fixed a server crash (MSG_TCP_OKMSG without arg)
1311 if the server is run with debug level output threshold
1312 * catch EAGAIN in sh_gpg.c pipe reader
1313 * fix the 'external logging' test to make it work on BSD
1314 * error message if no local path to init DB
1315 * check for i86/Solaris in configure (vsnprintf prototype)
1316 * make SRP the default
1317
13181.1.11:
1319 * make log file verification more convenient
1320 * fix problem with message classes in stealth mode
1321 * linux: do not try to read file attributes for devices
1322 * handle the root directory correctly (avoid "//" in listing)
1323 * fix problems with blockin on FIFOs/char dev
1324 pointed out by I. Rogalsky (rog@iis.fhg.de)
1325 - open in nonblocking mode for read, then set to blocking
1326 - open file only if regular
1327 * fix alignment in memory profiler
1328
13291.1.10:
1330 * minor code cleanup
1331 * fix an error in trustfile.c (handling of empty/incomplete
1332 group entries in /etc/group, bug report by A. Capriotti )
1333
13341.1.9:
1335 * compatibility option for old behaviour (plain hash instead
1336 of HMAC, ECB instead of CBC mode)
1337 * use CBC rather than ECB mode for encryption
1338 * use HMAC-TIGER for message authentication codes
1339 * handle NULL data in sh_tiger_hash
1340 * option to set syslog facility (default is LOG_AUTHPRIV)
1341 * longer timeout (300 sec) on /dev/random if no /dev/urandom
1342 * fix minor output error with stealth option
1343 * option not to log names of config/database files on startup
1344
13451.1.8:
1346 * fix error in syslog routine
1347 * fix missing 'test' in configure.in
1348 * fix error in replace_tab() in sh_html.c
1349 * fix minor memory leak in sh_util_regcmp()
1350
13511.1.7:
1352 * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
1353 * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
1354 * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
1355 * fix for Alpha: format string in sh_tiger0.sh
1356 * on Linux, now compiles cleanly with
1357 -Wall -W -Wstrict-prototypes -Wcast-align
1358 * fix problem with recursion depth
1359 (pointed out by Vic <hvicha@mail.ru>)
1360 * #include "sh_tools.h" in sh_unix.c and fix the
1361 --with-timeserver option (reported by Vic <hvicha@mail.ru>)
1362 * place read_port(), MSG_TCP_NETRP outside ifdefs
1363 * close fd/zero skey before execve
1364 * verify client name against socket peer
1365 * ... with configureable error priority
1366 * use strcmp() rather than strncmp() in search_register()
1367 * fix race between lstat() and open() for checksum
1368 (reported by dynamo <dynamo@ime.net>,
1369 JJohnson <JJohnson@penguincomputing.com>)
1370 * enable globbing for filenames
1371 * fix Solaris problem: siginfo_t may be NULL
1372 * fix missing SL_EBADGID in tf_trust_check
1373 * test case for external scripts, fix flushing pipe
1374 * fix a typo in sh_ext_type
1375 * do an fdexec w/checksum on Linux if calling external program
1376 * even safer tmp file creation
1377 * allow db update
1378 * fix compile options for --enable-debug
1379 * fixed a spelling error in the output
1380 * test program for full CS support (config/database download)
1381 * tell which file is searched for cs download
1382
13831.1.6:
1384 * fix bug in sh_readconf_line (segfault on erroneous config lines)
1385
13861.1.5:
1387 * sh_unix.c: sh_unix_getinfo_attr: f -> flags
1388 * use gettimeofday as last resort
13891.1.4:
1390 * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
1391 to (char *)
1392 * configure: add static link flags for some more os (from tar)
1393 * don't strip twice (some stupid systems abort)
1394 * fix for reading from /dev/random on non-Linux systems (untested)
1395 * sh_mail.c: end all message lines with \r\n
1396 * stealth: ignore \r, \"
1397 * take out tracing from --enable-debug (presently useless anyway)
1398 * fix some remaining cleartext with debug && stealth combined
1399 * fixed a small memory leak in sh_err_log.c
1400
14011.1.3:
1402 * fixed circular logic in taus_seed() (fallback method only)
1403 * fix for missing _SC_OPEN_MAX (runaway close())
1404
14051.1.2:
1406 * implement message classes
1407 * let server recognize client message severity and class
1408 * secondary log server
1409 * keep database in memory (allows to close file
1410 if retrieved from server)
1411 * encrypt client/server communication
1412
14131.1.1:
1414 * Compilation problems with native Solaris compiler fixed
1415 * fill in euid/ruid variable
1416 * manual.pdf --> MANUAL.pdf
1417 * debug sh_util_formatted()
1418 * http refresh 120sec for server stat page
1419 * trace/debug options
1420 * fixed problem with utmp.c options
1421 * fixed problem with sh_mail_setaddress
1422 * option for custom message header
1423 * fixed problem in compdata
1424 * fixed problem in mail verification
1425 * remove eventual trailing '/' in file names
1426 * fixed problem with report string for modified files
1427 * option to report in full detail
1428
14291.1.0:
1430 * Move error messages to catalog
1431 * Make error message format more uniform
1432 * Wrap sytem calls that could be interrupted by signals
1433 * Warn on append to database
1434 * Option for full details on mod. files
1435 * Option to report only once on mod. files
1436 * Generally speaking, major modifications with potential new bugs
1437
14380.9.5:
1439 * sh_hash.c: fixed erroneous checksum for config file
1440 * sh_html.c: fixed erroneous timestamp (last)
1441 * sh_tools.c: fixed connect_port (set port for cached address)
1442 * sh_srp.c: fix for '00' (='\0') in pw
1443 (last two fixes by Andreas Piesk)
1444
14450.9.4:
1446 * samhain.c: fcntl(1, ..) -> fcntl(2, ..)
1447 * sh_hash.c: copy 12 instead of 10 byte for c_attributes
1448 * 'empty directory' WARN -> INFO
1449
14500.9.3:
1451 * FreeBSD fixes:
1452 - c_random.sh: make sure /dev/random provides something
1453 rather than nothing
1454 - check for <netinet/in.h> and include it
1455 - include <sys/types.h> early
1456 - sh_utmp.c: fixed an occurence of ut_user
1457 - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
1458 - sh_forward.c: EBADMSG -> ENOMSG
1459 * sh_unix.c: check return value of gethostbyname
1460 * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
1461 more than 30 sec
1462 * ... and fix the timestamp format ...
1463
14640.9.2:
1465 * ISO 8601 timestamps
1466 * Bugfix in sh_utmp (timestring overwrite)
1467 * don't use siginfo_t on Linux (garbage as of 2.2.14)
1468 * check for Linux capabilities bug when dropping root
1469 * include README for gcc compiler bug (pointed out by A. Piesk)
1470 * explicitely set -fno-strength-reduce with gcc
1471 * fixed ignoring missing files with the IgnoreAll policy
1472
14730.9.1:
1474 * more ext2flags (breaks backward database compatibility on Linux)
1475 * IgnoreAll policy modified - missing/added files reported with
1476 SeverityIgnoreAll (to handle files that may or may not be present)
1477 * Check all files, not only regular ones
1478 (bug in sh_files, originally introduced because checksum of
1479 regular files only is computed)
1480
14810.9:
1482 * use O_NOATIME if supported
1483 * --with-nocl takes argument (PW to re-enable CL parsing)
1484 * no daemon mode if initializing database
1485 * fixed segfault in yule with 'unknown file type' request
1486 * enlarged MAX_GLOBS 24 -> 32 and made the array linear
1487 * server uses last registry entry for any given client now
1488 * deploy.sh script to deploy clients to remote hosts
1489 * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
1490 * allow y/Y/n/N for login monitoring (in addition to 0/1)
1491 * external logging scripts/programs
1492 * trustfile.c: define STICKY on Linux
1493 * reset signal mask when initializing
1494 * EINTR_RETRY wrapper
1495 * slib: sl_read, sl_write EINTR update
1496 * use sstrip when installing
1497 * more compact database format (breaks backward database compatibility)
1498 * larger download packets
1499 * TcpFlags unsigned char
1500 * cast to (char *) head in write_port
1501 * m(un)lock cast to (char *)
1502 * (1 << 31) --> (1UL << 31)
1503 * support e2fs attributes on Linux
1504 * fixes for AIX and Solaris native compilers
1505 * fixed Makefile for non-GNU make (pattern rule --> suffix rule)
1506
15070.8.1:
1508 * fixed 'is_numeric()' return value
1509
15100.8:
1511 * added option for static compilation
1512 * added option for stealth with non-hidden config file
1513 * added option for disabling command line parsing
1514 * all options can be set in the configuration file now
1515 * stealth: xor strings in database file
1516 * fixed bug in mailer code ([] in HELO)
1517 * print timestamp when asking for key
1518 * 'micro' stealth mode (no hidden configuration file)
1519 * simplified slib
1520 * int->long for uids/gids in trustfile
1521 * moved mailkey from data to code
1522 * shell script for entropy (stronger default key)
1523 * general code cleanup
1524 * better error checking in client/server code
1525 * detect out-of-sync messages
1526 * check state across protocol passes in server
1527 * make sure authentication is mutual
1528 * file download to client
1529 * reserve six file descriptors in server
1530 * mlock queue buffer if LOG_KEY
1531 * improved robustness in bignum (don't fail on free())
1532 * per-directory recursion depths
1533 * RFC821 compliance: empty line at end of header, To field, Date field
1534 * RFC821 compliance: make e-mail transfer relieable
1535 * fix detection of hardlink changes
1536 * checksum verification for calling gpg/pgp
1537 * CL option '-S' not required for server-only binary
1538 * eliminate CL options that may leak privileged information
1539 if the program is SUID
1540 * skip leading white space in configuration file
1541 * allow nested conditionals in configuration file
1542 * allow whitespace before and after '=' in configuration file
1543 * don't leak file descriptors to child processes
1544 * make message transfer relieable
1545 * always report error on abnormal termination of connection
1546
15470.7:
1548 * support for alpha machines
1549 * stop TCP logging after exit message
1550 * limit connections in server (DoS attacks)
1551 * move string handling to slib
1552 * move file handling to slib
1553 * timestring without space
1554 * changed report format
1555 * SUID bugfix - use euid when checking logfile ownership
1556 * SUID bugfix - get root for lstat()
1557 * SUID bugfix - get root for opendir()
1558 * store number of hardlinks
1559 * send no message if polling empty queue
1560 * include tiger 64-bit implementation (portability)
1561 * codes for error conditions
1562 * mail check: handle multiple, overlapping audit trails
1563 * security fix: no append to database if SUID
1564 * fix sh_entropy.c (BUFSIZ -> BUF_ENT)
1565 * read command line before config file
1566 * PGP signing of config/database files
1567 * checksum of config file reported
1568 * checking for attributes only
1569
15700.6:
1571 * more syslogish priority specification
1572 * fixed segfault in sh_mem_check, apparently this was also
1573 the reason for the segfault in atexit()
1574 * allow for compilation with SRP authentication
1575 * fixed tiger checksum computation
1576 * fixed broken logfile verification for second and further audit trails
1577 * test program added
1578 * documentation improved
1579 * sh_forward_make_client: bug fixed in[8]->in[i]
1580 * sh_error.h: fixed missing #include <errno.h>
1581 * configure.in: fixed missing strerror() test
1582 * sh_utmp.c: check logins/logouts
1583 * check for missing files
1584 * only reset access time if necessary
1585 * O_EXCL in open()
1586 * limit environment to TZ in execve (sh_entropy.c, not used on Linux)
1587 * use trustfile() to determine whether logfile dir is trustworthy
1588 * strip head instead of tail for numerical address
1589 * store messages in fifo during log server outage
1590 * re-init session key after server outage
1591
15920.5 (21-12-1999):
1593 * added option for mail relay server
1594 * own popen() implementation in sh_entropy() (portability)
1595 * fixed error in sh_util_basename() (returned NULL for base == "/")
1596 * fixed segfault in strlcpy/strlcat (check for src == NULL)
1597 * FILENAME_MAX -> PATH_MAX (HP-UX 10.20)
1598 * use TIGER for 32-byte compilers (portability)
1599 * fixed hash function (do not include stdlib.h)
1600 * flush buffer before write in mailer code (IBM AIX 4.1)
1601 * make mailer code non-forking
1602 * cast argument of is...() to int (portability)
1603 * return() after _exit() for braindead compilers (portability)
1604 * optionally use inet_addr (portability)
1605 * check for broken mlock() (HP-UX 10.20)
1606 * minor code cleanups
1607 * fixed incorrect size of munlock()'ed memory in sh_error_string()
1608 * fixed a buffer overflow in the error printing routine
1609 * fixed a buffer overflow in sh_util_safe_name ()
1610 * implement SRP session key exchange
1611 * implement client/server facility
1612 * implement @host/@end construct in configuration file
1613 * preferably use uname(), and do gethostbyname() for FQDN
1614 * make vernam cipher base numeric
1615 * make OnlyStderr private in sh_error
1616 * test -e "/dev/random" --> test -r "/dev/random" (portability)
1617 * check for libsocket (portability)
1618 * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
1619 * eliminate superfluous /proc test
1620 * some unreachable code removed
1621 * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash()
1622 * check for setresuid() if no seteuid() (HP-UX 10.20)
1623
16240.4 (09-11-1999):
1625 * make sure output from /dev/random has no NULL's
1626 * one-time pad encryption for emailed keys
1627 (better than nothing ...)
1628
16290.3 (04-11-1999):
1630 * logfile readable for group
1631 * verify signatures for any file
1632 * signature block in tarball
1633 * use select() in time server routine
1634 * better protection for session keys (mlock)
1635
16360.2:
1637 * fixed incorrect man page
1638 * fixed incorrect example rc file
1639 * recursive error logging should work now
1640
16410.1:
1642 * initial release -- on Samhain 1999, of course
1643
1644development start:
1645 * probably 29-06-1999
1646
Note: See TracBrowser for help on using the repository browser.