[481] | 1 | to 4.0.0 and higher: if you use "ReportCheckflags = yes" (off by default),
|
---|
| 2 | you need to change the database scheme:
|
---|
| 3 |
|
---|
| 4 | -- mysql:
|
---|
| 5 | ALTER TABLE samhain.log ADD COLUMN checkflags_old BIGINT UNSIGNED;
|
---|
| 6 | ALTER TABLE samhain.log ADD COLUMN checkflags_new BIGINT UNSIGNED;
|
---|
| 7 |
|
---|
| 8 | -- postgres:
|
---|
| 9 | ALTER TABLE samhain.log ADD COLUMN checkflags_old NUMERIC(20);
|
---|
| 10 | ALTER TABLE samhain.log ADD COLUMN checkflags_new NUMERIC(20);
|
---|
| 11 |
|
---|
| 12 | --oracle:
|
---|
| 13 | ALTER TABLE samhain.log ADD checkflags_old NUMBER(20);
|
---|
| 14 | ALTER TABLE samhain.log ADD checkflags_new NUMBER(20);
|
---|
| 15 |
|
---|
[297] | 16 | to 2.8.0 and higher: samhain supports IPv6 now, which means that the
|
---|
| 17 | size of the 'ip' column in the database must be increased from
|
---|
| 18 | VARCHAR(16) to VARCHAR(46).
|
---|
[27] | 19 |
|
---|
[297] | 20 | BE SURE TO MAKE A BACKUP BEFORE THIS!
|
---|
| 21 |
|
---|
| 22 | -- mysql: alter table samhain.log modify ip VARCHAR(46);
|
---|
| 23 |
|
---|
| 24 | -- postgresql: alter table samhain.log alter column ip type varchar(46);
|
---|
| 25 |
|
---|
| 26 | -- oracle: alter table samhain.log modify ip VARCHAR2(46);
|
---|
| 27 |
|
---|
| 28 |
|
---|
[170] | 29 | to 2.4.4 and higher: it is possible now to store the full content of
|
---|
| 30 | small files in the baseline database. To support this feature with
|
---|
| 31 | logging to an RDBMS, the DB schema for Oracle needs to be adjusted
|
---|
| 32 | by converting the link_old, link_new columns from VARCHAR2 to CLOB:
|
---|
| 33 |
|
---|
| 34 | -- Oracle:
|
---|
| 35 | ALTER TABLE samhain.log ADD tmp_name CLOB;
|
---|
| 36 | UPDATE samhain.log SET tmp_name=link_old;
|
---|
| 37 | ALTER TABLE samhain.log DROP COLUMN link_old;
|
---|
| 38 | ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_old;
|
---|
| 39 |
|
---|
| 40 | ALTER TABLE samhain.log ADD tmp_name CLOB;
|
---|
| 41 | UPDATE samhain.log SET tmp_name=link_new;
|
---|
| 42 | ALTER TABLE samhain.log DROP COLUMN link_new;
|
---|
| 43 | ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_new;
|
---|
| 44 |
|
---|
| 45 | -- Samhain server (yule): if you are logging to the RDBMS via
|
---|
| 46 | the server (yule), as recommended, you need to also upgrade the
|
---|
| 47 | server, because earlier versions had a too restrictive limit on
|
---|
| 48 | the maximum length of an SQL query.
|
---|
| 49 |
|
---|
| 50 |
|
---|
[93] | 51 | to 2.3.3 and higher: a bug has been fixed that resulted in an additional
|
---|
| 52 | slash at the beginning of the linked path of symlinks in the root
|
---|
| 53 | directory (symlinks in other directories were not affected)
|
---|
[68] | 54 |
|
---|
[93] | 55 | -- this may cause spurious warnings about modified links, if you check
|
---|
| 56 | against a database created with an earlier version of samhain
|
---|
| 57 |
|
---|
| 58 | from lower to 2.3.x: the database scheme has changed slightly.
|
---|
| 59 | To upgrade, use the following SQL commands in the command-line
|
---|
| 60 | client of your database:
|
---|
| 61 |
|
---|
[68] | 62 | -- MySQL:
|
---|
| 63 | ALTER TABLE samhain.log ADD COLUMN acl_old BLOB;
|
---|
| 64 | ALTER TABLE samhain.log ADD COLUMN acl_new BLOB;
|
---|
| 65 |
|
---|
| 66 | -- PostgreSQL:
|
---|
| 67 | ALTER TABLE samhain.log ADD COLUMN acl_old TEXT;
|
---|
| 68 | ALTER TABLE samhain.log ADD COLUMN acl_new TEXT;
|
---|
| 69 |
|
---|
| 70 | -- Oracle:
|
---|
[73] | 71 | ALTER TABLE samhain.log ADD acl_old VARCHAR2(4000);
|
---|
| 72 | ALTER TABLE samhain.log ADD acl_new VARCHAR2(4000);
|
---|
[68] | 73 | DROP TRIGGER trigger_on_log;
|
---|
| 74 |
|
---|
| 75 |
|
---|
| 76 |
|
---|
[27] | 77 | since 2.2.0: server-to-server relay is possible
|
---|
| 78 |
|
---|
| 79 | -- this implies that problems will arise if your server is misconfigured
|
---|
| 80 | to connect to itself (SetExportSeverity is explicitely set
|
---|
| 81 | to a threshold different from 'none', and the logserver is set to
|
---|
| 82 | localhost). The server may deadlock in this case.
|
---|
| 83 |
|
---|
| 84 |
|
---|
| 85 |
|
---|
[18] | 86 | since 2.1.0: update and daemon mode can be combined
|
---|
[1] | 87 |
|
---|
[18] | 88 | -- this implies that '-t update' will start a daemon process if running as
|
---|
| 89 | daemon is the default specified in the config file. use '--foreground'
|
---|
| 90 | to avoid starting a daemon process
|
---|
| 91 |
|
---|
| 92 |
|
---|
| 93 |
|
---|
[1] | 94 | from 1.7.x to 1.8.x: client/server encryption protocol has been enhanced
|
---|
| 95 |
|
---|
| 96 | -- 1.7.x clients can connect to a 1.8.x server
|
---|
| 97 |
|
---|
| 98 | -- 1.8.x clients can only connect to a 1.7.x server, if they
|
---|
| 99 | are built with --enable-encrypt=1
|
---|
| 100 |
|
---|
| 101 |
|
---|
| 102 |
|
---|
| 103 | from 1.6.x to 1.7.x: things to watch out for
|
---|
| 104 |
|
---|
| 105 | -- the log server drops root privileges after startup; it needs a logfile
|
---|
| 106 | directory with write access for the unprivileged user now
|
---|
| 107 |
|
---|
| 108 | -- the PID file does not double as lock for the log file anymore; the
|
---|
| 109 | log file has its own lock now (same path, with .lock appended)
|
---|
| 110 |
|
---|
| 111 | -- by default, the HTML status page of the server is in the log directory
|
---|
| 112 | now; this allows to make the data directory read-only for the server
|
---|
| 113 |
|
---|