| 1 |
|
|---|
| 2 | to 2.3.3 and higher: a bug has been fixed that resulted in an additional
|
|---|
| 3 | slash at the beginning of the linked path of symlinks in the root
|
|---|
| 4 | directory (symlinks in other directories were not affected)
|
|---|
| 5 |
|
|---|
| 6 | -- this may cause spurious warnings about modified links, if you check
|
|---|
| 7 | against a database created with an earlier version of samhain
|
|---|
| 8 |
|
|---|
| 9 |
|
|---|
| 10 |
|
|---|
| 11 | from lower to 2.3.x: the database scheme has changed slightly.
|
|---|
| 12 | To upgrade, use the following SQL commands in the command-line
|
|---|
| 13 | client of your database:
|
|---|
| 14 |
|
|---|
| 15 | -- MySQL:
|
|---|
| 16 | ALTER TABLE samhain.log ADD COLUMN acl_old BLOB;
|
|---|
| 17 | ALTER TABLE samhain.log ADD COLUMN acl_new BLOB;
|
|---|
| 18 |
|
|---|
| 19 | -- PostgreSQL:
|
|---|
| 20 | ALTER TABLE samhain.log ADD COLUMN acl_old TEXT;
|
|---|
| 21 | ALTER TABLE samhain.log ADD COLUMN acl_new TEXT;
|
|---|
| 22 |
|
|---|
| 23 | -- Oracle:
|
|---|
| 24 | ALTER TABLE samhain.log ADD acl_old VARCHAR2(4000);
|
|---|
| 25 | ALTER TABLE samhain.log ADD acl_new VARCHAR2(4000);
|
|---|
| 26 | DROP TRIGGER trigger_on_log;
|
|---|
| 27 |
|
|---|
| 28 |
|
|---|
| 29 |
|
|---|
| 30 | since 2.2.0: server-to-server relay is possible
|
|---|
| 31 |
|
|---|
| 32 | -- this implies that problems will arise if your server is misconfigured
|
|---|
| 33 | to connect to itself (SetExportSeverity is explicitely set
|
|---|
| 34 | to a threshold different from 'none', and the logserver is set to
|
|---|
| 35 | localhost). The server may deadlock in this case.
|
|---|
| 36 |
|
|---|
| 37 |
|
|---|
| 38 |
|
|---|
| 39 | since 2.1.0: update and daemon mode can be combined
|
|---|
| 40 |
|
|---|
| 41 | -- this implies that '-t update' will start a daemon process if running as
|
|---|
| 42 | daemon is the default specified in the config file. use '--foreground'
|
|---|
| 43 | to avoid starting a daemon process
|
|---|
| 44 |
|
|---|
| 45 |
|
|---|
| 46 |
|
|---|
| 47 | from 1.7.x to 1.8.x: client/server encryption protocol has been enhanced
|
|---|
| 48 |
|
|---|
| 49 | -- 1.7.x clients can connect to a 1.8.x server
|
|---|
| 50 |
|
|---|
| 51 | -- 1.8.x clients can only connect to a 1.7.x server, if they
|
|---|
| 52 | are built with --enable-encrypt=1
|
|---|
| 53 |
|
|---|
| 54 |
|
|---|
| 55 |
|
|---|
| 56 | from 1.6.x to 1.7.x: things to watch out for
|
|---|
| 57 |
|
|---|
| 58 | -- the log server drops root privileges after startup; it needs a logfile
|
|---|
| 59 | directory with write access for the unprivileged user now
|
|---|
| 60 |
|
|---|
| 61 | -- the PID file does not double as lock for the log file anymore; the
|
|---|
| 62 | log file has its own lock now (same path, with .lock appended)
|
|---|
| 63 |
|
|---|
| 64 | -- by default, the HTML status page of the server is in the log directory
|
|---|
| 65 | now; this allows to make the data directory read-only for the server
|
|---|
| 66 |
|
|---|
