1 |
|
---|
2 | to 2.3.3 and higher: a bug has been fixed that resulted in an additional
|
---|
3 | slash at the beginning of the linked path of symlinks in the root
|
---|
4 | directory (symlinks in other directories were not affected)
|
---|
5 |
|
---|
6 | -- this may cause spurious warnings about modified links, if you check
|
---|
7 | against a database created with an earlier version of samhain
|
---|
8 |
|
---|
9 |
|
---|
10 |
|
---|
11 | from lower to 2.3.x: the database scheme has changed slightly.
|
---|
12 | To upgrade, use the following SQL commands in the command-line
|
---|
13 | client of your database:
|
---|
14 |
|
---|
15 | -- MySQL:
|
---|
16 | ALTER TABLE samhain.log ADD COLUMN acl_old BLOB;
|
---|
17 | ALTER TABLE samhain.log ADD COLUMN acl_new BLOB;
|
---|
18 |
|
---|
19 | -- PostgreSQL:
|
---|
20 | ALTER TABLE samhain.log ADD COLUMN acl_old TEXT;
|
---|
21 | ALTER TABLE samhain.log ADD COLUMN acl_new TEXT;
|
---|
22 |
|
---|
23 | -- Oracle:
|
---|
24 | ALTER TABLE samhain.log ADD acl_old VARCHAR2(4000);
|
---|
25 | ALTER TABLE samhain.log ADD acl_new VARCHAR2(4000);
|
---|
26 | DROP TRIGGER trigger_on_log;
|
---|
27 |
|
---|
28 |
|
---|
29 |
|
---|
30 | since 2.2.0: server-to-server relay is possible
|
---|
31 |
|
---|
32 | -- this implies that problems will arise if your server is misconfigured
|
---|
33 | to connect to itself (SetExportSeverity is explicitely set
|
---|
34 | to a threshold different from 'none', and the logserver is set to
|
---|
35 | localhost). The server may deadlock in this case.
|
---|
36 |
|
---|
37 |
|
---|
38 |
|
---|
39 | since 2.1.0: update and daemon mode can be combined
|
---|
40 |
|
---|
41 | -- this implies that '-t update' will start a daemon process if running as
|
---|
42 | daemon is the default specified in the config file. use '--foreground'
|
---|
43 | to avoid starting a daemon process
|
---|
44 |
|
---|
45 |
|
---|
46 |
|
---|
47 | from 1.7.x to 1.8.x: client/server encryption protocol has been enhanced
|
---|
48 |
|
---|
49 | -- 1.7.x clients can connect to a 1.8.x server
|
---|
50 |
|
---|
51 | -- 1.8.x clients can only connect to a 1.7.x server, if they
|
---|
52 | are built with --enable-encrypt=1
|
---|
53 |
|
---|
54 |
|
---|
55 |
|
---|
56 | from 1.6.x to 1.7.x: things to watch out for
|
---|
57 |
|
---|
58 | -- the log server drops root privileges after startup; it needs a logfile
|
---|
59 | directory with write access for the unprivileged user now
|
---|
60 |
|
---|
61 | -- the PID file does not double as lock for the log file anymore; the
|
---|
62 | log file has its own lock now (same path, with .lock appended)
|
---|
63 |
|
---|
64 | -- by default, the HTML status page of the server is in the log directory
|
---|
65 | now; this allows to make the data directory read-only for the server
|
---|
66 |
|
---|