| 1 |
fwknop-0.5.0 (03/19/2005): |
|---|
| 2 |
- Added ALERTING_METHOD to allow syslog and/or email reporting to be |
|---|
| 3 |
disabled (there is a dedicated file /etc/fwknop/alert.conf that |
|---|
| 4 |
governs this behavior, and both fwknop and knopwatchd reference this |
|---|
| 5 |
file). |
|---|
| 6 |
- Bugfix for distinguishing OPT field associated with --log-tcp-options |
|---|
| 7 |
vs. --log-ip-options. |
|---|
| 8 |
- Added install_perl_module() install.pl from psad to provide a |
|---|
| 9 |
consistent installation interface. |
|---|
| 10 |
- Applied patch to only install perl modules that are not already |
|---|
| 11 |
installed (Blair Zajac). |
|---|
| 12 |
- Added --last-cmd option to allow fwknop to be executed with command |
|---|
| 13 |
line arguments from the previous execution (they are saved in |
|---|
| 14 |
~/.fwknop.run). |
|---|
| 15 |
- Added --Home-dir option to allow the home directory to be manually |
|---|
| 16 |
specified. |
|---|
| 17 |
- Re-worked get_homedir() to be more friendly to systems that do not |
|---|
| 18 |
necessarily have /etc/passwd (e.g. OS X). |
|---|
| 19 |
- Added configuration preservation and querying for which syslog |
|---|
| 20 |
daemon is running to install.pl. These features were adapted from the |
|---|
| 21 |
psad installer (http://www.cipherdyne.org/psad). |
|---|
| 22 |
- Added IPTables::ChainMgr. Fwknop uses this module to maintain |
|---|
| 23 |
dedicated chains to which access rules are added. |
|---|
| 24 |
- Added IPTables::Parse, which is used internally by IPTables::ChainMgr. |
|---|
| 25 |
- Added __WARN__ and __DIE__ handlers so errors can easily be collected. |
|---|
| 26 |
|
|---|
| 27 |
fwknop-0.4.2 (09/27/2004): |
|---|
| 28 |
- Added init script for Fedora systems. |
|---|
| 29 |
- Added --Kill, --Restart, and --Status modes (this fixes the generic |
|---|
| 30 |
init script which depends on these arguments). |
|---|
| 31 |
|
|---|
| 32 |
fwknop-0.4.1 (09/14/2004): |
|---|
| 33 |
- Bugfix for legacy posf code in fwknop and variable in fwknop.conf. |
|---|
| 34 |
|
|---|
| 35 |
fwknop-0.4 (09/10/2004): |
|---|
| 36 |
- Added ability to specify multiple IPs/networks in a single SOURCE |
|---|
| 37 |
definition. |
|---|
| 38 |
- Better examples section in the fwknop manpage. |
|---|
| 39 |
- Bugfix to make sure EMAIL_ADDRESSES variable does not contain commas |
|---|
| 40 |
(any commas are translated into spaces). |
|---|
| 41 |
- Added LICENSE file. |
|---|
| 42 |
|
|---|
| 43 |
fwknop-0.3 (08/21/2004): |
|---|
| 44 |
- Bugfix for tracking knock sequences by source IP address. |
|---|
| 45 |
- Bugfix for knock sequence timeouts. |
|---|
| 46 |
- Removed old passive OS fingerprinting code in favor of the p0f |
|---|
| 47 |
strategy. |
|---|
| 48 |
- Added support for taking encryption keys from a file specified on |
|---|
| 49 |
the command line. |
|---|
| 50 |
- Update to send "sequence decrypt failed" email message only if |
|---|
| 51 |
decryption failed for all encrypt sequence SOURCE blocks. |
|---|
| 52 |
|
|---|
| 53 |
fwknop-0.2 (07/31/2004): |
|---|
| 54 |
- Implemented remote username checking in encrypted sequences. |
|---|
| 55 |
- Added support for icmp in knock sequences. |
|---|
| 56 |
- Added protocol rotation option for encrypted sequences. |
|---|
| 57 |
- Added code for multiple SOURCE access blocks with the same source |
|---|
| 58 |
net/IP. |
|---|
| 59 |
- Added KNOCK_LIMIT access control variable to limit the number of |
|---|
| 60 |
times a particular knock sequence is honored. |
|---|
| 61 |
- Added email alerts. |
|---|
| 62 |
|
|---|
| 63 |
fwknop-0.1 (07/08/2004): |
|---|
| 64 |
- Initial release. |
|---|
