ChangeLog

Revision 1009, 7.4 kB (checked in by anonymous, 5 years ago)
This commit was manufactured by cvs2svn to create tag 'psad_1_3_1_r1'.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`

Line
1	psad-1.3.1 (12/25/2003):
2	- Added the ability to import /var/log/psad/<ip> directories
3	back into memory so scan data remains persistent across
4	psad restarts or system reboots.
5	- Added --Analyze-msgs to run psad in analysis mode against an
6	iptables logfile (/var/log/psad/fwdata by default). The logfile
7	path can be changed with --messages-file.
8	- Added icmp type and code validation against RFC 792.
9	- Bugfix for being too strict with FW_MSG_SEARCH.
10	- Added port ranges for tcp and udp scans in <ip>/<dst>_packet_ctr.
11	- Added <ip>/<dst>_start_time and <ip>/os_guess.
12	- Bugfix for missing --no-signatures code.
13	- Updated to Snort-2.1 signatures.
14
15	psad-1.3 (11/30/2003):
16	- Replaced all signatures in psad_signatures with updated snort
17	rules.
18	- Added support for source and destination ip addresses in
19	signature matching code. A new variable "HOME_NET" makes this
20	possible.
21	- Added support for the iptables output chain.
22	- Added chain tracking for all signatures.
23	- Replaced match_fastsigs() with two new routines for tcp and
24	udp signature matching that don't autovivify hash keys.
25	- Removed support for ipchains.
26	- Added support for metalog.
27	- Removed all "Undefined Code" signatures from psad_signatures.
28	- Re-worked %auto_blocked_ips hash and corresponding blocking
29	routines. This (hopefully) fixes a restart bug seen on older
30	systems such as those that are still running versions of perl
31	less than 5.6.
32	- Re-worked firewall policy parsing routines. Chains that have
33	a default policy of DROP are handled properly now.
34	- Bugfix for missing NULL char in kmsgsd.c.
35	- Updated scan alerting format. Put current interval protocol
36	status before source and destination addresses.
37	- Buffer overflow fix in kmsgsd.c for size of buf[MAX_LINE_BUF]
38	buffer in read() call.
39	- Added --no-kmsgsd option to aid in psad --debug mode.
40
41	psad-1.2.4 (10/15/2003):
42	- Added danger level to subject line in email alerts.
43	- Removed diskmond altogether since psad now handles disk space
44	thresholds directly. This allows filehandles to be handled
45	properly.
46	- Added auto_block_ignore_ip() to prevent 0.0.0.0, 127.0.0.1,
47	and local interface ips from being included in auto blocking
48	routines.
49	- Added Bit::Vector module to stop installation warnings from
50	Date::Calc.
51	- Made get_local_ips() called periodically since local addresses
52	may change (dhcp, etc.).
53	- Added installation code and init script for Gentoo Linux.
54	- Bugfix for INIT_DIR in uninstall() routine in install.pl.
55	- Bugfix for auto-blocking loop after timeouts are hit.
56	- Added --status-dl [N] to display status information only for
57	those scans that reach at least [N].
58
59	psad-1.2.3 (09/12/2003):
60	- Added interface tracking for scans.
61	- Bugfix for not opening /etc/hosts.deny the right way in
62	tcpwr_block().
63	- Bugfix for psadfifo path in syslog-ng config.
64	- Better format for summary stats section in email alerts.
65	- Bugfix for INIT_DIR path on non-RedHat systems.
66	- Bugfix for gzip path.
67	- Make Psad.pm installed last of all perl modules installed
68	by psad.
69	- Added additional call to incr_syscall_ctr() in psadwatchd.c
70
71	psad-1.2.2 (08/24/2003):
72	- psad is finally available as an RPM package.
73	- Added chain tracking for iptables.
74	- Added chain counts to --Status output.
75	- Bugfix for psad not taking into account multiple scan
76	destinations.
77	- Reworked auto-blocking code for both tcpwrappers and
78	iptables. Lines added to /etc/hosts.deny will no longer be
79	duplicated. Added IPTABLES_AUTO_RULENUM and
80	IPCHAINS_AUTO_RULENUM so auto rules can be inserted at a
81	configurable point within iptables and ipchains policies.
82	- Psad now installs all perl modules within /usr/lib/psad.
83	- Removed /var/log/psad/<ip>/scanlog file since it was wasting
84	too much disk.
85	- Made psad, psadwatchd, and diskmond take the machine hostname
86	from their respective config files. This makes installation
87	via the rpm easier, and is generally cleaner.
88	- Added scan destination in --Status output.
89	- Added --status-sort-dl (the default status output is now
90	sorted by ip address by default).
91
92	psad-1.2.1 (07/11/2003):
93	- Bugfix for multiple processes being spawned by psadwatchd
94	due to lack of proper config variables in the new split
95	daemon config files.
96	- Bugfix for old scan messages being regenerated if a HUP
97	signal is received.
98	- Bugfix for incorrectly calculating disk utilization in
99	diskmond.c.
100	- Extended install.pl to include compression for archived
101	files in /etc/psad.
102	- Added preserve questions in install.pl for the psad
103	signature and auto ips files.
104	- Bugfix for --USR1 command line switch not mapping to the
105	correct subroutine.
106	- Bugfix for psad man page missing the pipe character in
107	psadfifo line for syslog.conf.
108
109	psad-1.2 (06/18/2003):
110	- Added passive OS fingerprinting based on packet ttl, length,
111	tos, and id fields.
112	- Added dshield.org alerting capability.
113	- Added exec_external_script() for external script execution.
114	- Added auto blocked timeouts.
115	- Implemented config re-imports via HUP signals in a manner
116	similar to various other system daemons (sysylog, apache
117	etc.)
118	- Better --Status output that shows packet counts per protocol
119	for each ip.
120	- Added --ip-status for more verbose status output for a
121	particular ip address.
122	- Added config preservation code to install.pl.
123	- Added Psad::psyslog().
124	- Split psad.conf into a separate config file for each of the
125	four psad daemons.
126	- Completely re-worked the auto blocking code (made dedicated
127	files for iptables and ipchains block methods).
128	- Added danger level hash.
129	- Minor code cleanups (shorter hash keys, etc.).
130
131	psad-1.1.1 (04/26/2003):
132	- Bugfix for incorrect usage of %scan hash keys associated
133	with tcp/udp when the current protocol is icmp.
134	- Bugfix for being too strict on iptable default log string.
135	- Reworked USR1 signal handler so the Data::Dumper function
136	call is made in the main part of the psad code.
137	- Added a startup message for psad.
138	- Minor bugfix for leading whitespace in auto_ips.
139
140	psad-1.1 (04/20/2003):
141	- Added the IPTables::Parse module for better processing of
142	the iptables ruleset.
143	- Added --snort-sids so that iptables messages generated by
144	fwsnort can be included in alerts. Such alerts now include
145	the content fields of packets (fwsnort uses the iptables
146	string match module).
147	- Added the ability to specify entire networks in the auto
148	ips file through the use of the Net::IPv4Addr module.
149	- Better logging format that reinstates the current interval,
150	and adds an "overall stats" section that includes packet
151	counters per protocol.
152	- Removed the PROTO hash key since it was unnecesssary.
153	- Better benchmarking code.
154	- Bug fix for incorrectly looking for the "MAC" string in
155	iptables messages that could have been generated by the
156	FORWARD chain.
157
158	psad-1.0 (02/27/2003):
159	- Added --Benchmark and --packets command line options to support
160	psad benchmarking.
161	- Bugfix for improperly detecting NULL scans.
162	- Completely redesigned website.
163
164	psad-1.0.0-pre4 (11/26/2002):
165	- Rewrote kmsgsd and psadwatchd in C.

Note: See TracBrowser for help on using the browser.

root/psad/tags/psad_1_3_1_r1/ChangeLog

Download in other formats: