1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
|
Differences with version 4.2.3
=================================================
FIXES:
: Windows uninstaller now removes all osiris related registry
keys during uninstall.
: Linux mod_ports will only attempt to process the tcp
procfiles if they exist.
: Fixed a bug in the osirismd where the scan context was
closed too early in the compare routine.
: Fixed a bug in the CLI where print-db would see a race
condition and fail.
: Fixed the console and agent creation scripts to build the
OpenBSD packages correctly.
: Lemmings provided a fix to clean up defunct processes being
created by the osirismd scheduling process.
FEATURES:
: Filters are now stored in a flat text file on the management
daemon. Existing filters will be copied from the filter
database into the flat text file if the flat file does not
exist at the time of osirismd starting. This allows the
filters to keep their order and makes comments in the filters
much more useful.
Differences with version 4.2.2
=================================================
FIXES:
: Modified md_scan to push the scan config before reading
the host. This fixes the problem where a host is unable
to be scanned the first time after it loses its session key.
: Fixed the version.h version string so make console and
make agent would correctly build the tarballs.
: Fixed create_console.sh and create_agent.sh to be compatible
with older uname versions.
: Fixed format string vulnerabilities in the logging functions
for windows based scan agents.
FEATURES:
: Added functionality to the CLI to allow print-db without
having the host active (print-db <hostname> <db number>)
: Modified mod_ports to allow the filtering by uid. Updated
the README in the mod_ports directory to document how
filtering works.
: Added in the mod_if module to the main distribution.
Differences with version 4.2.1
=================================================
FIXES:
: fixed format string vulnerabilities in the logging functions
Differences with version 4.2.0
=================================================
FIXES:
: scanner adheres to new Mac OS X resource fork convention.
: fixed bug with readdir() wrapper bug with dirents end case.
: fixed Date header in email notifications for console on Windows.
: updated linux init script installs.
: fixed bug with add/remove user on same login session.
: removed uid/inode from linux mod_ports record header.
: fixed potential problem with deep paths in scanner.
FEATURES:
: scan command now pushes baseline database to host.
: added import-filters command (developer submission).
: auth.db passwords are now encrypted (hashed).
: mod_ports has new params to ignore certain port numbers.
: added -q option to console, to not log to system log.
Differences with version 4.1.9
=================================================
FIXES:
: fixed install.sh to get proper ROOT_GROUP for Linux.
: added runlevel 2 to linux init script setup.
: added informative error messages in cli for init command.
: fixed filter bug where notifications sent on zero changes.
: fixed notify bug where SMTP buffer not large enough for some mailers.
: fixed missing test-filter alias (test-regex).
: fixed bug with root path not being assumed from command line arguments.
: fixed installer for linux distro detection command.
: fixed bug with info/error/warn message headers not being filtered correctly.
FEATURES:
: mod_ports for linux now supports monitoring/reporting on inode and uid.
Differences with version 4.1.8
=================================================
FIXES:
: added contraints to -p (port) argument to scan agent, accepts
numbers only (agent).
: added arguments for pid file specification to fix various init
scripts (agent/console).
: fixed conflicts with fancy-cli and readline options.
: fixed minor bug with CLI not interpreting host argument correctly.
Differences with version 4.1.7
=================================================
FIXES:
: fixed typos in CLI interface.
: removed borked filter wizard option.
: changed errors to warnings for checks on editor executable in CLI.
: editor searching now will make use of PATH env variable.
: filters editing now works; uses editor, not a stupid menu.
FEATURES:
: UNIX installer can initiate non-interactive install via command line argument.
: added mass deployment perl script for adding agents to management console.
: added unset-base-db command to CLI.
: added copy configuration command (cp-config).
: added readline support (link against libreadline if installed).
Differences with version 4.1.5
=================================================
FIXES:
: certificate pre-provisioning for Windows installer now works.
: http port no longer on by default.
: removed -u argument from CLI, it was useless.
: fixed bug with Solaris x86 mod_kmods not working at all.
FEATURES:
: CLI now supports argument to specify remote port (-p).
Differences with version 4.1.4
=================================================
FIXES:
: fixed bug in solaris init script, for stop osirismd (didn't work).
: fixed annoying warning in installer for backing up default configs.
: removed gcc dependancy in modules Makefile.am
: removed stray C++ style comments from regex library.
: fixed configure problem determination of -Wall flag use (portability issue).
: fixed osirsimd freebsd init script, missing rc command..
: fixed bug with files_scanned counter always zero in db header.
: added error logging to file checksumming code.
: fixed bug with windows time zone offset not being used in notify date headers.
FEATURES:
: added quiet option (-q) to scan agent; produces no local logging.
Differences with version 4.1.3
=================================================
FIXES:
: fixed mod_ports record key value so address is included, as port number
may not be unique in the case of multiple interfaces.
: fixed minor bug in gentoo installation, relative path to rc-update.
: Date header for mail, and others now compliant with rfc2822.
: debian init script improperly used chuid option on agent.
: fixed bug with filters still generating email notifications.
FEATURES:
: added Linux support for native mod_ports module (experimental).
Differences with version 4.1.2
=================================================
FIXES:
: fixed notification email bug with url not being added to email.
: fixed http_host field not being used for log reports URLs.
Differences with version 4.1.1
=================================================
FEATURES:
: added mod_ports for Windows XP. Open network port monitoring module.
FIXES:
: fixed email subject heading not being set correctly for log notifications.
Differences with version 4.1
=================================================
FEATURES:
: added 'notify_app' keyword to osirismd config, can pipe notifications
to an application in addition to emamil.
: filter redisign. Filters now apply to ALL logs. This allows for the
filtering of info, error, warning, or scan log entries with regular
expressions. There is a wizard interface still, or you can enter
any regular expression to match specific logs, or types of log messages
to prevent those logs from being generated.
: added 'test-regex' command to CLI to allow for quick interpretation of
what the regex engine will match for log filters, or for anything in
the config files that use regular expressions.
: restructured how signals work in the daemons.
FIXED:
: default schedule start time for new hosts, if not specified, is
current time.
=================================================
BRANCH FROM 4.0.8 code.
=================================================
Differences with version 4.0.8
=================================================
FIXED:
: updated copyrights.
FEATURES:
: port of host.conf config keyword from the 4.1 branch.
Differences with version 4.0.7
=================================================
FIXED:
: cli stat of editor incorrect.
: utilities.c, escape filename bug in octal handling.
: fixed memory leak in regex file filter hs_regfree missing.
Differences with version 4.0.6
=================================================
FIXED:
: typo in generic osirismd rc script.
: changed verify cert depth to 10, from 4.
: moved 'continue' prompt to beginning of installer, where it should be.
: fixed regular expression filter value bug with parens.
FEATURES:
: added default config for Linksys WRT54G(S).
: changed notification subject lines for easier parsing.
Differences with version 4.0.5
=================================================
FIXED:
- url now not shown in notification emails when auto-accept turned on.
- removed "checking schedules" log from windows builds.
- bug with test-notify message headers, extra crlf.
- fixed timezone problem with scheduler prompt (thanks spike!)
- bug with non-privsep unix platforms unresolve rootpriv_fopen calls.
- configure script, no -Wall option for AIX compiler.
- removed C++ style comments from common code.
- fixed bugs with installer on irix for user/group creation.
- fixed bug with windows installer not properly shutting down existing services.
- windows kmod status field now a word/description, not just a number.
- bug with print-config not always printing config name.
- configuration bug, NoEntry directive on "/" block not working correctly.
- default self-signed cert validity now 10 year, not one.
FEATURES:
- admin email to management config. when set, this will send ALL mail
notifications to this address in addition to any other set email addresses.
Differences with version 4.0.3
=================================================
FIXED:
- subject headers, missing CRLF
- log message of type error, should have been type: info.
- notify_flags (scan failed) not being set correctly.
- bogus scan-failure messages from being sent by the scheduler.
- bug where console would not updage schedules after a rm-host.
- install.sh bug not always detecting linux distro correctly.
- plist file for Darwin init script wasn't compatible with older OS X versions.
- solaris install.sh bug with useradd/groupadd calls.
FEATURES:
- added Date header to email notification messages.
- added default config for Windows Server 2003.
Differences with version 4.0.1
=================================================
FEATURES:
- added the ability to edit comparison filters with the CLI.
- added command completion to the CLI, and added a history list
of commands (up/down arrows). This is still experimental, enable
this with the configure option: --enable-fancy-cli=yes
- added more scan database options to host configuration. Hosts can
now be configured to archive all databases, archive databases only when
there are changes, or to not save any databases at all. In addition, hosts
can now be configured to auto-accept changes, meaning that changes will only
be logged (and/or sent out via email notifications) once.
- added support for gentoo install.
- added ability to configure scan agent listen port.
FIXES:
- fixed silly bug with push-config prompts not filtering out beginning or
trailing whitespaces in the response.
- fixed minor bug in Darwin installer.
- fixed a number of typos in CLI and log messages.
- fixed string format bug with log entry in cert creation code.
- fixed the allow list so regular expressions work properly, and hostnames
now work properly. Previously, only IP addresses were valid entries.
- fixed minor formatting bug with notification email when http port
is not enabled.
- fixed bug with rm-host command on CLI not parsing argument correctly.
- added more log messages to the scheduler module.
- fixed SIGCHLD bug with management console/CLI leaving zombies.
- fixed make distclean target in scan agent modules directory.
- fixed signal handler bug with the scheduler that rendered the scheduling
process vulnerable to freezes, or crashes.
Differences with version 4.0.0
=================================================
- Versions 2.x-stable is NOT compatible with version 4.0.
- new modular interface. This allows for developers to easily extend the
functionality of the scan agent. See http://www.hostintegrity.com/osiris
for details.
- support for monitoring user database (module).
- support for monitoring group database (module).
- support for monitoring kernel extensions (module).
- support for AIX (thanks to Duane Dunston).
- support for IRIX (thanks to Karen Wieprecht).
- added reg-ex to the project so that the regular expressions used with
filters as well as scan config rules will work the same on all supported
platforms. Thus windows scan agents and management consoles now support
regular expressions.
- notification settings are now more configurable. On a per-host basis,
notification for the following can now be specified:
a) scheduler fails to start a scan.
b) send notification after every scan, even if no changes occured.
c) send notification when an agent has lost its session key.
d) changes detected.
- filters now can single out specific attribute changes to files. Previously
the filters would be all or nothing with respect to showing what changed
for a particular file.
- CLI now will dig out the config used for the trusted db and use it if no
config name is specified for the config related commands.
- all logs generated by the management console now have ID codes to make
the logs more friendly to log analysis tools. See the documentation or
the online docs for logging codes, http://www.hostintegrity.com/osiris
- syslog levels: info, warn, and err are now used. The syslog facility is
still configurable. The log_intensity config paramater is no more.
- The name of the osiris user/group created during the installation can now
now be specified as a configure option. The default is, "osiris" (Not
applicable on Windows).
- The osiris root directory can now be specified as a configure option, the
default is, "/usr/local/osiris" ( Not Applicable on Windows).
- logs now reveal the ID of the scan config used, in addition to the name.
- The CLI now lists hosts in alphabetical order.
- CLI now will make use of the EDITOR environment variable so you can
choose what editor to use to edit and create scan configs.
- database format made more efficient and the records are printed in
alphabetical order in print-db routines as well as in any logs or
notifications (new version of Berkeley DB: 4.2.52).
- The source now builds under MinGW. As a result, the build system on
Windows is no longer the cumbersome pain that it was. The Visual Studio
project files have all been removed, with joy.
- new make targets: "agent" and "console" now create installation packages
for the scan agent and the management console that can be run from
read-only media (Not applicable on Windows, use the supplied NSIS script).
|
