ChangeLog for OSSIM version 0.9.9rc4

# ChangeLog for OSSIM

01 Apr 2007 DK <dk@ossim.net> :
* 0.9.9rc4 released.

* OSSIM-0.9.9rc4 (01 Apr 2007)

31 Mar 2007 DK <dk@ossim.net> :
* Server: small bugfix.
* Policy: allow for 'any' taget.
* Disable old agent code.

30 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* The Events tab in the menu now links directly to the event viewer,
users still wanting to use Acid/BASE should click the "Go to Forensics"
link inside the event viewer
* Added 3 new column options: width, wrap & align

29 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* Fix, language change not working on certain systems: Try .UTF8 too

29 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* Added support for plugin groups input instead of a list of plugins
* Configured settings now actually changes the event viewer behavior
* Added a default hardcoded "All plugins"

28 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* more functionalities

27 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* New ajax tool for configuring the event viewer (still work in progress)

17 Mar 2007 DK <dk@ossim.net> :
* Nessus: custom report generation.
Please delete the following lines after update:
* Still wondering ;-)
* juanma: wondering on what he's been working since last september.
* dgil: wondering on what he's been working since last september.

12 Mar 2007 DK <dk@ossim.net> :
* Nessus: fix network group nessus selection.
* Nessus: Add net group names when updating scans.
* Bugfixes.

10 Mar 2007 DK <dk@ossim.net> :
* Executive Panel: proof of concept "tag cloud plugin". It might be interesting to generate taglines using something like http://chir.ag/tech/download/tagline/.

09 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>

* Now the event viewer could be customized through PHP.
* include/classes/Event_viewer.inc, include/classes/Event_viewer_draw.inc,
www/event_viewer/index.php: - Added page and table customization options
- Added TODO - Added more data to display

07 Mar 2007 DK <dk@ossim.net> :
* Nessus: scanning fixes, scan without selecting sensors works again. Fixed bug where host's sensors wouldn't appear in the to-be-scanned list.
* OSVDB: uploaded get_osvdb.pl, fetches vulnerability (nessus<->osvdb) information as well as plugin sids.

06 Mar 2007 Alberto Roman <alberto@ossim.net> :
* Fix: filename, username, password and userdata* keywords, are now being sent to the frameworkd if the alarm has those data stored..
* C&A limited (reverted): Change from previous commit reverted. Need more study

02 Mar 2007 DK <dk@ossim.net> :
* Realtime event viewer: visual enhancements.

02 Mar 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* include/classes/Action_email.inc: Fix wrong escape (caused double escape
on action modifies)

27 Feb 2006 Alberto Roman <alberto@ossim.net> : All this changes applies to
ossim server:
* Cross Correlation: OS & services from host-os-event and host
service-event events are inserted into host_plugin_sid table to do
cros correlation. Host Service events now inserts it's ports as
plugin_sids inside host_plugin_sid. Host OS events inserts the event
as a different plugin_sid deppending on the S.O. used
* Event visibility: Server stores data inside event_tmp table and deletes the older
regularly. The events will be viewed in a near future thanks to
"dinamic" framework. You can specify in config table from ossim DB you can put the number of events that
will be keeped in event_tmp. Server needs restart to re-read that
configuration (at this time)
* Server without DB: Multiple changes to let ossim server load without DB.Separate the data loading from DB.
Now it can send a message to master servers to load data. Mutexes
used to assure that ossim server won't start working until all the
data has been loaded
* Priority & reliability: columns in plugin_sid table can be 0.
* Removed: fixed asset_src and asset_dst; Now it can be
modified in children servers and resended to upper ones.
* Removed: threshold check when qualifying. Not used since long time ago.
* Logging: Show in the log the remote IP wich has been disconnected
* Fixed directives: problem with directives and "ANY" keyword in filename, username,
userdata1... etc. Thx to Selamarjan for the bug report
* server: sends absolute=false in watch_rules (clarification)
* BASE64 support: Added to the ossim-server to send certain data over the
network. Now it's totally safe to send strange characters in the (i.e.)
description of the plugins_sids or in the plugin name description. The data is
encoded when sended, and decoded in the reception.
* Policy: The server now knows how to difference between different policies for
different "targets", servers or sensors (still some modifications
needed in the agent to do this). You can tell if a specific server will apply a specific policy.
* Code: Added sim_strnlen (copied from libc) to let BSD compile
* Multi level: Added multiple server configuration initial support. Now the Master server (at
this time, only the primary master server) can
read data from different servers in database to maintain the state. This
will be used to configure all the ossim server architecture from a single
point, without need to setup individually each server. [Some features still
not implemented, stay tuned! ]
* Server Role: Assigned different server role for each of the children servers.
* Risk Assesment: Risk assesment has been changed a bit. Up until now, we divided the
values by 10, after that we divided it by 2.5 to let de data appear
correctly. Now, we divide the values directly by 25, so the data is
automatically adjusted. Now the risk is much more accurate.
* Default Risk: Modified the default risk to 0. Formerly the event risk was by
default 1 to be able to print the RRD. If the risk is 0, the RRD can
paint nothing and it appears ugly. Now that is controlled in the
Framework; if some risk is 0, it's been changed with a 0.0001 to let
the Framework paint a line in the RRD.
* Temporary FIX: -Added temporary hids_event_type accepted for host-hid-_event messages.
hids_event_type is equivalent to event_type, it stores data in the same place.
* C&A limited: Say that the agent and server has been disconnected (server falls down, or
network is broken some time i.e.). If the event received from the agent, is
sended to the server more than MAX_DIFF_TIME (60 seconds) after the
reconnection, the it won't update the C & A and won't do the correlation.
* ossim_event table: Added plugin_id & plugin-sid fields
* FIX: Added IPv6 fix to compile in MAC Tiger (thx Drizzt).

27 Feb 2007 Tomas V.V.Cox <tvvcox@ossim.net>

* Initial commit of the new event viewer for the Snort DB (it should eventually replace BASE)

26 Feb 2007 DK <dk@ossim.net> :
* DoNessus.py: fixing "reentrancy".
* Nessus reporting: Show scanned hosts & networks.
* Nessus reporting: bugfixes, limit shown hosts.
* Nessus reporting: colorize showing scan age.

23 Feb 2007 DK <dk@ossim.net> :
* Nessus reporting: Many reporting enhancements: per date, per network
* New tag for ticket email templates: TICKET_INVERSE_HISTORY, same as
TICKET_HISTORY but reversed :-)

23 Feb 2007 Tomas V.V.Cox <tvvcox@ossim.net>

* include/classes/: Upgrade.inc, Upgrade_base.inc: New property $snort
(with it you can do manipulations to the snort db whithin the PHP upgrade
scripts)
* rc4 upgrade fixes

22 Feb 2007 DK <dk@ossim.net> :
* Nessus reporting: when limiting to a single network, only show scan dates where that network was involved.

21 Feb 2007 DK <dk@ossim.net> :
* Plugin scheduler: Allow for out-of-schedule scanning.
separated reporting.

20 Feb 2007 DK <dk@ossim.net> :
* Agent: Snare plugin.

19 Feb 2007 DK <dk@ossim.net> :
* Plugin scheduler: allow for plugin scheduling using crontab.
* Frameworkd: Add scheduling watcher thread.
* Listener: Allow "scheduling id" as sensor argument in order to reproduce stored scans.

09 Feb 2007 Alejandro Lopez <alopezp@ossim.net> :
* Frameworkd: Only update RRD files neccesary and purge old RRD files (1 year old)
each n iterations in order to increase speed.
* Frameworkd: Improve Max C&A and level calculation.
* Frameworkd: Propagate MAX C&A values to bigger time ranges in order to avoid inexact
values returned from rrdtool AVERAGE.
* Agent: new Nagios and Heartbeat plugins.
* Agent: p0f plugin ignore OS version because p0f isn't accurate.
* Server: ignore OS version, backwards compatibility.

07 Feb 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* Fix plugin group displaying (was showing many copies of the same group)

06 Feb 2007 Tomas V.V.Cox <tvvcox@ossim.net>
Calendar features:
* Added help about date format here too
* Added the new date selector
* Better calendar integration into Ossim, translations and style

02 Feb 2007 DK <dk@ossim.net> :
* Nessus reporting: unified viewing of nessus scans.
* Nessus scanning: Sensor selection.
* Agent fixes: Missing host-ids-event && fields.
* Agent: Osiris plugin.
* Small policy fix.
* Alarm console: Added ability to filter by host/CIDR
* Incidents: Added new "start of incident" field for metric, alarm & event incidents.
* Backup: Also backup ACL database.
* DB SQL: Fix SQL creation files.

30 Jan 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* New function:
Util::draw_js_calendar(), which displays a nice calendar icon that you
can click on for a comfortable date selector widget.

Its using the Mattkruse library, thanks for it Mat!
(http://www.javascripttoolbox.com/lib/calendar/)

Integration still in progress

24 Jan 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* E_ALL, security, fixes for rc4

11 Jan 2007 Tomas V.V.Cox <tvvcox@ossim.net>
* Added alarm list limits support: by number of alarms per page and by start/end
date

21 Dec 2006 Tomas V.V.Cox <tvvcox@ossim.net>
* A lot of fixes and improvements to the business processes interface

13 Nov 2006 Tomas V.V.Cox <tvvcox@ossim.net>
* Non-functional, developer-only release of the upcomming new
feature: business processes

22 Sep 2006 DK <dk@ossim.net> :
* 0.9.9rc3 released.

Automatically generated from ChangeLog at Mon Apr 2 15:15:47 2007