All Versions
87
Latest Version
Avg Release Cycle
29 days
Latest Release
922 days ago

Changelog History
Page 8

  • v3.2.3 Changes

    May 28, 2018

    โž• Added

    • ๐Ÿ†• New internal option to enable merged file creation by Remoted. (#603)
    • Created alert item for GDPR and GPG13. (#608)
    • โž• Add support for Amazon Linux in vulnerability-detector.
    • Created an input queue for Analysisd to prevent Remoted starvation. (#661)

    ๐Ÿ”„ Changed

    • 0๏ธโƒฃ Set default agent limit to 14.000 and file descriptor limit to 65.536 per process. (#624)
    • Cluster improvements.
      • New protocol for communications.
      • Inverted communication flow: clients start communications with the master.
      • Just the master address is required in the <nodes> list configuration.
      • Improved synchronization algorithm.
      • Reduced the number of processes to one: wazuh-clusterd.
    • Cluster control tool improvements: outputs are the same regardless of node type.
    • 0๏ธโƒฃ The default input queue for remote events has been increased to 131072 events. (#660)
    • Disconnected agents will no longer report vulnerabilities. (#666)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed agent wait condition and improve logging messages. (#550)
    • ๐Ÿ›  Fix race condition in settings load time by Windows agent. (#551)
    • ๐Ÿ›  Fix bug in Authd that prevented it from deleting agent-info files when removing agents.
    • ๐Ÿ›  Fix bug in ruleset that did not overwrite the <info> option. (#584)
    • ๐Ÿ›  Fixed bad file descriptor error in Wazuh DB (#588)
    • ๐Ÿ›  Fixed unpredictable file sorting when creating merged files. (#599)
    • ๐Ÿ›  Fixed race condition in Remoted when closing connections.
    • ๐Ÿ›  Fix epoch check in vulnerability-detector.
    • ๐Ÿ›  Fixed hash sum in logs rotation. (#636)
    • ๐Ÿ›  Fixed cluster CPU usage.
    • ๐Ÿ›  Fixed invalid deletion of agent timestamp entries. (#639)
    • ๐Ÿ›  Fixed segmentation fault in logcollector when multi-line is applied to a remote configuration. (#641)
    • ๐Ÿ›  Fixed issue in Syscheck that may leave the process running if the agent is stopped quickly. (#671)

    โœ‚ Removed

    • โœ‚ Removed cluster database and internal cluster daemon.

  • v3.2.2 Changes

    May 07, 2018

    โž• Added

    • Created an input queue for Remoted to prevent agent connection starvation. (#509)

    ๐Ÿ”„ Changed

    • โšก๏ธ Updated Slack integration. (#443)
    • โฌ†๏ธ Increased connection timeout for remote upgrades. (#480)
    • Vulnerability-detector does not stop agents detection if it fails to find the software for one of them.
    • ๐Ÿ‘Œ Improve the version comparator algorithm in vulnerability-detector. (#508)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed bug in labels settings parser that may make Agentd or Logcollector crash.
    • ๐Ÿ›  Fixed issue when setting multiple <server-ip> stanzas in versions 3.0 - 3.2.1. (#433)
    • ๐Ÿ›  Fixed bug when socket database messages are not sent correctly. (#435)
    • ๐Ÿ›  Fixed unexpected stop in the sources installer when overwriting a previous corrupt installation.
    • โž• Added a synchronization timeout in the cluster to prevent it from blocking (#447)
    • ๐Ÿ›  Fixed issue in CSyslogd when filtering by rule group. (#446)
    • ๐Ÿ›  Fixed error on DB daemon when parsing rules with options introduced in version 3.0.0.
    • ๐Ÿ›  Fixed unrecognizable characters error in Windows version name. (#478)
    • ๐Ÿ›  Fix Authd client in old versions of Windows (#479)
    • Cluster's socket management improved to use persistent connections (#481)
    • ๐Ÿ›  Fix memory corruption in Syscollector decoder and memory leaks in Vulnerability Detector. (#482)
    • ๐Ÿ›  Fixed memory corruption in Wazuh DB autoclosing procedure.
    • ๐Ÿ›  Fixed dangling db files at DB Sync module folder. (#489)
    • ๐Ÿ›  Fixed agent group file deletion when using Authd.
    • ๐Ÿ›  Fix memory leak in Maild with JSON input. (#498)
    • ๐Ÿ›  Fixed remote command switch option. (#504)

  • v3.2.1 Changes

    March 03, 2018

    โž• Added

    • โž• Added option in Makefile to disable CIS-CAT module. (#381)
    • โž• Added field totalItems to GET/agents/purgeable/:timeframe API call. (#385)

    ๐Ÿ”„ Changed

    • 0๏ธโƒฃ Giving preference to use the selected Java over the default one in CIS-CAT wodle.
    • โž• Added delay between message delivery for every module. (#389)
    • ๐Ÿ‘Œ Verify all modules for the shared configuration. (#408)
    • โšก๏ธ Updated OpenSSL library to 1.1.0g.
    • Insert agent labels in JSON archives no matter the event matched a rule.
    • ๐Ÿ‘Œ Support for relative/full/network paths in the CIS-CAT configuration. (#419)
    • ๐Ÿ‘Œ Improved cluster control to give more information. (#421)
    • โšก๏ธ Updated rules for CIS-CAT.
    • โœ‚ Removed unnecessary compilation of vulnerability-detector in agents.
    • Increased wazuh-modulesd's subprocess pool.
    • ๐Ÿ‘Œ Improved the agent software recollection by Syscollector.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed crash in Agentd when testing Syscollector configuration from agent.conf file.
    • ๐Ÿ›  Fixed duplicate alerts in Vulnerability Detector.
    • ๐Ÿ›  Fixed compiling issues in Solaris and HP-UX.
    • ๐Ÿ›  Fixed bug in Framework when listing directories due to permissions issues.
    • ๐Ÿ›  Fixed error handling in CIS-CAT module. (#401)
    • ๐Ÿ›  Fixed some defects reported by Coverity. (#406)
    • ๐Ÿ›  Fixed OS name detection in macOS and old Linux distros. (#409)
    • ๐Ÿ›  Fixed linked in HP-UX.
    • ๐Ÿ›  Fixed Red Hat detection in vulnerability-detector.
    • ๐Ÿ›  Fixed segmentation fault in wazuh-cluster when files path is too long.
    • ๐Ÿ›  Fixed a bug getting groups and searching by them in GET/agents API call. (#390)
    • ๐Ÿ›  Several fixes and improvements in cluster.
    • ๐Ÿ›  Fixed bug in wazuh-db when closing exceeded databases in transaction.
    • ๐Ÿ›  Fixed bug in vulnerability-detector that discarded valid agents.
    • ๐Ÿ›  Fixed segmentation fault in Windows agents when getting OS info.
    • ๐Ÿ›  Fixed memory leaks in vulnerability-detector and CIS-CAT wodle.
    • ๐Ÿ›  Fixed behavior when working directory is not found in CIS-CAT wodle.

  • v3.2.0 Changes

    February 13, 2018

    โž• Added

    • โž• Added support to synchronize custom rules and decoders in the cluster.(#344)
    • โž• Add field status to GET/agents/groups/:group_id API call.(#338)
    • โž• Added support for Windows to CIS-CAT integration module (#369)
    • ๐Ÿ†• New Wazuh Module "aws-cloudtrail" fetching logs from S3 bucket. (#351)
    • ๐Ÿ†• New Wazuh Module "vulnerability-detector" to detect vulnerabilities in agents and managers.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed oscap.py to support new versions of OpenSCAP scanner.(#331)
    • ๐Ÿ›  Fixed timeout bug when the cluster port was closed. (#343)
    • ๐Ÿ‘Œ Improve exception handling in cluster_control. (#343)
    • ๐Ÿ›  Fixed bug in cluster when receive an error response from client. (#346)
    • ๐Ÿ›  Fixed bug in framework when the manager is installed in different path than /var/ossec. (#335)
    • ๐Ÿ›  Fixed predecoder hostname field in JSON event output.
    • ๐Ÿ›  Several fixes and improvements in cluster.

  • v3.1.0 Changes

    December 22, 2017

    โž• Added

    • ๐Ÿ†• New Wazuh Module "command" for asynchronous command execution.
    • ๐Ÿ†• New field "predecoder.timestamp" for JSON alerts including timestamp from logs.
    • โž• Added reload action to ossec-control in local mode.
    • โž• Add duration control of a cluster database synchronization.
    • ๐Ÿ†• New internal option for agents to switch applying shared configuration.
    • โž• Added GeoIP address finding for input logs in JSON format.
    • โž• Added alert and archive output files rotation capabilities.
    • โž• Added rule option to discard field "firedtimes".
    • โž• Added VULS integration for running vulnerability assessments.
    • CIS-CAT Wazuh Module to scan CIS policies.

    ๐Ÿ”„ Changed

    • Keepping client.keys file permissions when modifying it.
    • ๐Ÿ‘Œ Improve Rootcheck formula to select outstanding defects.
    • Stop related daemon when disabling components in ossec-control.
    • Prevented cluster daemon from starting on RHEL 5 or older.
    • Let Syscheck report file changes on first scan.
    • ๐Ÿ‘ Allow requests by node name in cluster_control binary.
    • ๐Ÿ‘Œ Improved help of cluster_control binary.
    • Integrity control of files in the cluster.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed netstat command in localfile configuration.
    • ๐Ÿ›  Fixed error when searching agents by ID.
    • ๐Ÿ›  Fixed syslog format pre-decoder for logs with missing (optional) space after tag.
    • ๐Ÿ›  Fixed alert ID when plain-text alert output disabled.
    • ๐Ÿ›  Fixed Monitord freezing when a sendmail-like executable SMTP server is set.
    • ๐Ÿ›  Fixed validation of Active Response used by agent_control.
    • ๐Ÿ‘ Allow non-ASCII characters in Windows version string.

  • v3.0.0 Changes

    December 12, 2017

    โž• Added

    • โž• Added group property for agents to customize shared files set.
    • Send shared files to multiple agents in parallel.
    • ๐Ÿ†• New decoder plugin for logs in JSON format with dynamic fields definition.
    • Brought framework from API to Wazuh project.
    • ๐Ÿ”€ Show merged files MD5 checksum by agent_control and framework.
    • ๐Ÿ†• New reliable request protocol for manager-agent communication.
    • โฌ†๏ธ Remote agent upgrades with signed WPK packages.
    • โž• Added option for Remoted to prevent it from writing shared merged file.
    • โž• Added state for Agentd and Windows agent to notify connection state and metrics.
    • โž• Added new JSON log format for local file monitoring.
    • โž• Added OpenSCAP SSG datastream content for Ubuntu Trusty Tahr.
    • Field "alert_id" in JSON alerts (by Dan Parriott).
    • โž• Added support of "any" IP address to OSSEC batch manager (by Jozef Reisinger).
    • โž• Added ossec-agent SElinux module (by kreon).
    • โž• Added previous output to JSON output (by Joรฃo Soares).
    • โž• Added option for Authd to specify the allowed cipher list (by James Le Cuirot).
    • โž• Added option for cipher suites in Authd settings.
    • โž• Added internal option for Remoted to set the shared configuration reloading time.
    • ๐Ÿ”ง Auto restart agents when new shared configuration is pushed from the manager.
    • โž• Added native support for Systemd.
    • โž• Added option to register unlimited agents in Authd.
    • ๐Ÿ†• New internal option to limit the number of file descriptors in Analysisd and Remoted.
    • โž• Added new state "pending" for agents.
    • โž• Added internal option to disable real-time DB synchronization.
    • ๐Ÿ‘ Allow multiple manager stanzas in Agentd settings.
    • ๐Ÿ†• New internal option to limit the receiving time in TCP mode.
    • โž• Added manager hostname data to agent information.
    • ๐Ÿ†• New option for rotating internal logs by size.
    • โž• Added internal option to enable or disable daily rotation of internal logs.
    • โž• Added command option for Monitord to overwrite 'day_wait' parameter.
    • โž• Adding templates and sample alert for Elasticsearch 6.0.
    • โž• Added option to enable/disable Authd on install and auto-generate certificates.
    • Pack secure TCP messages into a single packet.
    • โž• Added function to install SCAP policies depending on OS version.
    • โž• Added integration with Virustotal.
    • โž• Added timeout option for TCP sockets in Remoted and Agentd.
    • โž• Added option to start the manager after installing.
    • โž• Added a cluster of managers (wazuh-clusterd) and a script to control it (cluster_control).

    ๐Ÿ”„ Changed

    • Increased shared file delivery speed when using TCP.
    • Increased TCP listening socket backlog.
    • ๐Ÿ”„ Changed Windows agent UI panel to show revision number instead of installation date.
    • Group every decoded field (static and dynamic fields) into a data object for JSON alerts.
    • Reload shared files by Remoted every 10 minutes.
    • Increased string size limit for XML reader to 4096 bytes.
    • โšก๏ธ Updated Logstash configuration and Elasticsearch mappings.
    • ๐Ÿ”„ Changed template fields structure for Kibana dashboards.
    • 0๏ธโƒฃ Increased dynamic field limit to 1024, and default to 256.
    • ๐Ÿ”„ Changed agent buffer 'length' parameter to 'queue_size'.
    • ๐Ÿ”„ Changed some Rootcheck error messages to verbose logs.
    • โœ‚ Removed unnecessary message by manage_agents advising to restart Wazuh manager.
    • โšก๏ธ Update PF tables Active response (by d31m0).
    • Create the users and groups as system users and groups in specs (by Dan Parriott).
    • ๐Ÿ‘‰ Show descriptive errors when an agent loses the connection using TCP.
    • Prevent agents with the same name as the manager host from getting added.
    • ๐Ÿ”„ Changed 'message' field to 'data' for successful agent removing response in Authd API.
    • ๐Ÿš‘ Changed critical error to standard error in Syslog Remoted when no access list has been configured.
    • ๐Ÿ”€ Ignore hidden files in shared folder for merged file.
    • ๐Ÿ”„ Changed agent notification time values: notify time to 1 minute and reconnect time to 5 minutes.
    • Prevent data field from being inserted into JSON alerts when it's empty.
    • Spelling corrections (by Josh Soref).
    • โšก๏ธ Moved debug messages when updating shared files to level 2.
    • Do not create users ossecm or ossecr on agents.
    • โฌ†๏ธ Upgrade netstat command in Logcollector.
    • ๐Ÿ”€ Prevent Monitord and DB sync module from dealing with agent files on local installations.
    • ๐Ÿ”€ Speed up DB syncing by keeping databases opened and an inotify event queue.
    • ๐Ÿ”€ Merge server's IP and hostname options to one setting.
    • ๐Ÿ Enabled Active Response by default in both Windows and UNIX.
    • ๐ŸŒฒ Make Monitord 'day_wait' internal option affect log rotation.
    • Extend Monitord 'day_wait' internal option range.
    • ๐Ÿ Prevent Windows agent from log error when the manager disconnected.
    • ๐Ÿ‘Œ Improve Active Response filtering options.
    • โฌ†๏ธ Use init system (Systemd/SysVinit) to restart Wazuh when upgrading.
    • โž• Added possibility of filtering agents by manager hostname in the Framework.
    • Prevent installer from overwriting agent.conf file.
    • Cancel file sending operation when agent socket is closed.
    • ๐Ÿ”ง Clean up agent shared folder before unmerging shared configuration.
    • ๐Ÿ–จ Print descriptive error when request socket refuses connection due to AR disabled.
    • Extend Logcollector line burst limit range.
    • ๐Ÿ›  Fix JSON alert file reloading when the file is rotated.
    • ๐Ÿ”ง Merge IP and Hostname server configuration into "Address" field.
    • ๐Ÿ‘Œ Improved TCP transmission performance by packing secure messages.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed wrong queries to get last Syscheck and Rootcheck date.
    • Prevent Logcollector keep-alives from being stored on archives.json.
    • ๐Ÿ›  Fixed length of random message within keep-alives.
    • ๐Ÿ›  Fixed Windows version detection for Windows 8 and newer.
    • ๐Ÿ›  Fixed incorrect CIDR writing on client.keys by Authd.
    • ๐Ÿ›  Fixed missing buffer flush by Analysisd when updating Rootcheck database.
    • Stop Wazuh service before removing folder to reinstall.
    • ๐Ÿ›  Fixed Remoted service for Systemd (by Phil Porada).
    • ๐Ÿ›  Fixed Administrator account mapping in Windows agent installation (by [email protected]).
    • ๐Ÿ›  Fixed MySQL support in dbd (by [email protected]).
    • ๐Ÿ›  Fixed incorrect warning when unencrypting messages (by Dan Parriott).
    • ๐Ÿ›  Fixed Syslog mapping for alerts via Csyslogd (by Dan Parriott).
    • ๐Ÿ›  Fixed syntax error in the creation of users in Solaris 11.2 (by Pedro Flor).
    • ๐Ÿ›  Fixed some warnings that appeared when compiling on Fedora 26.
    • ๐Ÿ›  Fixed permission issue in logs folder.
    • ๐Ÿ›  Fixed issue in Remoted that prevented it from send shared configuration when it changed.
    • ๐Ÿ›  Fixed Windows agent compilation compability with CentOS.
    • ๐Ÿ‘Œ Supporting different case from password prompt in Agentless (by Jesus Fidalgo).
    • ๐Ÿ›  Fix bad detection of inotify queue overflowed.
    • ๐Ÿ›  Fix repetitive error when a rule's diff file is empty.
    • ๐Ÿ›  Fixed log group permission when created by a daemon running as root.
    • ๐Ÿ”€ Prevented Agentd from logging too many errors when restarted while receiving the merged file.
    • Prevented Remoted from sending data to disconnected agents in TCP mode.
    • ๐Ÿ›  Fixed alerts storage in PostgreSQL databases.
    • ๐Ÿ›  Fixed invalid previous output data in JSON alerts.
    • ๐Ÿ›  Fixed memory error in modulesd for invalid configurations.
    • ๐Ÿ›  Fixed default Auth configuration to support custom install directory.
    • ๐Ÿ›  Fixed directory transversal vulnerability in Active response commands.
    • ๐Ÿ›  Fixed Active response timeout accuracy.
    • ๐Ÿ›  Fixed race conditions in concurrent transmissions over TCP.

    โœ‚ Removed

    • โœ‚ Removed Picviz support (by Dan Parriott).

  • v2.1.1 Changes

    September 21, 2017

    ๐Ÿ”„ Changed

    • ๐Ÿ‘Œ Improved errors messages related to TCP connection queue.
    • ๐Ÿ”„ Changed info log about unsupported FS checking in Rootcheck scan to debug messages.
    • ๐Ÿš‘ Prevent Modules daemon from giving critical error when no wodles are enabled.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix endianess incompatibility in agents on SPARC when connecting via TCP.
    • ๐Ÿ›  Fix bug in Authd that made it crash when removing keys.
    • ๐Ÿ›  Fix race condition in Remoted when writing logs.
    • Avoid repeated errors by Remoted when sending data to a disconnected agent.
    • ๐Ÿ”Š Prevented Monitord from rotating non-existent logs.
    • ๐Ÿ›  Some fixes to support HP-UX.
    • Prevent processes from sending events when TCP connection is lost.
    • ๐Ÿ›  Fixed output header by Syslog client when reading JSON alerts.
    • ๐Ÿ›  Fixed bug in Integrator settings parser when reading rules list.

  • v2.1.0 Changes

    August 14, 2017

    โž• Added

    • ๐ŸŒฒ Rotate and compress log feature.
    • Labeling data for agents to be shown in alerts.
    • ๐Ÿ†• New 'auth' configuration template.
    • ๐Ÿšš Make manage_agents capable of add and remove agents via Authd.
    • ๐Ÿ”ง Implemented XML configuration for Authd.
    • Option -F for Authd to force insertion if it finds duplicated name.
    • Local auth client to manage agent keys.
    • โž• Added OS name and version into global.db.
    • ๐ŸŒฒ Option for logging in JSON format.
    • ๐Ÿ‘ Allow maild to send through a sendmail-like executable (by James Le Cuirot).
    • Leaky bucket-like buffer for agents to prevent network flooding.
    • ๐Ÿ‘ Allow Syslog client to read JSON alerts.
    • ๐Ÿ‘ Allow Mail reporter to read JSON alerts.
    • โž• Added internal option to tune Rootcheck sleep time.
    • โž• Added route-null Active Response script for Windows 2012 (by @CrazyLlama).

    ๐Ÿ”„ Changed

    • โšก๏ธ Updated SQLite library to 3.19.2.
    • โšก๏ธ Updated zlib to 1.2.11.
    • โšก๏ธ Updated cJSON library to 1.4.7.
    • ๐Ÿ”„ Change some manage_agents option parameters.
    • 0๏ธโƒฃ Run Auth in background by default.
    • ๐Ÿš‘ Log classification as debug, info, warning, error and critical.
    • ๐ŸŒฒ Limit number of reads per cycle by Logcollector to prevent log starvation.
    • Limit OpenSCAP module's event forwarding speed.
    • Increased debug level of repeated Rootcheck messages.
    • Send events when OpenSCAP starts and finishes scans.
    • โœ‚ Delete PID files when a process exits not due to a signal.
    • ๐Ÿ”„ Change error messages due to SSL handshake failure to debug messages.
    • ๐Ÿ‘ฎ Force group addition on installation for compatibility with LDAP (thanks to Gary Feltham).

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed compiling error on systems with no OpenSSL.
    • ๐Ÿ›  Fixed compiling warning at manage_agents.
    • ๐Ÿ›  Fixed ossec-control enable/disable help message.
    • ๐Ÿ›  Fixed unique aperture of random device on Unix.
    • ๐Ÿ›  Fixed file sum comparison bug at Syscheck realtime engine. (Thanks to Arshad Khan)
    • Close analysisd if alert outputs are disabled for all formats.
    • ๐Ÿ Read Windows version name for versions newer than Windows 8 / Windows Server 2012.
    • ๐Ÿ›  Fixed error in Analysisd that wrote Syscheck and Rootcheck databases of re-added agents on deleted files.
    • ๐Ÿ›  Fixed internal option to configure the maximum labels' cache time.
    • ๐Ÿ›  Fixed Auth password parsing on client side.
    • ๐Ÿ›  Fix bad agent ID assignation in Authd on i686 architecture.
    • ๐Ÿ›  Fixed Logcollector misconfiguration in Windows agents.

    โœ‚ Removed

    • โœ‚ Remove unused message queue to send alerts from Authd.

  • v2.0.1 Changes

    July 19, 2017

    ๐Ÿ”„ Changed

    • ๐Ÿ”„ Changed random data generator for a secure OS-provided generator.
    • ๐Ÿ”„ Changed Windows installer file name (depending on version).
    • ๐Ÿš€ Linux distro detection using standard os-release file.
    • ๐Ÿ“š Changed some URLs to documentation.
    • ๐Ÿ”€ Disable synchronization with SQLite databases for Syscheck by default.
    • Minor changes at Rootcheck formatter for JSON alerts.
    • โž• Added debugging messages to Integrator logs.
    • ๐Ÿ”Š Show agent ID when possible on logs about incorrectly formatted messages.
    • 0๏ธโƒฃ Use default maximum inotify event queue size.
    • ๐Ÿ‘‰ Show remote IP on encoding format errors when unencrypting messages.
    • โœ‚ Remove temporary files created by Syscheck changes reports.
    • โœ‚ Remove temporary Syscheck files for changes reporting by Windows installer when upgrading.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed resource leaks at rules configuration parsing.
    • ๐Ÿ›  Fixed memory leaks at rules parser.
    • ๐Ÿ›  Fixed memory leaks at XML decoders parser.
    • ๐Ÿ›  Fixed TOCTOU condition when removing directories recursively.
    • ๐Ÿ›  Fixed insecure temporary file creation for old POSIX specifications.
    • ๐Ÿ›  Fixed missing agentless devices identification at JSON alerts.
    • ๐Ÿ›  Fixed FIM timestamp and file name issue at SQLite database.
    • ๐Ÿ›  Fixed cryptographic context acquirement on Windows agents.
    • ๐Ÿ›  Fixed debug mode for Analysisd.
    • ๐Ÿ›  Fixed bad exclusion of BTRFS filesystem by Rootcheck.
    • ๐Ÿ›  Fixed compile errors on macOS.
    • ๐Ÿ›  Fixed option -V for Integrator.
    • Exclude symbolic links to directories when sending FIM diffs (by Stephan Joerrens).
    • ๐Ÿ›  Fixed daemon list for service reloading at ossec-control.
    • ๐Ÿ›  Fixed socket waiting issue on Windows agents.
    • ๐Ÿ›  Fixed PCI_DSS definitions grouping issue at Rootcheck controls.
    • ๐Ÿ›  Fixed segmentation fault bug when stopping on CentOS 5.
    • ๐Ÿ›  Fixed compatibility with AIX.
    • ๐Ÿ›  Fixed race conditions in ossec-control script.
    • ๐Ÿ›  Fixed compiling issue on Windows.
    • ๐Ÿ›  Fixed compatibility with Solaris.
    • ๐Ÿ›  Fixed XML parsing error due to byte stashing issue.
    • ๐Ÿ›  Fixed false error by Syscheck when creating diff snapshots of empty files.
    • ๐Ÿ›  Fixed segmentation fault in Authd on i386 platform.
    • ๐Ÿ›  Fixed agent-auth exit code for controlled server's errors.
    • ๐Ÿ›  Fixed incorrect OVAL patch results classification.

  • v2.0 Changes

    March 14, 2017

    โž• Added

    • Wazuh modules manager.
    • Wazuh module for OpenSCAP.
    • Ruleset for OpenSCAP alerts.
    • Kibana dashboards for OpenSCAP.
    • Option at agent_control to restart all agents.
    • Dynamic fields to rules and decoders.
    • Dynamic fields to JSON in alerts/archives.
    • CDB list lookup with dynamic fields.
    • FTS for dynamic fields.
    • Logcollector option to set the frequency of file checking.
    • ๐Ÿ‘ GeoIP support in Alerts (by Scott R Shinn).
    • Internal option to output GeoIP data on JSON alerts.
    • Matching pattern negation (by Daniel Cid).
    • Syscheck and Rootcheck events on SQLite databases.
    • Data migration tool to SQLite databases.
    • Jenkins QA.
    • ๐Ÿ 64-bit Windows registry keys support.
    • Complete FIM data output to JSON and alerts.
    • ๐Ÿ‘‰ Username, date and inode attributes to FIM events on Unix.
    • ๐Ÿ Username attribute to FIM events on Windows.
    • ๐Ÿ Report changes (FIM file diffs) to Windows agent.
    • File diffs to JSON output.
    • โšก๏ธ Elastic mapping updated for new FIM events.
    • Title and file fields extracted at Rootcheck alerts.
    • Rule description formatting with dynamic field referencing.
    • โฑ Multithreaded design for Authd server for fast and reliable client dispatching, with key caching and write scheduling.
    • ๐Ÿ Auth registration client for Windows (by Gael Muller).
    • ๐Ÿ Auth password authentication for Windows client.
    • ๐Ÿ†• New local decoder file by default.
    • ๐Ÿ‘‰ Show server certificate and key paths at Authd help.
    • ๐Ÿ†• New option for Authd to verify agent's address.
    • โž• Added support for new format at predecoder (by Brad Lhotsky).
    • Agentless passlist encoding to Base64.
    • ๐Ÿ†• New Auditd-specific log format for Logcollector.
    • Option for Authd to auto-choose TLS/SSL method.
    • Compile option for Authd to make it compatible with legacy OSs.
    • โž• Added new templates layout to auto-compose configuration file.
    • ๐Ÿ†• New wodle for SQLite database syncing (agent information and fim/pm data).
    • โž• Added XML settings options to exclude some rules or decoders files.
    • Option for agent_control to broadcast AR on all agents.
    • Extended FIM event information forwarded by csyslogd (by Sivakumar Nellurandi).
    • Report Syscheck's new file events on real time.

    ๐Ÿ”„ Changed

    • โœ… Isolated logtest directory from analysisd.
    • Remoted informs Analysisd about agent ID.
    • โšก๏ธ Updated Kibana dashboards.
    • Syscheck FIM attributes to dynamic fields.
    • ๐Ÿ‘ฎ Force services to exit if PID file creation fails.
    • Atomic writing of client.keys through temporary files.
    • 0๏ธโƒฃ Disabled remote message ID verification by default.
    • ๐Ÿ‘‰ Show actual IP on debug message when agents get connected.
    • Enforce rules IDs to max 6 digits.
    • ๐Ÿ’ป OSSEC users and group as system (UI-hidden) users (by Dennis Golden).
    • Increases Authd connection pool size.
    • ๐Ÿ‘‰ Use general-purpose version-flexible SSL/TLS methods for Authd registration.
    • Enforce minimum 3-digit agent ID format.
    • Exclude BTRFS from Rootcheck searching for hidden files inside directories (by Stephan Joerrens).
    • ๐Ÿšš Moved OSSEC and Wazuh decoders to one directory.
    • Prevent manage_agents from doing invalid actions (such methods for manager at agent).
    • ๐Ÿ”’ Disabled capturing of security events 5145 and 5156 on Windows agent.
    • Utilities to rename an agent or change the IP address (by Antonio Querubin).
    • โž• Added quiet option for Logtest (by Dan Parriott).
    • Output decoder information onto JSON alerts.
    • 0๏ธโƒฃ Enable mail notifications by default for server installation.
    • Agent control option to restart all agents' Syscheck will also restart manager's Syscheck.
    • ๐Ÿ‘‰ Make ossec-control to check Authd PID.
    • Enforce every rule to contain a description.
    • JSON output won't contain field "agentip" if tis value is "any".
    • Don't broadcast Active Response messages to disconnected agents.
    • ๐Ÿ”Š Don't print Syscheck logs if it's disabled.
    • 0๏ธโƒฃ Set default Syscheck and Rootcheck frequency to 12 hours.
    • 0๏ธโƒฃ Generate FIM new file alert by default.
    • โž• Added option for Integrator to set the maximum log length.
    • JSON output nested objects modelling through dynamic fields.
    • ๐Ÿ‘ Disable TCP for unsupported OSs.
    • ๐ŸŒฒ Show previous log on JSON alert.
    • โœ‚ Removed confirmation prompt when importing an agent key successfully.
    • 0๏ธโƒฃ Made Syscheck not to ignore files that change more than 3 times by default.
    • 0๏ธโƒฃ Enabled JSON output by default.
    • โšก๏ธ Updated default syscheck configuration for Windows agents.
    • Limited agent' maximum connection time for notification time.
    • ๐Ÿ‘Œ Improved client.keys changing detection method by remoted: use date and inode.
    • ๐Ÿ”„ Changed boot service name to Wazuh.
    • ๐Ÿ Active response enabled on Windows agents by default.
    • ๐Ÿ†• New folder structure for rules and decoders.
    • ๐Ÿ”Š More descriptive logs about syscheck real-time monitoring.
    • ๐Ÿ“‡ Renamed XML tags related to rules and decoders inclusion.
    • 0๏ธโƒฃ Set default maximum agents to 8000.
    • โœ‚ Removed FTS numeric bitfield from JSON output.
    • ๐Ÿ›  Fixed ID misassignment by manage_agents when the greatest ID exceeds 32512.
    • Run Windows Registry Syscheck scan on first stage when scan_on_start enabled.
    • Set all Syscheck delay stages to a multiple of internal_options.conf/syscheck.sleep value.
    • ๐Ÿ”„ Changed JSON timestamp format to ISO8601.
    • ๐Ÿ”Š Overwrite @timestamp field from Logstash with the alert timestamp.
    • ๐Ÿšš Moved timestamp JSON field to the beginning of the object.
    • ๐Ÿ”„ Changed random data generator for a secure OS-provided generator.

    ๐Ÿ›  Fixed

    • Logcollector bug that inhibited alerts about file reduction.
    • Memory issue on string manipulation at JSON.
    • Memory bug at JSON alerts.
    • ๐Ÿ›  Fixed some CLang warnings.
    • Issue on marching OSSEC user on installing.
    • ๐Ÿ”ง Memory leaks at configuration.
    • Memory leaks at Analysisd.
    • ๐Ÿ› Bugs and memory errors at agent management.
    • Mistake with incorrect name for PID file (by Tickhon Clearscale).
    • Agent-auth name at messages (it appeared to be the server).
    • ๐ŸŒฒ Avoid Monitord to log errors when the JSON alerts file doesn't exists.
    • Agents numbering issue (minimum 3 digits).
    • Avoid no-JSON message at agent_control when client.keys empty.
    • Memory leaks at manage_agents.
    • โš  Authd error messages about connection to queue passed to warning.
    • Issue with Authd password checking.
    • Avoid ossec-control to use Dash.
    • ๐Ÿ›  Fixed false error about disconnected agent when trying to send it the shared files.
    • Avoid Authd to close when it reaches the maximum concurrency.
    • ๐Ÿ›  Fixed memory bug at event diff execution.
    • ๐Ÿ›  Fixed resource leak at file operations.
    • Hide help message by useadd and groupadd on OpenBSD.
    • ๐Ÿ›  Fixed error that made Analysisd to crash if it received a missing FIM file entry.
    • ๐Ÿ›  Fixed compile warnings at cJSON library.
    • ๐Ÿ›  Fixed bug that made Active Response to disable all commands if one of them was disabled (by Jason Thomas).
    • ๐Ÿ›  Fixed segmentation fault at logtest (by Dan Parriott).
    • ๐Ÿ›  Fixed SQL injection vulnerability at Database.
    • ๐Ÿ›  Fixed Active Response scripts for Slack and Twitter.
    • ๐Ÿ›  Fixed potential segmentation fault at file queue operation.
    • ๐Ÿ›  Fixed file permissions.
    • ๐Ÿ›  Fixed failing test for Apache 2.2 logs (by Brad Lhotsky).
    • ๐Ÿ›  Fixed memory error at net test.
    • Limit agent waiting time for retrying to connect.
    • ๐Ÿ›  Fixed compile warnings on i386 architecture.
    • ๐Ÿ›  Fixed Monitord crash when sending daily report email.
    • ๐Ÿ›  Fixed script to null route an IP address on Windows Server 2012+ (by Theresa Meiksner).
    • ๐Ÿ›  Fixed memory leak at Logtest.
    • ๐Ÿ›  Fixed manager with TCP support on FreeBSD (by Dave Stoddard).
    • ๐Ÿ›  Fixed Integrator launching at local-mode installation.
    • Fixed issue on previous alerts counter (rules with if_matched_sid option).
    • ๐Ÿ›  Fixed compile and installing error on Solaris.
    • ๐Ÿ›  Fixed segmentation fault on syscheck when no configuration is defined.
    • ๐Ÿ›  Fixed bug that prevented manage_agents from removing syscheck/rootcheck database.
    • ๐Ÿ›  Fixed bug that made agents connected on TCP to hang if they are rejected by the manager.
    • ๐Ÿ›  Fixed segmentation fault on remoted due to race condition on managing keystore.
    • ๐Ÿ›  Fixed data lossing at remoted when reloading keystore.
    • ๐Ÿ›  Fixed compile issue on MacOS.
    • ๐Ÿ›  Fixed version reading at ruleset updater.
    • ๐Ÿ›  Fixed detection of BSD.
    • ๐Ÿ›  Fixed memory leak (by Byron Golden).
    • ๐Ÿ›  Fixed misinterpretation of octal permissions given by Agentless (by Stephan Leemburg).
    • ๐Ÿ›  Fixed mistake incorrect openssl flag at Makefile (by Stephan Leemburg).
    • Silence Slack integration transmission messages (by Dan Parriott).
    • ๐Ÿ›  Fixed OpenSUSE Systemd misconfiguration (By Stephan Joerrens).
    • ๐Ÿ›  Fixed case issue on JSON output for Rootcheck alerts.
    • ๐Ÿ›  Fixed potential issue on duplicated agent ID detection.
    • ๐Ÿ›  Fixed issue when creating agent backups.
    • ๐Ÿ›  Fixed hanging problem on Windows Auth client when negotiation issues.
    • ๐Ÿ›  Fixed bug at ossec-remoted that mismatched agent-info files.
    • ๐Ÿ›  Fixed resource leaks at rules configuration parsing.
    • ๐Ÿ›  Fixed memory leaks at rules parser.
    • ๐Ÿ›  Fixed memory leaks at XML decoders parser.
    • ๐Ÿ›  Fixed TOCTOU condition when removing directories recursively.
    • ๐Ÿ›  Fixed insecure temporary file creation for old POSIX specifications.
    • ๐Ÿ›  Fixed missing agentless devices identification at JSON alerts.

    โœ‚ Removed

    • โœ‚ Deleted link to LUA sources.
    • โœ‚ Delete ZLib generated files on cleaning.
    • โœ‚ Removed maximum lines limit from diff messages (that remain limited by length).