All Versions
87
Latest Version
Avg Release Cycle
29 days
Latest Release
922 days ago
Changelog History
Page 8
Changelog History
Page 8
-
v3.2.3 Changes
May 28, 2018โ Added
- ๐ New internal option to enable merged file creation by Remoted. (#603)
- Created alert item for GDPR and GPG13. (#608)
- โ Add support for Amazon Linux in vulnerability-detector.
- Created an input queue for Analysisd to prevent Remoted starvation. (#661)
๐ Changed
- 0๏ธโฃ Set default agent limit to 14.000 and file descriptor limit to 65.536 per process. (#624)
- Cluster improvements.
- New protocol for communications.
- Inverted communication flow: clients start communications with the master.
- Just the master address is required in the
<nodes>
list configuration. - Improved synchronization algorithm.
- Reduced the number of processes to one:
wazuh-clusterd
.
- Cluster control tool improvements: outputs are the same regardless of node type.
- 0๏ธโฃ The default input queue for remote events has been increased to 131072 events. (#660)
- Disconnected agents will no longer report vulnerabilities. (#666)
๐ Fixed
- ๐ Fixed agent wait condition and improve logging messages. (#550)
- ๐ Fix race condition in settings load time by Windows agent. (#551)
- ๐ Fix bug in Authd that prevented it from deleting agent-info files when removing agents.
- ๐ Fix bug in ruleset that did not overwrite the
<info>
option. (#584) - ๐ Fixed bad file descriptor error in Wazuh DB (#588)
- ๐ Fixed unpredictable file sorting when creating merged files. (#599)
- ๐ Fixed race condition in Remoted when closing connections.
- ๐ Fix epoch check in vulnerability-detector.
- ๐ Fixed hash sum in logs rotation. (#636)
- ๐ Fixed cluster CPU usage.
- ๐ Fixed invalid deletion of agent timestamp entries. (#639)
- ๐ Fixed segmentation fault in logcollector when multi-line is applied to a remote configuration. (#641)
- ๐ Fixed issue in Syscheck that may leave the process running if the agent is stopped quickly. (#671)
โ Removed
- โ Removed cluster database and internal cluster daemon.
-
v3.2.2 Changes
May 07, 2018โ Added
- Created an input queue for Remoted to prevent agent connection starvation. (#509)
๐ Changed
- โก๏ธ Updated Slack integration. (#443)
- โฌ๏ธ Increased connection timeout for remote upgrades. (#480)
- Vulnerability-detector does not stop agents detection if it fails to find the software for one of them.
- ๐ Improve the version comparator algorithm in vulnerability-detector. (#508)
๐ Fixed
- ๐ Fixed bug in labels settings parser that may make Agentd or Logcollector crash.
- ๐ Fixed issue when setting multiple
<server-ip>
stanzas in versions 3.0 - 3.2.1. (#433) - ๐ Fixed bug when socket database messages are not sent correctly. (#435)
- ๐ Fixed unexpected stop in the sources installer when overwriting a previous corrupt installation.
- โ Added a synchronization timeout in the cluster to prevent it from blocking (#447)
- ๐ Fixed issue in CSyslogd when filtering by rule group. (#446)
- ๐ Fixed error on DB daemon when parsing rules with options introduced in version 3.0.0.
- ๐ Fixed unrecognizable characters error in Windows version name. (#478)
- ๐ Fix Authd client in old versions of Windows (#479)
- Cluster's socket management improved to use persistent connections (#481)
- ๐ Fix memory corruption in Syscollector decoder and memory leaks in Vulnerability Detector. (#482)
- ๐ Fixed memory corruption in Wazuh DB autoclosing procedure.
- ๐ Fixed dangling db files at DB Sync module folder. (#489)
- ๐ Fixed agent group file deletion when using Authd.
- ๐ Fix memory leak in Maild with JSON input. (#498)
- ๐ Fixed remote command switch option. (#504)
-
v3.2.1 Changes
March 03, 2018โ Added
- โ Added option in Makefile to disable CIS-CAT module. (#381)
- โ Added field
totalItems
toGET/agents/purgeable/:timeframe
API call. (#385)
๐ Changed
- 0๏ธโฃ Giving preference to use the selected Java over the default one in CIS-CAT wodle.
- โ Added delay between message delivery for every module. (#389)
- ๐ Verify all modules for the shared configuration. (#408)
- โก๏ธ Updated OpenSSL library to 1.1.0g.
- Insert agent labels in JSON archives no matter the event matched a rule.
- ๐ Support for relative/full/network paths in the CIS-CAT configuration. (#419)
- ๐ Improved cluster control to give more information. (#421)
- โก๏ธ Updated rules for CIS-CAT.
- โ Removed unnecessary compilation of vulnerability-detector in agents.
- Increased wazuh-modulesd's subprocess pool.
- ๐ Improved the agent software recollection by Syscollector.
๐ Fixed
- ๐ Fixed crash in Agentd when testing Syscollector configuration from agent.conf file.
- ๐ Fixed duplicate alerts in Vulnerability Detector.
- ๐ Fixed compiling issues in Solaris and HP-UX.
- ๐ Fixed bug in Framework when listing directories due to permissions issues.
- ๐ Fixed error handling in CIS-CAT module. (#401)
- ๐ Fixed some defects reported by Coverity. (#406)
- ๐ Fixed OS name detection in macOS and old Linux distros. (#409)
- ๐ Fixed linked in HP-UX.
- ๐ Fixed Red Hat detection in vulnerability-detector.
- ๐ Fixed segmentation fault in wazuh-cluster when files path is too long.
- ๐ Fixed a bug getting groups and searching by them in
GET/agents
API call. (#390) - ๐ Several fixes and improvements in cluster.
- ๐ Fixed bug in wazuh-db when closing exceeded databases in transaction.
- ๐ Fixed bug in vulnerability-detector that discarded valid agents.
- ๐ Fixed segmentation fault in Windows agents when getting OS info.
- ๐ Fixed memory leaks in vulnerability-detector and CIS-CAT wodle.
- ๐ Fixed behavior when working directory is not found in CIS-CAT wodle.
-
v3.2.0 Changes
February 13, 2018โ Added
- โ Added support to synchronize custom rules and decoders in the cluster.(#344)
- โ Add field
status
toGET/agents/groups/:group_id
API call.(#338) - โ Added support for Windows to CIS-CAT integration module (#369)
- ๐ New Wazuh Module "aws-cloudtrail" fetching logs from S3 bucket. (#351)
- ๐ New Wazuh Module "vulnerability-detector" to detect vulnerabilities in agents and managers.
๐ Fixed
- ๐ Fixed oscap.py to support new versions of OpenSCAP scanner.(#331)
- ๐ Fixed timeout bug when the cluster port was closed. (#343)
- ๐ Improve exception handling in
cluster_control
. (#343) - ๐ Fixed bug in cluster when receive an error response from client. (#346)
- ๐ Fixed bug in framework when the manager is installed in different path than /var/ossec. (#335)
- ๐ Fixed predecoder hostname field in JSON event output.
- ๐ Several fixes and improvements in cluster.
-
v3.1.0 Changes
December 22, 2017โ Added
- ๐ New Wazuh Module "command" for asynchronous command execution.
- ๐ New field "predecoder.timestamp" for JSON alerts including timestamp from logs.
- โ Added reload action to ossec-control in local mode.
- โ Add duration control of a cluster database synchronization.
- ๐ New internal option for agents to switch applying shared configuration.
- โ Added GeoIP address finding for input logs in JSON format.
- โ Added alert and archive output files rotation capabilities.
- โ Added rule option to discard field "firedtimes".
- โ Added VULS integration for running vulnerability assessments.
- CIS-CAT Wazuh Module to scan CIS policies.
๐ Changed
- Keepping client.keys file permissions when modifying it.
- ๐ Improve Rootcheck formula to select outstanding defects.
- Stop related daemon when disabling components in ossec-control.
- Prevented cluster daemon from starting on RHEL 5 or older.
- Let Syscheck report file changes on first scan.
- ๐ Allow requests by node name in cluster_control binary.
- ๐ Improved help of cluster_control binary.
- Integrity control of files in the cluster.
๐ Fixed
- ๐ Fixed netstat command in localfile configuration.
- ๐ Fixed error when searching agents by ID.
- ๐ Fixed syslog format pre-decoder for logs with missing (optional) space after tag.
- ๐ Fixed alert ID when plain-text alert output disabled.
- ๐ Fixed Monitord freezing when a sendmail-like executable SMTP server is set.
- ๐ Fixed validation of Active Response used by agent_control.
- ๐ Allow non-ASCII characters in Windows version string.
-
v3.0.0 Changes
December 12, 2017โ Added
- โ Added group property for agents to customize shared files set.
- Send shared files to multiple agents in parallel.
- ๐ New decoder plugin for logs in JSON format with dynamic fields definition.
- Brought framework from API to Wazuh project.
- ๐ Show merged files MD5 checksum by agent_control and framework.
- ๐ New reliable request protocol for manager-agent communication.
- โฌ๏ธ Remote agent upgrades with signed WPK packages.
- โ Added option for Remoted to prevent it from writing shared merged file.
- โ Added state for Agentd and Windows agent to notify connection state and metrics.
- โ Added new JSON log format for local file monitoring.
- โ Added OpenSCAP SSG datastream content for Ubuntu Trusty Tahr.
- Field "alert_id" in JSON alerts (by Dan Parriott).
- โ Added support of "any" IP address to OSSEC batch manager (by Jozef Reisinger).
- โ Added ossec-agent SElinux module (by kreon).
- โ Added previous output to JSON output (by Joรฃo Soares).
- โ Added option for Authd to specify the allowed cipher list (by James Le Cuirot).
- โ Added option for cipher suites in Authd settings.
- โ Added internal option for Remoted to set the shared configuration reloading time.
- ๐ง Auto restart agents when new shared configuration is pushed from the manager.
- โ Added native support for Systemd.
- โ Added option to register unlimited agents in Authd.
- ๐ New internal option to limit the number of file descriptors in Analysisd and Remoted.
- โ Added new state "pending" for agents.
- โ Added internal option to disable real-time DB synchronization.
- ๐ Allow multiple manager stanzas in Agentd settings.
- ๐ New internal option to limit the receiving time in TCP mode.
- โ Added manager hostname data to agent information.
- ๐ New option for rotating internal logs by size.
- โ Added internal option to enable or disable daily rotation of internal logs.
- โ Added command option for Monitord to overwrite 'day_wait' parameter.
- โ Adding templates and sample alert for Elasticsearch 6.0.
- โ Added option to enable/disable Authd on install and auto-generate certificates.
- Pack secure TCP messages into a single packet.
- โ Added function to install SCAP policies depending on OS version.
- โ Added integration with Virustotal.
- โ Added timeout option for TCP sockets in Remoted and Agentd.
- โ Added option to start the manager after installing.
- โ Added a cluster of managers (
wazuh-clusterd
) and a script to control it (cluster_control
).
๐ Changed
- Increased shared file delivery speed when using TCP.
- Increased TCP listening socket backlog.
- ๐ Changed Windows agent UI panel to show revision number instead of installation date.
- Group every decoded field (static and dynamic fields) into a data object for JSON alerts.
- Reload shared files by Remoted every 10 minutes.
- Increased string size limit for XML reader to 4096 bytes.
- โก๏ธ Updated Logstash configuration and Elasticsearch mappings.
- ๐ Changed template fields structure for Kibana dashboards.
- 0๏ธโฃ Increased dynamic field limit to 1024, and default to 256.
- ๐ Changed agent buffer 'length' parameter to 'queue_size'.
- ๐ Changed some Rootcheck error messages to verbose logs.
- โ Removed unnecessary message by manage_agents advising to restart Wazuh manager.
- โก๏ธ Update PF tables Active response (by d31m0).
- Create the users and groups as system users and groups in specs (by Dan Parriott).
- ๐ Show descriptive errors when an agent loses the connection using TCP.
- Prevent agents with the same name as the manager host from getting added.
- ๐ Changed 'message' field to 'data' for successful agent removing response in Authd API.
- ๐ Changed critical error to standard error in Syslog Remoted when no access list has been configured.
- ๐ Ignore hidden files in shared folder for merged file.
- ๐ Changed agent notification time values: notify time to 1 minute and reconnect time to 5 minutes.
- Prevent data field from being inserted into JSON alerts when it's empty.
- Spelling corrections (by Josh Soref).
- โก๏ธ Moved debug messages when updating shared files to level 2.
- Do not create users ossecm or ossecr on agents.
- โฌ๏ธ Upgrade netstat command in Logcollector.
- ๐ Prevent Monitord and DB sync module from dealing with agent files on local installations.
- ๐ Speed up DB syncing by keeping databases opened and an inotify event queue.
- ๐ Merge server's IP and hostname options to one setting.
- ๐ Enabled Active Response by default in both Windows and UNIX.
- ๐ฒ Make Monitord 'day_wait' internal option affect log rotation.
- Extend Monitord 'day_wait' internal option range.
- ๐ Prevent Windows agent from log error when the manager disconnected.
- ๐ Improve Active Response filtering options.
- โฌ๏ธ Use init system (Systemd/SysVinit) to restart Wazuh when upgrading.
- โ Added possibility of filtering agents by manager hostname in the Framework.
- Prevent installer from overwriting agent.conf file.
- Cancel file sending operation when agent socket is closed.
- ๐ง Clean up agent shared folder before unmerging shared configuration.
- ๐จ Print descriptive error when request socket refuses connection due to AR disabled.
- Extend Logcollector line burst limit range.
- ๐ Fix JSON alert file reloading when the file is rotated.
- ๐ง Merge IP and Hostname server configuration into "Address" field.
- ๐ Improved TCP transmission performance by packing secure messages.
๐ Fixed
- ๐ Fixed wrong queries to get last Syscheck and Rootcheck date.
- Prevent Logcollector keep-alives from being stored on archives.json.
- ๐ Fixed length of random message within keep-alives.
- ๐ Fixed Windows version detection for Windows 8 and newer.
- ๐ Fixed incorrect CIDR writing on client.keys by Authd.
- ๐ Fixed missing buffer flush by Analysisd when updating Rootcheck database.
- Stop Wazuh service before removing folder to reinstall.
- ๐ Fixed Remoted service for Systemd (by Phil Porada).
- ๐ Fixed Administrator account mapping in Windows agent installation (by [email protected]).
- ๐ Fixed MySQL support in dbd (by [email protected]).
- ๐ Fixed incorrect warning when unencrypting messages (by Dan Parriott).
- ๐ Fixed Syslog mapping for alerts via Csyslogd (by Dan Parriott).
- ๐ Fixed syntax error in the creation of users in Solaris 11.2 (by Pedro Flor).
- ๐ Fixed some warnings that appeared when compiling on Fedora 26.
- ๐ Fixed permission issue in logs folder.
- ๐ Fixed issue in Remoted that prevented it from send shared configuration when it changed.
- ๐ Fixed Windows agent compilation compability with CentOS.
- ๐ Supporting different case from password prompt in Agentless (by Jesus Fidalgo).
- ๐ Fix bad detection of inotify queue overflowed.
- ๐ Fix repetitive error when a rule's diff file is empty.
- ๐ Fixed log group permission when created by a daemon running as root.
- ๐ Prevented Agentd from logging too many errors when restarted while receiving the merged file.
- Prevented Remoted from sending data to disconnected agents in TCP mode.
- ๐ Fixed alerts storage in PostgreSQL databases.
- ๐ Fixed invalid previous output data in JSON alerts.
- ๐ Fixed memory error in modulesd for invalid configurations.
- ๐ Fixed default Auth configuration to support custom install directory.
- ๐ Fixed directory transversal vulnerability in Active response commands.
- ๐ Fixed Active response timeout accuracy.
- ๐ Fixed race conditions in concurrent transmissions over TCP.
โ Removed
- โ Removed Picviz support (by Dan Parriott).
-
v2.1.1 Changes
September 21, 2017๐ Changed
- ๐ Improved errors messages related to TCP connection queue.
- ๐ Changed info log about unsupported FS checking in Rootcheck scan to debug messages.
- ๐ Prevent Modules daemon from giving critical error when no wodles are enabled.
๐ Fixed
- ๐ Fix endianess incompatibility in agents on SPARC when connecting via TCP.
- ๐ Fix bug in Authd that made it crash when removing keys.
- ๐ Fix race condition in Remoted when writing logs.
- Avoid repeated errors by Remoted when sending data to a disconnected agent.
- ๐ Prevented Monitord from rotating non-existent logs.
- ๐ Some fixes to support HP-UX.
- Prevent processes from sending events when TCP connection is lost.
- ๐ Fixed output header by Syslog client when reading JSON alerts.
- ๐ Fixed bug in Integrator settings parser when reading rules list.
-
v2.1.0 Changes
August 14, 2017โ Added
- ๐ฒ Rotate and compress log feature.
- Labeling data for agents to be shown in alerts.
- ๐ New 'auth' configuration template.
- ๐ Make manage_agents capable of add and remove agents via Authd.
- ๐ง Implemented XML configuration for Authd.
- Option -F for Authd to force insertion if it finds duplicated name.
- Local auth client to manage agent keys.
- โ Added OS name and version into global.db.
- ๐ฒ Option for logging in JSON format.
- ๐ Allow maild to send through a sendmail-like executable (by James Le Cuirot).
- Leaky bucket-like buffer for agents to prevent network flooding.
- ๐ Allow Syslog client to read JSON alerts.
- ๐ Allow Mail reporter to read JSON alerts.
- โ Added internal option to tune Rootcheck sleep time.
- โ Added route-null Active Response script for Windows 2012 (by @CrazyLlama).
๐ Changed
- โก๏ธ Updated SQLite library to 3.19.2.
- โก๏ธ Updated zlib to 1.2.11.
- โก๏ธ Updated cJSON library to 1.4.7.
- ๐ Change some manage_agents option parameters.
- 0๏ธโฃ Run Auth in background by default.
- ๐ Log classification as debug, info, warning, error and critical.
- ๐ฒ Limit number of reads per cycle by Logcollector to prevent log starvation.
- Limit OpenSCAP module's event forwarding speed.
- Increased debug level of repeated Rootcheck messages.
- Send events when OpenSCAP starts and finishes scans.
- โ Delete PID files when a process exits not due to a signal.
- ๐ Change error messages due to SSL handshake failure to debug messages.
- ๐ฎ Force group addition on installation for compatibility with LDAP (thanks to Gary Feltham).
๐ Fixed
- ๐ Fixed compiling error on systems with no OpenSSL.
- ๐ Fixed compiling warning at manage_agents.
- ๐ Fixed ossec-control enable/disable help message.
- ๐ Fixed unique aperture of random device on Unix.
- ๐ Fixed file sum comparison bug at Syscheck realtime engine. (Thanks to Arshad Khan)
- Close analysisd if alert outputs are disabled for all formats.
- ๐ Read Windows version name for versions newer than Windows 8 / Windows Server 2012.
- ๐ Fixed error in Analysisd that wrote Syscheck and Rootcheck databases of re-added agents on deleted files.
- ๐ Fixed internal option to configure the maximum labels' cache time.
- ๐ Fixed Auth password parsing on client side.
- ๐ Fix bad agent ID assignation in Authd on i686 architecture.
- ๐ Fixed Logcollector misconfiguration in Windows agents.
โ Removed
- โ Remove unused message queue to send alerts from Authd.
-
v2.0.1 Changes
July 19, 2017๐ Changed
- ๐ Changed random data generator for a secure OS-provided generator.
- ๐ Changed Windows installer file name (depending on version).
- ๐ Linux distro detection using standard os-release file.
- ๐ Changed some URLs to documentation.
- ๐ Disable synchronization with SQLite databases for Syscheck by default.
- Minor changes at Rootcheck formatter for JSON alerts.
- โ Added debugging messages to Integrator logs.
- ๐ Show agent ID when possible on logs about incorrectly formatted messages.
- 0๏ธโฃ Use default maximum inotify event queue size.
- ๐ Show remote IP on encoding format errors when unencrypting messages.
- โ Remove temporary files created by Syscheck changes reports.
- โ Remove temporary Syscheck files for changes reporting by Windows installer when upgrading.
๐ Fixed
- ๐ Fixed resource leaks at rules configuration parsing.
- ๐ Fixed memory leaks at rules parser.
- ๐ Fixed memory leaks at XML decoders parser.
- ๐ Fixed TOCTOU condition when removing directories recursively.
- ๐ Fixed insecure temporary file creation for old POSIX specifications.
- ๐ Fixed missing agentless devices identification at JSON alerts.
- ๐ Fixed FIM timestamp and file name issue at SQLite database.
- ๐ Fixed cryptographic context acquirement on Windows agents.
- ๐ Fixed debug mode for Analysisd.
- ๐ Fixed bad exclusion of BTRFS filesystem by Rootcheck.
- ๐ Fixed compile errors on macOS.
- ๐ Fixed option -V for Integrator.
- Exclude symbolic links to directories when sending FIM diffs (by Stephan Joerrens).
- ๐ Fixed daemon list for service reloading at ossec-control.
- ๐ Fixed socket waiting issue on Windows agents.
- ๐ Fixed PCI_DSS definitions grouping issue at Rootcheck controls.
- ๐ Fixed segmentation fault bug when stopping on CentOS 5.
- ๐ Fixed compatibility with AIX.
- ๐ Fixed race conditions in ossec-control script.
- ๐ Fixed compiling issue on Windows.
- ๐ Fixed compatibility with Solaris.
- ๐ Fixed XML parsing error due to byte stashing issue.
- ๐ Fixed false error by Syscheck when creating diff snapshots of empty files.
- ๐ Fixed segmentation fault in Authd on i386 platform.
- ๐ Fixed agent-auth exit code for controlled server's errors.
- ๐ Fixed incorrect OVAL patch results classification.
-
v2.0 Changes
March 14, 2017โ Added
- Wazuh modules manager.
- Wazuh module for OpenSCAP.
- Ruleset for OpenSCAP alerts.
- Kibana dashboards for OpenSCAP.
- Option at agent_control to restart all agents.
- Dynamic fields to rules and decoders.
- Dynamic fields to JSON in alerts/archives.
- CDB list lookup with dynamic fields.
- FTS for dynamic fields.
- Logcollector option to set the frequency of file checking.
- ๐ GeoIP support in Alerts (by Scott R Shinn).
- Internal option to output GeoIP data on JSON alerts.
- Matching pattern negation (by Daniel Cid).
- Syscheck and Rootcheck events on SQLite databases.
- Data migration tool to SQLite databases.
- Jenkins QA.
- ๐ 64-bit Windows registry keys support.
- Complete FIM data output to JSON and alerts.
- ๐ Username, date and inode attributes to FIM events on Unix.
- ๐ Username attribute to FIM events on Windows.
- ๐ Report changes (FIM file diffs) to Windows agent.
- File diffs to JSON output.
- โก๏ธ Elastic mapping updated for new FIM events.
- Title and file fields extracted at Rootcheck alerts.
- Rule description formatting with dynamic field referencing.
- โฑ Multithreaded design for Authd server for fast and reliable client dispatching, with key caching and write scheduling.
- ๐ Auth registration client for Windows (by Gael Muller).
- ๐ Auth password authentication for Windows client.
- ๐ New local decoder file by default.
- ๐ Show server certificate and key paths at Authd help.
- ๐ New option for Authd to verify agent's address.
- โ Added support for new format at predecoder (by Brad Lhotsky).
- Agentless passlist encoding to Base64.
- ๐ New Auditd-specific log format for Logcollector.
- Option for Authd to auto-choose TLS/SSL method.
- Compile option for Authd to make it compatible with legacy OSs.
- โ Added new templates layout to auto-compose configuration file.
- ๐ New wodle for SQLite database syncing (agent information and fim/pm data).
- โ Added XML settings options to exclude some rules or decoders files.
- Option for agent_control to broadcast AR on all agents.
- Extended FIM event information forwarded by csyslogd (by Sivakumar Nellurandi).
- Report Syscheck's new file events on real time.
๐ Changed
- โ Isolated logtest directory from analysisd.
- Remoted informs Analysisd about agent ID.
- โก๏ธ Updated Kibana dashboards.
- Syscheck FIM attributes to dynamic fields.
- ๐ฎ Force services to exit if PID file creation fails.
- Atomic writing of client.keys through temporary files.
- 0๏ธโฃ Disabled remote message ID verification by default.
- ๐ Show actual IP on debug message when agents get connected.
- Enforce rules IDs to max 6 digits.
- ๐ป OSSEC users and group as system (UI-hidden) users (by Dennis Golden).
- Increases Authd connection pool size.
- ๐ Use general-purpose version-flexible SSL/TLS methods for Authd registration.
- Enforce minimum 3-digit agent ID format.
- Exclude BTRFS from Rootcheck searching for hidden files inside directories (by Stephan Joerrens).
- ๐ Moved OSSEC and Wazuh decoders to one directory.
- Prevent manage_agents from doing invalid actions (such methods for manager at agent).
- ๐ Disabled capturing of security events 5145 and 5156 on Windows agent.
- Utilities to rename an agent or change the IP address (by Antonio Querubin).
- โ Added quiet option for Logtest (by Dan Parriott).
- Output decoder information onto JSON alerts.
- 0๏ธโฃ Enable mail notifications by default for server installation.
- Agent control option to restart all agents' Syscheck will also restart manager's Syscheck.
- ๐ Make ossec-control to check Authd PID.
- Enforce every rule to contain a description.
- JSON output won't contain field "agentip" if tis value is "any".
- Don't broadcast Active Response messages to disconnected agents.
- ๐ Don't print Syscheck logs if it's disabled.
- 0๏ธโฃ Set default Syscheck and Rootcheck frequency to 12 hours.
- 0๏ธโฃ Generate FIM new file alert by default.
- โ Added option for Integrator to set the maximum log length.
- JSON output nested objects modelling through dynamic fields.
- ๐ Disable TCP for unsupported OSs.
- ๐ฒ Show previous log on JSON alert.
- โ Removed confirmation prompt when importing an agent key successfully.
- 0๏ธโฃ Made Syscheck not to ignore files that change more than 3 times by default.
- 0๏ธโฃ Enabled JSON output by default.
- โก๏ธ Updated default syscheck configuration for Windows agents.
- Limited agent' maximum connection time for notification time.
- ๐ Improved client.keys changing detection method by remoted: use date and inode.
- ๐ Changed boot service name to Wazuh.
- ๐ Active response enabled on Windows agents by default.
- ๐ New folder structure for rules and decoders.
- ๐ More descriptive logs about syscheck real-time monitoring.
- ๐ Renamed XML tags related to rules and decoders inclusion.
- 0๏ธโฃ Set default maximum agents to 8000.
- โ Removed FTS numeric bitfield from JSON output.
- ๐ Fixed ID misassignment by manage_agents when the greatest ID exceeds 32512.
- Run Windows Registry Syscheck scan on first stage when scan_on_start enabled.
- Set all Syscheck delay stages to a multiple of internal_options.conf/syscheck.sleep value.
- ๐ Changed JSON timestamp format to ISO8601.
- ๐ Overwrite @timestamp field from Logstash with the alert timestamp.
- ๐ Moved timestamp JSON field to the beginning of the object.
- ๐ Changed random data generator for a secure OS-provided generator.
๐ Fixed
- Logcollector bug that inhibited alerts about file reduction.
- Memory issue on string manipulation at JSON.
- Memory bug at JSON alerts.
- ๐ Fixed some CLang warnings.
- Issue on marching OSSEC user on installing.
- ๐ง Memory leaks at configuration.
- Memory leaks at Analysisd.
- ๐ Bugs and memory errors at agent management.
- Mistake with incorrect name for PID file (by Tickhon Clearscale).
- Agent-auth name at messages (it appeared to be the server).
- ๐ฒ Avoid Monitord to log errors when the JSON alerts file doesn't exists.
- Agents numbering issue (minimum 3 digits).
- Avoid no-JSON message at agent_control when client.keys empty.
- Memory leaks at manage_agents.
- โ Authd error messages about connection to queue passed to warning.
- Issue with Authd password checking.
- Avoid ossec-control to use Dash.
- ๐ Fixed false error about disconnected agent when trying to send it the shared files.
- Avoid Authd to close when it reaches the maximum concurrency.
- ๐ Fixed memory bug at event diff execution.
- ๐ Fixed resource leak at file operations.
- Hide help message by useadd and groupadd on OpenBSD.
- ๐ Fixed error that made Analysisd to crash if it received a missing FIM file entry.
- ๐ Fixed compile warnings at cJSON library.
- ๐ Fixed bug that made Active Response to disable all commands if one of them was disabled (by Jason Thomas).
- ๐ Fixed segmentation fault at logtest (by Dan Parriott).
- ๐ Fixed SQL injection vulnerability at Database.
- ๐ Fixed Active Response scripts for Slack and Twitter.
- ๐ Fixed potential segmentation fault at file queue operation.
- ๐ Fixed file permissions.
- ๐ Fixed failing test for Apache 2.2 logs (by Brad Lhotsky).
- ๐ Fixed memory error at net test.
- Limit agent waiting time for retrying to connect.
- ๐ Fixed compile warnings on i386 architecture.
- ๐ Fixed Monitord crash when sending daily report email.
- ๐ Fixed script to null route an IP address on Windows Server 2012+ (by Theresa Meiksner).
- ๐ Fixed memory leak at Logtest.
- ๐ Fixed manager with TCP support on FreeBSD (by Dave Stoddard).
- ๐ Fixed Integrator launching at local-mode installation.
- Fixed issue on previous alerts counter (rules with if_matched_sid option).
- ๐ Fixed compile and installing error on Solaris.
- ๐ Fixed segmentation fault on syscheck when no configuration is defined.
- ๐ Fixed bug that prevented manage_agents from removing syscheck/rootcheck database.
- ๐ Fixed bug that made agents connected on TCP to hang if they are rejected by the manager.
- ๐ Fixed segmentation fault on remoted due to race condition on managing keystore.
- ๐ Fixed data lossing at remoted when reloading keystore.
- ๐ Fixed compile issue on MacOS.
- ๐ Fixed version reading at ruleset updater.
- ๐ Fixed detection of BSD.
- ๐ Fixed memory leak (by Byron Golden).
- ๐ Fixed misinterpretation of octal permissions given by Agentless (by Stephan Leemburg).
- ๐ Fixed mistake incorrect openssl flag at Makefile (by Stephan Leemburg).
- Silence Slack integration transmission messages (by Dan Parriott).
- ๐ Fixed OpenSUSE Systemd misconfiguration (By Stephan Joerrens).
- ๐ Fixed case issue on JSON output for Rootcheck alerts.
- ๐ Fixed potential issue on duplicated agent ID detection.
- ๐ Fixed issue when creating agent backups.
- ๐ Fixed hanging problem on Windows Auth client when negotiation issues.
- ๐ Fixed bug at ossec-remoted that mismatched agent-info files.
- ๐ Fixed resource leaks at rules configuration parsing.
- ๐ Fixed memory leaks at rules parser.
- ๐ Fixed memory leaks at XML decoders parser.
- ๐ Fixed TOCTOU condition when removing directories recursively.
- ๐ Fixed insecure temporary file creation for old POSIX specifications.
- ๐ Fixed missing agentless devices identification at JSON alerts.
โ Removed
- โ Deleted link to LUA sources.
- โ Delete ZLib generated files on cleaning.
- โ Removed maximum lines limit from diff messages (that remain limited by length).