ยซ Changelog History


Wazuh v3.8.0 Release Notes

Release Date: 2019-01-19 // over 5 years ago

  • โž• Added

    • ๐Ÿ Logcollector extension for Windows eventchannel logs in JSON format. (#2142)
    • Add options to detect attribute and file permission changes for Windows. (#1918)
    • Added Audit health-check in the Whodata initialization. (#2180)
    • Added Audit rules auto-reload in Whodata. (#2180)
    • ๐Ÿ†• Support for new AWS services in the AWS wodle (#2242):
      • AWS Config
      • AWS Trusted Advisor
      • AWS KMS
      • AWS Inspector
      • Add support for IAM roles authentication in EC2 instances.
    • ๐Ÿ†• New module "Agent Key Polling" to integrate agent key request to external data sources. (#2127)
      • Look for missing or old agent keys when Remoted detects an authorization failure.
      • Request agent keys by calling a defined executable or connecting to a local socket.
    • ๐Ÿ Get process inventory for Windows natively. (#1760)
    • ๐Ÿ‘Œ Improved vulnerability detection in Red Hat systems. (#2137)
    • โž• Add retries to download the OVAL files in vulnerability-detector. (#1832)
    • โฌ†๏ธ Auto-upgrade FIM databases in Wazuh-DB. (#2147)
    • ๐Ÿ†• New dedicated thread for AR command running on Windows agent. (#1725)
      • This will prevent the agent from delaying due to an AR execution.
    • ๐Ÿ†• New internal option to clean residual files of agent groups. (#1985)
    • โž• Add a manifest to run agent-auth.exe with elevated privileges. (#1998)
    • Compress last-entry files to check differences by FIM. (#2034)
    • โž• Add error messages to integration scripts. (#2143)
    • โž• Add CDB lists building on install. (#2167)
    • โšก๏ธ Update Wazuh copyright for internal files. (#2343)
    • โž• Added option to allow maild select the log file to read from. (#977)
    • โž• Add table to control the metadata of the vuln-detector DB. (#2402)

    ๐Ÿ”„ Changed

    • ๐Ÿ”ง Now Wazuh manager can be started with an empty configuration in ossec.conf. (#2086)
    • 0๏ธโƒฃ The Authentication daemon is now enabled by default. (#2129)
    • 0๏ธโƒฃ Make FIM show alerts for new files by default. (#2213)
    • โฌ‡๏ธ Reduce the length of the query results from Vulnerability Detector to Wazuh DB. (#1798)
    • ๐Ÿ‘Œ Improved the build system to automatically detect a big-endian platform. (#2031)
      • Building option USE_BIG_ENDIAN is not already needed on Solaris (SPARC) or HP-UX.
    • Expanded the regex pattern maximum size from 2048 to 20480 bytes. (#2036)
    • ๐Ÿ‘Œ Improved IP address validation in the option <white_list> (by @pillarsdotnet). (#1497)
    • ๐Ÿ‘Œ Improved rule option <info> validation (by @pillarsdotnet). (#1541)
    • Deprecated the Syscheck option <remove_old_diff> by making it mandatory. (#1915)
    • Fix invalid error "Unable to verity server certificate" in ossec-authd (server). (#2045)
    • โœ‚ Remove deprecated flag REUSE_ID from the Makefile options. (#2107)
    • โš  Syscheck first queue error message changed into a warning. (#2146)
    • ๐Ÿง Do the DEB and RPM package scan regardless of Linux distribution. (#2168)
    • ๐Ÿ”ง AWS VPC configuration in the AWS wodle (#2242).
    • ๐Ÿšš Hide warning log by FIM when cannot open a file that has just been removed. (#2201)
    • ๐Ÿ”ง The default FIM configuration will ignore some temporary files. (#2202)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed error description in the osquery configuration parser (by @pillarsdotnet). (#1499)
    • The FTS comment option <ftscomment> was not being read (by @pillarsdotnet). (#1536)
    • ๐Ÿ›  Fixed error when multigroup files are not found. (#1792)
    • ๐Ÿ›  Fix error when assigning multiple groups whose names add up to more than 4096 characters. (#1792)
    • Replaced "getline" function with "fgets" in vulnerability-detector to avoid compilation errors with older versions of libC. (#1822)
    • ๐Ÿ›  Fix bug in Wazuh DB when trying to store multiple network interfaces with the same IP from Syscollector. (#1928)
    • ๐Ÿ‘Œ Improved consistency of multigroups. (#1985)
    • ๐Ÿ›  Fixed the reading of the OS name and version in HP-UX systems. (#1990)
    • โฑ Prevent the agent from producing an error on platforms that don't support network timeout. (#2001)
    • Logcollector could not set the maximum file limit on HP-UX platform. (2030)
    • ๐Ÿ‘ Allow strings up to 64KB long for log difference analysis. (#2032)
    • โฌ†๏ธ Now agents keep their registration date when upgrading the manager. (#2033)
    • ๐Ÿ Create an empty client.keys file on a fresh installation of a Windows agent. (2040)
    • ๐Ÿ‘ Allow CDB list keys and values to have double quotes surrounding. (#2046)
    • โœ‚ Remove file queue/db/.template.db on upgrade / restart. (2073)
    • ๐Ÿ›  Fix error on Analysisd when check_value doesn't exist. (2080)
    • Prevent Rootcheck from looking for invalid link count in agents running on Solaris (by @ecsc-georgew). (2087)
    • ๐Ÿ›  Fixed the warning messages when compiling the agent on AIX. (2099)
    • ๐Ÿ›  Fix missing library when building Wazuh with MySQL support. (#2108)
    • ๐Ÿ›  Fix compile warnings for the Solaris platform. (#2121)
    • ๐Ÿ›  Fixed regular expression for audit.key in audit decoder. (#2134)
    • Agent's ossec-control stop should wait a bit after killing a process. (#2149)
    • ๐Ÿ›  Fixed error ocurred while monitoring symbolic links in Linux. (#2152)
    • ๐Ÿ›  Fixed some bugs in Logcollector: (#2154)
      • If Logcollector picks up a log exceeding 65279 bytes, that log may lose the null-termination.
      • Logcollector crashes if multiple wildcard stanzas resolve the same file.
      • An error getting the internal file position may lead to an undefined condition.
    • Execd daemon now runs even if active response is disabled (#2177)
    • ๐Ÿ›  Fix high precision timestamp truncation in rsyslog messages. (#2128)
    • ๐Ÿ›  Fix missing Whodata section to the remote configuration query. (#2173)
    • ๐Ÿ›  Bugfixes in AWS wodle (#2242):
      • Fixed bug in AWS Guard Duty alerts when there were multiple remote IPs.
      • Fixed bug when using flag remove_from_bucket.
      • Fixed bug when reading buckets generating more than 1000 logs in the same day.
      • Increase qty of aws.eventNames and remove usage of aws.eventSources.
    • ๐Ÿ›  Fix bug in cluster configuration when using Kubernetes (#2227).
    • ๐Ÿ›  Fix network timeout setup in agent running on Windows. (#2185)
    • ๐Ÿ›  Fix default values for the <auto_ignore> option. (#2210)
    • ๐Ÿ›  Fix bug that made Modulesd and Remoted crash on ARM architecture. (#2214)
    • ๐Ÿ“œ The regex parser included the next character after a group:
      • If the input string just ends after that character. (#2216)
      • The regex parser did not accept a group terminated with an escaped byte or a class. (#2224)
    • ๐Ÿ›  Fixed buffer overflow hazard in FIM when performing change report on long paths on macOS platform. (#2285)
    • ๐Ÿ›  Fix sending of the owner attribute when a file is created in Windows. (#2292)
    • ๐Ÿ›  Fix audit reconnection to the Whodata socket (#2305)
    • ๐Ÿ›  Fixed agent connection in TCP mode on Windows XP. (#2329)
    • ๐Ÿ›  Fix log shown when a command reaches its timeout and ignore_output is enabled. (#2316)
    • Analysisd and Syscollector did not detect the number of cores on Raspberry Pi. (#2304)
    • Analysisd and Syscollector did not detect the number of cores on CentOS 5. (#2340)