Wazuh v3.8.0 Release Notes
Release Date: 2019-01-19 // over 5 years ago-
โ Added
- ๐ Logcollector extension for Windows eventchannel logs in JSON format. (#2142)
- Add options to detect attribute and file permission changes for Windows. (#1918)
- Added Audit health-check in the Whodata initialization. (#2180)
- Added Audit rules auto-reload in Whodata. (#2180)
- ๐ Support for new AWS services in the AWS wodle (#2242):
- AWS Config
- AWS Trusted Advisor
- AWS KMS
- AWS Inspector
- Add support for IAM roles authentication in EC2 instances.
- ๐ New module "Agent Key Polling" to integrate agent key request to external data sources. (#2127)
- Look for missing or old agent keys when Remoted detects an authorization failure.
- Request agent keys by calling a defined executable or connecting to a local socket.
- ๐ Get process inventory for Windows natively. (#1760)
- ๐ Improved vulnerability detection in Red Hat systems. (#2137)
- โ Add retries to download the OVAL files in vulnerability-detector. (#1832)
- โฌ๏ธ Auto-upgrade FIM databases in Wazuh-DB. (#2147)
- ๐ New dedicated thread for AR command running on Windows agent. (#1725)
- This will prevent the agent from delaying due to an AR execution.
- ๐ New internal option to clean residual files of agent groups. (#1985)
- โ Add a manifest to run
agent-auth.exe
with elevated privileges. (#1998) - Compress
last-entry
files to check differences by FIM. (#2034) - โ Add error messages to integration scripts. (#2143)
- โ Add CDB lists building on install. (#2167)
- โก๏ธ Update Wazuh copyright for internal files. (#2343)
- โ Added option to allow maild select the log file to read from. (#977)
- โ Add table to control the metadata of the vuln-detector DB. (#2402)
๐ Changed
- ๐ง Now Wazuh manager can be started with an empty configuration in ossec.conf. (#2086)
- 0๏ธโฃ The Authentication daemon is now enabled by default. (#2129)
- 0๏ธโฃ Make FIM show alerts for new files by default. (#2213)
- โฌ๏ธ Reduce the length of the query results from Vulnerability Detector to Wazuh DB. (#1798)
- ๐ Improved the build system to automatically detect a big-endian platform. (#2031)
- Building option
USE_BIG_ENDIAN
is not already needed on Solaris (SPARC) or HP-UX.
- Building option
- Expanded the regex pattern maximum size from 2048 to 20480 bytes. (#2036)
- ๐ Improved IP address validation in the option
<white_list>
(by @pillarsdotnet). (#1497) - ๐ Improved rule option
<info>
validation (by @pillarsdotnet). (#1541) - Deprecated the Syscheck option
<remove_old_diff>
by making it mandatory. (#1915) - Fix invalid error "Unable to verity server certificate" in ossec-authd (server). (#2045)
- โ Remove deprecated flag
REUSE_ID
from the Makefile options. (#2107) - โ Syscheck first queue error message changed into a warning. (#2146)
- ๐ง Do the DEB and RPM package scan regardless of Linux distribution. (#2168)
- ๐ง AWS VPC configuration in the AWS wodle (#2242).
- ๐ Hide warning log by FIM when cannot open a file that has just been removed. (#2201)
- ๐ง The default FIM configuration will ignore some temporary files. (#2202)
๐ Fixed
- ๐ Fixed error description in the osquery configuration parser (by @pillarsdotnet). (#1499)
- The FTS comment option
<ftscomment>
was not being read (by @pillarsdotnet). (#1536) - ๐ Fixed error when multigroup files are not found. (#1792)
- ๐ Fix error when assigning multiple groups whose names add up to more than 4096 characters. (#1792)
- Replaced "getline" function with "fgets" in vulnerability-detector to avoid compilation errors with older versions of libC. (#1822)
- ๐ Fix bug in Wazuh DB when trying to store multiple network interfaces with the same IP from Syscollector. (#1928)
- ๐ Improved consistency of multigroups. (#1985)
- ๐ Fixed the reading of the OS name and version in HP-UX systems. (#1990)
- โฑ Prevent the agent from producing an error on platforms that don't support network timeout. (#2001)
- Logcollector could not set the maximum file limit on HP-UX platform. (2030)
- ๐ Allow strings up to 64KB long for log difference analysis. (#2032)
- โฌ๏ธ Now agents keep their registration date when upgrading the manager. (#2033)
- ๐ Create an empty
client.keys
file on a fresh installation of a Windows agent. (2040) - ๐ Allow CDB list keys and values to have double quotes surrounding. (#2046)
- โ Remove file
queue/db/.template.db
on upgrade / restart. (2073) - ๐ Fix error on Analysisd when
check_value
doesn't exist. (2080) - Prevent Rootcheck from looking for invalid link count in agents running on Solaris (by @ecsc-georgew). (2087)
- ๐ Fixed the warning messages when compiling the agent on AIX. (2099)
- ๐ Fix missing library when building Wazuh with MySQL support. (#2108)
- ๐ Fix compile warnings for the Solaris platform. (#2121)
- ๐ Fixed regular expression for audit.key in audit decoder. (#2134)
- Agent's ossec-control stop should wait a bit after killing a process. (#2149)
- ๐ Fixed error ocurred while monitoring symbolic links in Linux. (#2152)
- ๐ Fixed some bugs in Logcollector: (#2154)
- If Logcollector picks up a log exceeding 65279 bytes, that log may lose the null-termination.
- Logcollector crashes if multiple wildcard stanzas resolve the same file.
- An error getting the internal file position may lead to an undefined condition.
- Execd daemon now runs even if active response is disabled (#2177)
- ๐ Fix high precision timestamp truncation in rsyslog messages. (#2128)
- ๐ Fix missing Whodata section to the remote configuration query. (#2173)
- ๐ Bugfixes in AWS wodle (#2242):
- Fixed bug in AWS Guard Duty alerts when there were multiple remote IPs.
- Fixed bug when using flag
remove_from_bucket
. - Fixed bug when reading buckets generating more than 1000 logs in the same day.
- Increase
qty
ofaws.eventNames
and remove usage ofaws.eventSources
.
- ๐ Fix bug in cluster configuration when using Kubernetes (#2227).
- ๐ Fix network timeout setup in agent running on Windows. (#2185)
- ๐ Fix default values for the
<auto_ignore>
option. (#2210) - ๐ Fix bug that made Modulesd and Remoted crash on ARM architecture. (#2214)
- ๐ The regex parser included the next character after a group:
- ๐ Fixed buffer overflow hazard in FIM when performing change report on long paths on macOS platform. (#2285)
- ๐ Fix sending of the owner attribute when a file is created in Windows. (#2292)
- ๐ Fix audit reconnection to the Whodata socket (#2305)
- ๐ Fixed agent connection in TCP mode on Windows XP. (#2329)
- ๐ Fix log shown when a command reaches its timeout and
ignore_output
is enabled. (#2316) - Analysisd and Syscollector did not detect the number of cores on Raspberry Pi. (#2304)
- Analysisd and Syscollector did not detect the number of cores on CentOS 5. (#2340)