Wazuh v3.9.0 Release Notes
Release Date: 2019-05-02 // about 5 years ago-
➕ Added
- 🔒 New module to perform Security Configuration Assessment scans. (#2598)
- New Logcollector features. (#2929)
- Fluent forwarder for agents. (#2828)
- 🏁 Collect network and port inventory for Windows XP/Server 2003. (#2464)
- Included inventory fields as dynamic fields in events to use them in rules. (#2441)
- Added an option startup_healthcheck in FIM so that the the who-data health-check is optional. (#2323)
- The real agent IP is reported by the agent and shown in alerts and the App interface. (#2577)
- ➕ Added support for organizations in AWS wodle. (#2627)
- Added support for hot added symbolic links in Whodata. (#2466)
- ➕ Added
-t
option towazuh-clusterd
binary (#2691). - Added options
same_field
andnot_same_field
in rules to correlate dynamic fields between events. (#2689) - ➕ Added optional daemons start by default. (#2769)
- 🏁 Make the Windows installer to choose the appropriate
ossec.conf
file based on the System version. (#2773) - ➕ Added writer thread preference for Logcollector. (#2783)
- ➕ Added database deletion from Wazuh-DB for removed agents. (#3123)
🔄 Changed
- 🐎 Introduced a network buffer in Remoted to cache incomplete messages from agents. This improves the performance by preventing Remoted from waiting for complete messages. (#2528)
- 👌 Improved alerts about disconnected agents: they will contain the data about the disconnected agent, although the alert is actually produced by the manager. (#2379)
- 👍 PagerDuty integration plain text alert support (by @spartantri). (#2403)
- 👌 Improved Remoted start-up logging messages. (#2460)
- Let agent_auth warn when it receives extra input arguments. (#2489)
- ⚡️ Update the who-data related SELinux rules for Audit 3.0. This lets who-data work on Fedora 29. (#2419)
- 🔄 Changed data source for network interface's MAC address in Syscollector so that it will be able to get bonded interfaces' MAC. (#2550)
- ✅ Migrated unit tests from Check to TAP (Test Anything Protocol). (#2572)
- Now labels starting with
_
are reserved for internal use. (#2577) - Now AWS wodle fetches aws.requestParameters.disableApiTermination with an unified format (#2614)
- 👌 Improved overall performance in cluster (#2575)
- Some improvements has been made in the vulnerability-detector module. (#2603)
- 🔨 Refactor of decoded fields from the Windows eventchannel decoder. (#2684)
- 🗄 Deprecate global option
<queue_size>
for Analysisd. (#2729) - 🏁 Excluded noisy events from Windows Eventchannel. (#2763)
- 🖨 Replaced
printf
functions inagent-authd
. (#2830) - Replaced
strtoul()
using NULL arguments withatol()
in wodles config files. (#2801) - ➕ Added a more descriptive message for SSL error when agent-auth fails. (#2941)
- 🔄 Changed the starting Analysisd messages about loaded rules from
info
todebug
level. (#2881) - Re-structured messages for FIM module. (#2926)
- 🔄 Changed
diff
output in Syscheck for Windows. (#2969) - Replaced OSSEC e-mail subject with Wazuh in
ossec-maild
. (#2975) - ➕ Added keepalive in TCP to manage broken connections in
ossec-remoted
. (#3069) - 🔄 Change default restart interval for Docker listener module to one minute. (#2679)
🛠 Fixed
- 🛠 Fixed error in Syscollector for Windows older than Vista when gathering the hardware inventory. (#2326)
- 🛠 Fixed an error in the OSQuery configuration validation. (#2446)
- Prevent Integrator, Syslog Client and Mail forwarded from getting stuck while reading alerts.json. (#2498)
- 🛠 Fixed a bug that could make an Agent running on Windows XP close unexpectedly while receiving a WPK file. (#2486)
- Fixed ossec-control script in Solaris. (#2495)
- 🛠 Fixed a compilation error when building Wazuh in static linking mode with the Audit library enabled. (#2523)
- 🛠 Fixed a memory hazard in Analysisd on log pre-decoding for short logs (less than 5 bytes). (#2391)
- 🛠 Fixed defects reported by Cppcheck. (#2521)
- Double free in GeoIP data handling with IPv6.
- Buffer overlay when getting OS information.
- Check for successful memory allocation in Syscollector.
- 🛠 Fix out-of-memory error in Remoted when upgrading an agent with a big data chunk. (#2594)
- Re-registered agent are reassigned to correct groups when the multigroup is empty. (#2440)
- Wazuh manager starts regardless of the contents of local_decoder.xml. (#2465)
- Let Remoted wait for download module availability. (#2517)
- 🛠 Fix duplicate field names at some events for Windows eventchannel. (#2500)
- ✂ Delete empty fields from Windows Eventchannel alerts. (#2492)
- 🛠 Fixed memory leak and crash in Vulnerability Detector. (#2620)
- Prevent Analysisd from crashing when receiving an invalid Syscollector event. (#2621)
- 🛠 Fix a bug in the database synchronization module that left broken references of removed agents to groups. (#2628)
- 🛠 Fixed restart service in AIX. (#2674)
- Prevent Execd from becoming defunct when Active Response disabled. (#2692)
- 🛠 Fix error in Syscollector when unable to read the CPU frequency on agents. (#2740)
- 🛠 Fix Windows escape format affecting non-format messages. (#2725)
- Avoid a segfault in mail daemon due to the XML tags order in the
ossec.conf
. (#2711) - ⚡️ Prevent the key updating thread from starving in Remoted. (#2761)
- 🛠 Fixed error logging on Windows agent. (#2791)
- Let CIS-CAT decoder reuse the Wazuh DB connection socket. (#2800)
- 🛠 Fixed issue with
agent-auth
options without argument. (#2808) - 🛠 Fixed control of the frequency counter in alerts. (#2854)
- Ignore invalid files for agent groups. (#2895)
- 🛠 Fixed invalid behaviour when moving files in Whodata mode. (#2888)
- 🛠 Fixed deadlock in Remoted when updating the
keyentries
structure. (#2956) - 🛠 Fixed error in Whodata when one of the file permissions cannot be extracted. (#2940)
- 🛠 Fixed System32 and SysWOW64 event processing in Whodata. (#2935)
- 🛠 Fixed Syscheck hang when monitoring system directories. (#3059)
- 🛠 Fixed the package inventory for MAC OS X. (#3035)
- 🏁 Translated the Audit Policy fields from IDs for Windows events. (#2950)
- 🛠 Fixed broken pipe error when Wazuh-manager closes TCP connection. (#2965)
- 🛠 Fixed whodata mode on drives other than the main one. (#2989)
- 🛠 Fixed bug occurred in the database while removing an agent. (#2997)
- 🛠 Fixed duplicated alerts for Red Hat feed in
vulnerability-detector
. (#3000) - 🛠 Fixed bug when processing symbolic links in Whodata. (#3025)
- 🛠 Fixed option for ignoring paths in rootcheck. (#3058)
- 👍 Allow Wazuh service on MacOSX to be available without restart. (#3119)
- ⬆️ Ensure
internal_options.conf
file is overwritten on Windows upgrades. (#3153) - 🛠 Fixed the reading of the setting
attempts
of the Docker module. (#3067) - 🛠 Fix a memory leak in Docker listener module. (#2679)