- Make Prelude-Manager thread backend independant.
- Add missing dlpreopening support for the SMTP plugin.
- Win32 compilation fixes.
- Various fixes and update.
Also various pkgsrc related fixes including DESTDIR support.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
- Improve thread safety when evicting events to disk.
- Handle IDMEF message version tag, which will be used in upcoming
libprelude version.
- Add support for newer GnuTLS 2.2.0 session priority functions. When
the option is available, the user might specify TLS settings through
the "tls-options" configuration entry.
- Fix a possible crash upon destruction of a bufpool that is writing to
a failover.
- Correct strtoul() error checking, when verifying scheduler options.
- In case a lot of message were being processed, the heartbeat timer
could be delayed for a long period of time.
- The old scheduler algorithm could be unfair when certain message priority
were not available for processing. We now appropriatly handle repartition
to others priority messages.
- Message of the same priority could be processed in the wrong order when
on-disk buffers were used.
- No integrity check were performed on orphan on-disk buffer in case of an
operating system crash. By using the prelude-failover API, we can now
detect possibly corrupted disk buffer, or resume at the time we stopped
recovering them.
- New sched-priority and sched-buffer-size configuration options.
- Fix a bug where several relaying plugin instance would only forward
their message to a single Manager.
- Make threshold act like a real threshold: pass every Nth events
in the defined amount of seconds.
- Allow mixing Limit and Threshold.
- Do not share the tresholding hash accross thresholding plugin instance:
previously, the shared hash would result in strange thresholding plugin
behavior if you had several instance of thresholding loaded.
- Various bug fixes concerning plugin instance un-subscribtion (unsubscribtion
of certain plugin was not triggered).
- Fix for new libprelude (0.9.15) runtime warning.
- Add documentation for SQLite3 in the template configuration file
(Sébastien Tricaud <toady at gscore.org>).
- Update configuration template, add documentation for Prelude
generic TCP options.
- Implement modified patch from Pierre Chifflier <chifflier@inl.fr>
to fix the example log path (fix#224).
- Move IDMEF message normalization in the scheduler, rather than
doing it upon reception. This remove some load from the server
and allow Prelude-Manager own IDMEF messages to go through the
normalizer path.
- Implement heartbeat->analyzer normalization.
- Improve IPv4 / IPv6 address normalization.
IPv4 mapped IPv6 addresses are now mapped back to IPv4.
Additionally, the Normalize plugin now provide two additionals option:
ipv6-only: Map any incoming IPv4 address to IPv6.
keep-ipv4-mapped-ipv6: do not map IPv4 mapped IPv6 addresses back to IPv4.
- Make a difference between exceptional report plugin failure (example:
a single message couldn't be processed) and "global" plugin failure
(example: database server is down). We use a different failover for
'exceptional' failure, so that we don't try to reinsert a bogus message
(fix#247).
- Start of a Prelude-Manager manpages (#236).
- Various bug fixes.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
- Initial implementation of the 'thresholding' plugin, allowing you to
suppress events after a certain limit/threshold.
- Filters hooking to a reporting plugin are now OR'ed instead of being
AND'ed. AND is already possible by hooking filtering plugin one with
another.
- Improved error reporting.
- Minor bug fixes.
- Fix a startup problem on system with different address of different family
mapping to the same IP.
- Fix for system using the GnuLib poll replacement modules. The module was
broken when used in conjunction with server socket.
- Various portability fixes
- In case an IDMEF-Service object contain neither name or port
attribute, set name to "unknown" in order to avoid IDMEF DTD
validation issue.
- Normalize analyzer(*).node.
PKG_SYSCONFDIR: 1) prelude-manager and 2) prelude (install by libprelude).
Consequently, PKG_SYSCONFSUBDIR can't be set to prelude-manager.
Corrected and PKGREVISION bumped.
- Enable write notification on queued write (Fix reverse relaying).
- Fix IDMEF message scheduler warning when plugin failover is enabled.
- Fix reverse relaying on some architecture due to thread safety
issue.
- Server scalability improvement in case of message burst.
- Start work on a normalization plugin. Very simple for now, mostly
sanitize IDMEF Address and IDMEF Service classes.
- When an analyzer have read and write permission to prelude-manager,
avoid acting as an echo server, don't send received message from this
analyzer to itself.
- When no listen address is specified, try to bind all
system address (both ipv4/ipv6).
- Send an alert to the peer on handshake failure, so that
the peer have some information on what happened.
- Consistency work accross all plugin logfile option.
- Various bug fixes and improvements.
- Only send TLS alert if there is one queued, fix a possible crash.
- Emit warning if prelude-failover problem arise.
- Improve error handling.
- Improve db plugin log option, "-" now mean stdout.
- Various bug fixes.
- prelude-manager has been updated to check the loaded revocation
list, if available. This was needed since the recent prelude-adduser
addition allowing to create analyzer revocation list.
- Remove line size limitation on specified IDMEF-criteria.
- Remove all ancillary groups as well as setgid-ing.
- Fix idmef-criteria-filter option conflict.
- Fix a possible crash if no listen address is specified, but a
reverse relay is used.
- Much better error reporting.
Prelude-Manager is a high availability server that accepts secured
connections from distributed sensors or other managers and saves
received events to a media specified by the user (database, logfile,
mail, etc).
sensors, managers, and a display console. This
is the manager. The Manager (there can be several
in an IDS network) accepts secured connections
from sensors and saves the alerts that Sensors
emit. This package installs the manager so that
mySql is used for alert storage.
This is one of several new Prelude packages.
