@vikman90 vikman90 released this Aug 10, 2018 · 259 commits to master since this release

Assets 2

Added

  • Improved configuration of OVAL updates. (#416)
  • Added selective agent software request in vulnerability-detector. (#404)
  • Get Linux packages inventory natively. (#441)
  • Get Windows packages inventory natively. (#471)
  • Supporting AES encryption for manager and agent. (#448)
  • Added Debian and Ubuntu 18 support in vulnerability-detector. (#470)
  • Added Rids Synchronization. (#459)
  • Added option for setting the group that the agent belongs to when registering it with authd (#460)
  • Added option for setting the source IP when the agent registers with authd (#460)
  • Added option to force the vulnerability detection in unsupported OS. (#462)
  • Get network inventory natively. (#546)
  • Add arch check for Red Hat's OVAL in vulnerability-detector. (#625)
  • Integration with Osquery. (#627)
    • Enrich osquery configuration with pack files aggregation and agent labels as decorators.
    • Launch osquery daemon in background.
    • Monitor results file and send them to the manager.
    • New option in rules <location> to filter events by osquery.
    • Support folders in shared configuration. This makes easy to send pack folders to agents.
    • Basic ruleset for osquery events and daemon logs.
  • Boost Remoted performance with multithreading. (#649)
    • Up to 16 parallel threads to decrypt messages from agents.
    • Limit the frequency of agent keys reloading.
    • Message input buffer in Analysisd to prevent control messages starvation in Remoted.
  • Module to download shared files for agent groups dinamically. (#519)
    • Added group creation for files.yml if the group does not exist. (#1010)
  • Added scheduling options to CIS-CAT integration. (#586)
  • Option to download the wpk using http in agent_upgrade. (#798)
  • Add 172.0.0.1 as manager IP when creating global.db. (#970)
  • New requests for Syscollector. (#728)
  • cluster_control shows an error if the status does not exist. (#1002)
  • Get Windows hardware inventory natively. (#831)
  • Get processes and ports inventory by the Syscollector module.
  • Added an integration with Kaspersky Endpoint Security for Linux via Active Response. (#1056)

Changed

  • Add default value for option -x in agent_control tool.
  • External libraries moved to an external repository.
  • Ignore OverlayFS directories on Rootcheck system scan.
  • Extracts agent's OS from the database instead of the agent-info.
  • Increases the maximum size of XML parser to 20KB.
  • Extract CVE instead of RHSA codes into vulnerability-detector. (#549)
  • Store CIS-CAT results into Wazuh DB. (#568)
  • Add profile information to CIS-CAT reports. (#658)
  • Merge external libraries into a unique shared library. (#620)
  • Cluster log rotation: set correct permissions and store rotations in /logs/ossec. (#667)
  • Distinct requests don't allow limit=0 or limit>maximun_limit. (#1007)
  • Deprecated arguments -i, -F and -r for Authd. (#1013)
  • Increase the internal memory for real-time from 12 KiB to 64 KiB. (#1062)

Fixed

  • Fixed invalid alerts reported by Syscollector when the event contains the word "error". (#461)
  • Silenced Vuls integration starting and ending alerts. (#541)
  • Fix problem comparing releases of ubuntu packages. (#556)
  • Windows delete pending active-responses before reset agent. (#563)
  • Fix bug in Rootcheck for Windows that searches for keys in 32-bit mode only. (#566)
  • Alert when unmerge files fails on agent. (#731)
  • Fixed bugs reading logs in framework. (#856)
  • Ignore uppercase and lowercase sorting an array in framework. (#814)
  • Cluster: reject connection if the client node has a different cluster name. (#892)
  • Prevent the JSON object must be str, not 'bytes' error. (#997)
  • Fix long sleep times in vulnerability detector.
  • Fix inconsistency in the alerts format for the manager in vulnerability-detector.
  • Fix bug when processing the packages in vulnerability-detector.
  • Prevent to process Syscollector events by the JSON decoder. (#674)
  • Stop Syscollector data storage into Wazuh DB when an error appears. (#674)
  • Fix bug in Syscheck that reported false positive about removed files. (#1044)
  • Fix bug in Syscheck that misinterpreted no_diff option. (#1046)
  • Fixes in file integrity monitoring for Windows. (#1062)
    • Fix Windows agent crash if FIM fails to extract the file owner.
    • Prevent FIM real-time mode on Windows from stopping if the internal buffer gets overflowed.
  • Prevent large logs from flooding the log file by Logcollector. (#1067)

Removed

  • Deleted Lua language support.
  • Deleted integration with Vuls. (#879)
  • Deleted agent_list tool, replaced by agent_control. (#ba0265b)