Skip to content

Wazuh 3.9.0
Compare
Choose a tag to compare
@albertomn86 albertomn86 released this 02 May 21:05
· 22717 commits to master since this release
v3.9.0
18bac2d

Added

  • New module to perform Security Configuration Assessment scans. (#2598)
  • New Logcollector features. (#2929)
    • Let Logcollector filter files by content. (#2796)
    • Added a pattern exclusion option to Logcollector. (#2797)
    • Let Logcollector filter files by date. (#2799)
    • Let logcollector support wildcards on Windows. (#2898)
  • Fluent forwarder for agents. (#2828)
  • Collect network and port inventory for Windows XP/Server 2003. (#2464)
  • Included inventory fields as dynamic fields in events to use them in rules. (#2441)
  • Added an option startup_healthcheck in FIM so that the the who-data health-check is optional. (#2323)
  • The real agent IP is reported by the agent and shown in alerts and the App interface. (#2577)
  • Added support for organizations in AWS wodle. (#2627)
  • Added support for hot added symbolic links in Whodata. (#2466)
  • Added -t option to wazuh-clusterd binary (#2691).
  • Added options same_field and not_same_field in rules to correlate dynamic fields between events. (#2689)
  • Added optional daemons start by default. (#2769)
  • Make the Windows installer to choose the appropriate ossec.conf file based on the System version. (#2773)
  • Added writer thread preference for Logcollector. (#2783)
  • Added database deletion from Wazuh-DB for removed agents. (#3123)

Changed

  • Introduced a network buffer in Remoted to cache incomplete messages from agents. This improves the performance by preventing Remoted from waiting for complete messages. (#2528)
  • Improved alerts about disconnected agents: they will contain the data about the disconnected agent, although the alert is actually produced by the manager. (#2379)
  • PagerDuty integration plain text alert support (by @spartantri). (#2403)
  • Improved Remoted start-up logging messages. (#2460)
  • Let agent_auth warn when it receives extra input arguments. (#2489)
  • Update the who-data related SELinux rules for Audit 3.0. This lets who-data work on Fedora 29. (#2419)
  • Changed data source for network interface's MAC address in Syscollector so that it will be able to get bonded interfaces' MAC. (#2550)
  • Migrated unit tests from Check to TAP (Test Anything Protocol). (#2572)
  • Now labels starting with _ are reserved for internal use. (#2577)
  • Now AWS wodle fetches aws.requestParameters.disableApiTermination with an unified format (#2614)
  • Improved overall performance in cluster (#2575)
  • Some improvements has been made in the vulnerability-detector module. (#2603)
  • Refactor of decoded fields from the Windows eventchannel decoder. (#2684)
  • Deprecate global option <queue_size> for Analysisd. (#2729)
  • Excluded noisy events from Windows Eventchannel. (#2763)
  • Replaced printf functions in agent-authd. (#2830)
  • Replaced strtoul() using NULL arguments with atol() in wodles config files. (#2801)
  • Added a more descriptive message for SSL error when agent-auth fails. (#2941)
  • Changed the starting Analysisd messages about loaded rules from info to debug level. (#2881)
  • Re-structured messages for FIM module. (#2926)
  • Changed diff output in Syscheck for Windows. (#2969)
  • Replaced OSSEC e-mail subject with Wazuh in ossec-maild. (#2975)
  • Added keepalive in TCP to manage broken connections in ossec-remoted. (#3069)

Fixed

  • Fixed error in Syscollector for Windows older than Vista when gathering the hardware inventory. (#2326)
  • Fixed an error in the OSQuery configuration validation. (#2446)
  • Prevent Integrator, Syslog Client and Mail forwarded from getting stuck while reading alerts.json. (#2498)
  • Fixed a bug that could make an Agent running on Windows XP close unexpectedly while receiving a WPK file. (#2486)
  • Fixed ossec-control script in Solaris. (#2495)
  • Fixed a compilation error when building Wazuh in static linking mode with the Audit library enabled. (#2523)
  • Fixed a memory hazard in Analysisd on log pre-decoding for short logs (less than 5 bytes). (#2391)
  • Fixed defects reported by Cppcheck. (#2521)
    • Double free in GeoIP data handling with IPv6.
    • Buffer overlay when getting OS information.
    • Check for successful memory allocation in Syscollector.
  • Fix out-of-memory error in Remoted when upgrading an agent with a big data chunk. (#2594)
  • Re-registered agent are reassigned to correct groups when the multigroup is empty. (#2440)
  • Wazuh manager starts regardless of the contents of local_decoder.xml. (#2465)
  • Let Remoted wait for download module availability. (#2517)
  • Fix duplicate field names at some events for Windows eventchannel. (#2500)
  • Delete empty fields from Windows Eventchannel alerts. (#2492)
  • Fixed memory leak and crash in Vulnerability Detector. (#2620)
  • Prevent Analysisd from crashing when receiving an invalid Syscollector event. (#2621)
  • Fix a bug in the database synchronization module that left broken references of removed agents to groups. (#2628)
  • Fixed restart service in AIX. (#2674)
  • Prevent Execd from becoming defunct when Active Response disabled. (#2692)
  • Fix error in Syscollector when unable to read the CPU frequency on agents. (#2740)
  • Fix Windows escape format affecting non-format messages. (#2725)
  • Avoid a segfault in mail daemon due to the XML tags order in the ossec.conf. (#2711)
  • Prevent the key updating thread from starving in Remoted. (#2761)
  • Fixed error logging on Windows agent. (#2791)
  • Let CIS-CAT decoder reuse the Wazuh DB connection socket. (#2800)
  • Fixed issue with agent-auth options without argument. (#2808)
  • Fixed control of the frequency counter in alerts. (#2854)
  • Ignore invalid files for agent groups. (#2895)
  • Fixed invalid behaviour when moving files in Whodata mode. (#2888)
  • Fixed deadlock in Remoted when updating the keyentries structure. (#2956)
  • Fixed error in Whodata when one of the file permissions cannot be extracted. (#2940)
  • Fixed System32 and SysWOW64 event processing in Whodata. (#2935)
  • Fixed Syscheck hang when monitoring system directories. (#3059)
  • Fixed the package inventory for MAC OS X. (#3035)
  • Translated the Audit Policy fields from IDs for Windows events. (#2950)
  • Fixed broken pipe error when Wazuh-manager closes TCP connection. (#2965)
  • Fixed whodata mode on drives other than the main one. (#2989)
  • Fixed bug occurred in the database while removing an agent. (#2997)
  • Fixed duplicated alerts for Red Hat feed in vulnerability-detector. (#3000)
  • Fixed bug when processing symbolic links in Whodata. (#3025)
  • Fixed option for ignoring paths in rootcheck. (#3058)
  • Allow Wazuh service on MacOSX to be available without restart. (#3119)
  • Ensure internal_options.conf file is overwritten on Windows upgrades. (#3153)
  • Fixed the reading of the setting attempts of the Docker module. (#3067)
Assets 2