Subversion Repositories ALCASAR

************ ALCASAR CHANGELOG *********** 

************ ALCASAR CHANGELOG *********** 

-----------------------3.1.1----------------

-----------------------3.1.1----------------

BUGS

BUGS

	- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS).

	- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS).

-----------------------3.1-------------------

-----------------------3.1-------------------

NEWS

NEWS

	- The status window is now in a tab (no more popup).

	- The status window is now in a tab (no more popup).

	- Linux Kernel update (4.4.55) - coova-chilli updated (1.3.2) with IPSEC VPN resolve code (see #255 on coova github)

	- Linux Kernel update (4.4.55) - coova-chilli updated (1.3.2) with IPSEC VPN resolve code (see #255 on coova github)

	- network protocols filtering by user

	- network protocols filtering by user

	- The user is disconnected when his "status tab" is closed (no more watchdog for that)

	- The user is disconnected when his "status tab" is closed (no more watchdog for that)

ACC

ACC

	- Reporting of Week statistics (in PDF)

	- Reporting of Week statistics (in PDF)

	- the imputability logs can be displayed. All the users will be warned at their next connexion.

	- the imputability logs can be displayed. All the users will be warned at their next connexion.

	- admin connexion logs (when clicking on access counter)

	- admin connexion logs (when clicking on access counter)

BUGS

BUGS

	- manual user disconnexion in ACC (french page only)

	- manual user disconnexion in ACC (french page only)

-----------------------3.0.1----------------

-----------------------3.0.1----------------

BUGS

BUGS

	- Fix : filter_id when importing an old users database

	- Fix : filter_id when importing an old users database

	- Fix : dupplicate/remove users attributes

	- Fix : dupplicate/remove users attributes

	- Fix : passing trusted websites

	- Fix : passing trusted websites

-----------------------3.0-----------

-----------------------3.0-----------

NEWS

NEWS

	- Mageia 5.0 migration

	- Mageia 5.0 migration

	- ipt-netflow kernel module updated (V2.2) - coova-chilli updated (1.3.1.4)

	- ipt-netflow kernel module updated (V2.2) - coova-chilli updated (1.3.1.4)

	- HTTPS interception now works

	- HTTPS interception now works

	- user login name can be accentuated

	- user login name can be accentuated

	- A first BL category (malware) can be update on the fly via rsync

	- A first BL category (malware) can be update on the fly via rsync

	- Wildcard certificate can be used

	- Wildcard certificate can be used

	- a blacklist custom file is added (TOR nodes)

	- a blacklist custom file is added (TOR nodes)

ACC

ACC

	- freeradius-web framework has been removed

	- freeradius-web framework has been removed

	- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)

	- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)

	- the network settings can be change (lan_ip_@, GW, DNS, etc.)

	- the network settings can be change (lan_ip_@, GW, DNS, etc.)

	- a first page in HTML5 (statistic / security)

	- a first page in HTML5 (statistic / security)

	- group attributes are displayed in the user edit page

	- group attributes are displayed in the user edit page

	- The menu of ACC is displayed according to the profile rights

	- The menu of ACC is displayed according to the profile rights

	- reoganisation of OSSI custom files (BL & WL)

	- reoganisation of OSSI custom files (BL & WL)

BUGS

BUGS

	- The Whitelist now works fine

	- The Whitelist now works fine

	- The passwords can be longer than 15 digits

	- The passwords can be longer than 15 digits

-----------------------2.9.2 -----------------------

-----------------------2.9.2 -----------------------

	- MAC auth equipments are automatically logged just after creation

	- MAC auth equipments are automatically logged just after creation

BUGS

BUGS

	- MAC auth equipments in DHCP mode are logout after lease time. They can't be automatically reconnected

	- MAC auth equipments in DHCP mode are logout after lease time. They can't be automatically reconnected

ACC

ACC

	- PHP : migration of the deprecated functions --> should be continued for the V3

	- PHP : migration of the deprecated functions --> should be continued for the V3

------------------------2.9-1 ------------------------

------------------------2.9-1 ------------------------

BUGS

BUGS

	- Problem with the resolver DNS at the time of the installation

	- Problem with the resolver DNS at the time of the installation

	- Configuration with external DHCP

	- Configuration with external DHCP

	- integration of an internal DNS in automatic configuration (alcasar-dns-local.sh)

	- integration of an internal DNS in automatic configuration (alcasar-dns-local.sh)

	- "SMS autoregistration" link in the 'intercept' page (if the service is enabled)

	- "SMS autoregistration" link in the 'intercept' page (if the service is enabled)

	- It's now possible to update via ssh

	- It's now possible to update via ssh

ACC

ACC

	- show user info (name & surname) in the "activity" screen (if set)

	- show user info (name & surname) in the "activity" screen (if set)

------------------------2.9 ------------------------

------------------------2.9 ------------------------

BUGS

BUGS

	- Configuration radius with PAP module (remove a warning)

	- Configuration radius with PAP module (remove a warning)

	- Fix an issue when INTIF is a Gb/s card (generic-receive-offload : off)

	- Fix an issue when INTIF is a Gb/s card (generic-receive-offload : off)

	- BL/WL/Antivirus filtering now works with MAC authentication

	- BL/WL/Antivirus filtering now works with MAC authentication

ACC

ACC

	- simplify the user registration menu

	- simplify the user registration menu

	- import a file containing a list of blacklist ip addresses or DNS names (ie : CERT)

	- import a file containing a list of blacklist ip addresses or DNS names (ie : CERT)

	- reboot or halt the system is now possible

	- reboot or halt the system is now possible

------------------------2.8.1 -----------------------

------------------------2.8.1 -----------------------

BUG	- a security hole has been patch (EDB-ID: 34595 - OSVDB-ID: 111026)

BUG	- a security hole has been patch (EDB-ID: 34595 - OSVDB-ID: 111026)

	- In the intercept page, fix the behaviour (loop) when the user writes "logout" as url

	- In the intercept page, fix the behaviour (loop) when the user writes "logout" as url

	- correction in "session time" radius counter (thanks to Olivier HOUSSENBAY)

	- correction in "session time" radius counter (thanks to Olivier HOUSSENBAY)

----------------------- 2.8  -----------------------

----------------------- 2.8  -----------------------

BUGS	- The file "alcasar-services" is now sorted

BUGS	- The file "alcasar-services" is now sorted

	- New graphic option in grub conf file in order to fix issues with mini-itx-ATOM moterboard

	- New graphic option in grub conf file in order to fix issues with mini-itx-ATOM moterboard

NEWS

NEWS

	- Firewall-eyes and AWstat are removed from ACC

	- Firewall-eyes and AWstat are removed from ACC

	- Creation of a netflow probe (kernel module)

	- Creation of a netflow probe (kernel module)

	- complete network statistics can be viewed in ACC (nfsen)

	- complete network statistics can be viewed in ACC (nfsen)

	- The porttracker nfsen module allows to view network statistics by protocols

	- The porttracker nfsen module allows to view network statistics by protocols

	- The imputability files are now included in a single archive file (one per week)

	- The imputability files are now included in a single archive file (one per week)

	- The Alcasar name includes the domain name ('localdomain' by default). We prepare the future when we will include the domain name of company.

	- The Alcasar name includes the domain name ('localdomain' by default). We prepare the future when we will include the domain name of company.

----------------------  2.7.2  ---------------------

----------------------  2.7.2  ---------------------

BUGS

BUGS

	- Modify the unit 'radiusd.service in order to wait for mysql

	- Modify the unit 'radiusd.service in order to wait for mysql

	- Creation of an unit 'loadbalancing.service' instead of init.d script

	- Creation of an unit 'loadbalancing.service' instead of init.d script

	- Removing the rc.local file

	- Removing the rc.local file

NEWS

NEWS

	- Add fail2ban on the following attacks : ssh, https (ACC admin page), Unix accounts

	- Add fail2ban on the following attacks : ssh, https (ACC admin page), Unix accounts

	- Creation of a security page in the ACC : fail2ban alerts, virus stopped by havp+clamav, MAC addresses bloqued by the watchdog process (usurped) 

	- Creation of a security page in the ACC : fail2ban alerts, virus stopped by havp+clamav, MAC addresses bloqued by the watchdog process (usurped) 

----------------------   2.7.1  -----------------

----------------------   2.7.1  -----------------

BUGs

BUGs

	- Fix multi-users voucher

	- Fix multi-users voucher

	- Fix a mageia2 bug in network function

	- Fix a mageia2 bug in network function

NEWS

NEWS

	- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains

	- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains

	- Show the blacklist category in "Acces denied" page

	- Show the blacklist category in "Acces denied" page

	- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)

	- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)

----------------------   2.7  -----------------

----------------------   2.7  -----------------

BUGs

BUGs

	- some corrections in the connection popup

	- some corrections in the connection popup

	- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)

	- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)

NEWS

NEWS

ACC

ACC

	- show user information when trusted equipment are listed (better than only MAC address)

	- show user information when trusted equipment are listed (better than only MAC address)

	- main page : doesn't show the date of installation in the version field (can be confused)

	- main page : doesn't show the date of installation in the version field (can be confused)

Install

Install

	- show the GPL

	- show the GPL

----------------------   2.6.0.1  -----------------

----------------------   2.6.0.1  -----------------

Bugs

Bugs

	- the deleted library fpdf has been restored

	- the deleted library fpdf has been restored

	- the mysqld and radiusd services are restarted when ALCASAR is launched

	- the mysqld and radiusd services are restarted when ALCASAR is launched

----------------------   2.6   --------------------

----------------------   2.6   --------------------

Bugs

Bugs

	- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.

	- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.

	- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output

	- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output

	- re-activation of COA between radius and coova (radius disconnect the users directly).

	- re-activation of COA between radius and coova (radius disconnect the users directly).

	- clears the script "alcasar-mysql.sh --expire_user" users having an expiry date than 7 days

	- clears the script "alcasar-mysql.sh --expire_user" users having an expiry date than 7 days

	- user pages translations in portugese

	- user pages translations in portugese

	- voucher ticket with logo of organism

	- voucher ticket with logo of organism

	- intercept page with exception links

	- intercept page with exception links

	- the needed RPM for ALCASAR can be downloaded with the new script "alcasar-rpm-dowmload.sh" 

	- the needed RPM for ALCASAR can be downloaded with the new script "alcasar-rpm-dowmload.sh" 

----------------------   2.5   --------------------

----------------------   2.5   --------------------

Bugs

Bugs

	- watchdog of Daemons for service's test

	- watchdog of Daemons for service's test

	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses

	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses

	- reading of alcasar.conf file parameters more securely

	- reading of alcasar.conf file parameters more securely

- installation à partir d'un mandriva 2010.2

- installation à partir d'un mandriva 2010.2

- diminution des ressource système (travail d'HAVP en mémoire plutôt que sur le disque)

- diminution des ressource système (travail d'HAVP en mémoire plutôt que sur le disque)

- distinction des fichiers de log (traçabilité - ssh - accès exterieur)

- distinction des fichiers de log (traçabilité - ssh - accès exterieur)

- amélioration du processus de mise à jour (prise en compte du numéro de version)

- amélioration du processus de mise à jour (prise en compte du numéro de version)

- simplification du processus de mise à jour (prise en compte mdv 2010.2)

- simplification du processus de mise à jour (prise en compte mdv 2010.2)

- déplacement du répertoire 'digest' vers /usr/local/etc/

- déplacement du répertoire 'digest' vers /usr/local/etc/

- correction horodatage des logs awstat

- correction horodatage des logs awstat

- inclusion d'un fichier de nommage DNS local

- inclusion d'un fichier de nommage DNS local

- inclusion d'un fichier 'alcasar-ethers' permettant la réservation d'adresses IP par Dnsmasq

- inclusion d'un fichier 'alcasar-ethers' permettant la réservation d'adresses IP par Dnsmasq

- inclusion d'un fichier 'alcasar-dns-name' permettant de définir des associations @IP <--> DNS par Dnsmasq

- inclusion d'un fichier 'alcasar-dns-name' permettant de définir des associations @IP <--> DNS par Dnsmasq

- qq bugs mineurs (ntpd, adresse coova 1.0.0.0, etc.)

- qq bugs mineurs (ntpd, adresse coova 1.0.0.0, etc.)

- mise à jour de la documentation technique

- mise à jour de la documentation technique

- ajout des switchs en '--' pour remplacer les '-' des scripts

- ajout des switchs en '--' pour remplacer les '-' des scripts

- accès authentifié à la la page de garde du centre de gestion

- accès authentifié à la la page de garde du centre de gestion

- Prise en compte du script "alcasar-iptables-local.sh" dans le cadre du ByPass

- Prise en compte du script "alcasar-iptables-local.sh" dans le cadre du ByPass

- Prise en compte des catégories de la BL dans l'interface de gestion

- Prise en compte des catégories de la BL dans l'interface de gestion