Subversion Repositories ALCASAR

Rev

Rev 2163 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2163 Rev 2164
Line 1... Line 1...
1
# $Id: CHANGELOG 2163 2017-04-06 19:42:48Z tom.houdayer $
1
# $Id: CHANGELOG 2164 2017-04-06 21:37:55Z richard $
2
************ ALCASAR CHANGELOG *********** 
2
************ ALCASAR CHANGELOG *********** 
3
 
-
 
4
-----------------------3.1.1----------------
3
-----------------------3.1.1----------------
-
 
4
NEWS
-
 
5
	- Linux Kernel (4.4.59)
5
BUGS
6
BUGS
6
	- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS).
7
	- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS).
-
 
8
	- The users can change their password
7
 
9
 
8
-----------------------3.1-------------------
10
-----------------------3.1-------------------
9
NEWS
11
NEWS
10
 
-
 
11
	- The status window is now in a tab (no more popup).
12
	- The status window is now in a tab (no more popup).
12
	- Linux Kernel update (4.4.55) - coova-chilli updated (1.3.2) with IPSEC VPN resolve code (see #255 on coova github)
13
	- Linux Kernel update (4.4.55) - coova-chilli updated (1.3.2) with IPSEC VPN resolve code (see #255 on coova github)
13
	- network protocols filtering by user
14
	- network protocols filtering by user
14
	- The user is disconnected when his "status tab" is closed (no more watchdog for that)
15
	- The user is disconnected when his "status tab" is closed (no more watchdog for that)
15
ACC
16
ACC
Line 20... Line 21...
20
	- Reporting of Week statistics (in PDF)
21
	- Reporting of Week statistics (in PDF)
21
	- the imputability logs can be displayed. All the users will be warned at their next connexion.
22
	- the imputability logs can be displayed. All the users will be warned at their next connexion.
22
	- admin connexion logs (when clicking on access counter)
23
	- admin connexion logs (when clicking on access counter)
23
BUGS
24
BUGS
24
	- manual user disconnexion in ACC (french page only)
25
	- manual user disconnexion in ACC (french page only)
25
	- import BlackList file : doesn't work with domain name longer than 3 letters (ie : .info)
26
	- import BlackList file : doesn't work with domain name longer than 3 letters (ie : .info)	
26
	
-
 
27
 
27
 
28
-----------------------3.0.1----------------
28
-----------------------3.0.1----------------
29
BUGS
29
BUGS
30
	- Fix : filter_id when importing an old users database
30
	- Fix : filter_id when importing an old users database
31
	- Fix : dupplicate/remove users attributes
31
	- Fix : dupplicate/remove users attributes
32
	- Fix : passing trusted websites
32
	- Fix : passing trusted websites
-
 
33
 
33
-----------------------3.0-----------
34
-----------------------3.0-----------
34
NEWS
35
NEWS
35
	- Mageia 5.0 migration
36
	- Mageia 5.0 migration
36
	- ipt-netflow kernel module updated (V2.2) - coova-chilli updated (1.3.1.4)
37
	- ipt-netflow kernel module updated (V2.2) - coova-chilli updated (1.3.1.4)
37
	- HTTPS interception now works
38
	- HTTPS interception now works
38
	- user login name can be accentuated
39
	- user login name can be accentuated
39
	- A first BL category (malware) can be update on the fly via rsync
40
	- A first BL category (malware) can be update on the fly via rsync
40
	- Wildcard certificate can be used
41
	- Wildcard certificate can be used
41
	- a blacklist custom file is added (TOR nodes)
42
	- a blacklist custom file is added (TOR nodes)
42
	
-
 
43
ACC
43
ACC
44
	- freeradius-web framework has been removed
44
	- freeradius-web framework has been removed
45
	- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)
45
	- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)
46
	- the network settings can be change (lan_ip_@, GW, DNS, etc.)
46
	- the network settings can be change (lan_ip_@, GW, DNS, etc.)
47
	- a first page in HTML5 (statistic / security)
47
	- a first page in HTML5 (statistic / security)
48
	- group attributes are displayed in the user edit page
48
	- group attributes are displayed in the user edit page
49
	- The menu of ACC is displayed according to the profile rights
49
	- The menu of ACC is displayed according to the profile rights
50
	- reoganisation of OSSI custom files (BL & WL)
50
	- reoganisation of OSSI custom files (BL & WL)
51
	
-
 
52
BUGS
51
BUGS
53
	- The Whitelist now works fine
52
	- The Whitelist now works fine
54
	- The passwords can be longer than 15 digits
53
	- The passwords can be longer than 15 digits
55
	
54
	
56
-----------------------2.9.2 -----------------------
55
-----------------------2.9.2 -----------------------
Line 62... Line 61...
62
	- MAC auth equipments are automatically logged just after creation
61
	- MAC auth equipments are automatically logged just after creation
63
BUGS
62
BUGS
64
	- MAC auth equipments in DHCP mode are logout after lease time. They can't be automatically reconnected
63
	- MAC auth equipments in DHCP mode are logout after lease time. They can't be automatically reconnected
65
ACC
64
ACC
66
	- PHP : migration of the deprecated functions --> should be continued for the V3
65
	- PHP : migration of the deprecated functions --> should be continued for the V3
-
 
66
 
67
------------------------2.9-1 ------------------------
67
------------------------2.9-1 ------------------------
68
 
68
 
69
BUGS
69
BUGS
70
	- Problem with the resolver DNS at the time of the installation
70
	- Problem with the resolver DNS at the time of the installation
71
	- Configuration with external DHCP
71
	- Configuration with external DHCP
Line 74... Line 74...
74
	- integration of an internal DNS in automatic configuration (alcasar-dns-local.sh)
74
	- integration of an internal DNS in automatic configuration (alcasar-dns-local.sh)
75
	- "SMS autoregistration" link in the 'intercept' page (if the service is enabled)
75
	- "SMS autoregistration" link in the 'intercept' page (if the service is enabled)
76
	- It's now possible to update via ssh
76
	- It's now possible to update via ssh
77
ACC
77
ACC
78
	- show user info (name & surname) in the "activity" screen (if set)
78
	- show user info (name & surname) in the "activity" screen (if set)
-
 
79
 
79
------------------------2.9 ------------------------
80
------------------------2.9 ------------------------
80
 
81
 
81
BUGS
82
BUGS
82
	- Configuration radius with PAP module (remove a warning)
83
	- Configuration radius with PAP module (remove a warning)
83
	- Fix an issue when INTIF is a Gb/s card (generic-receive-offload : off)
84
	- Fix an issue when INTIF is a Gb/s card (generic-receive-offload : off)
Line 94... Line 95...
94
	- BL/WL/Antivirus filtering now works with MAC authentication
95
	- BL/WL/Antivirus filtering now works with MAC authentication
95
ACC
96
ACC
96
	- simplify the user registration menu
97
	- simplify the user registration menu
97
	- import a file containing a list of blacklist ip addresses or DNS names (ie : CERT)
98
	- import a file containing a list of blacklist ip addresses or DNS names (ie : CERT)
98
	- reboot or halt the system is now possible
99
	- reboot or halt the system is now possible
-
 
100
 
99
------------------------2.8.1 -----------------------
101
------------------------2.8.1 -----------------------
100
BUG	- a security hole has been patch (EDB-ID: 34595 - OSVDB-ID: 111026)
102
BUG	- a security hole has been patch (EDB-ID: 34595 - OSVDB-ID: 111026)
101
	- In the intercept page, fix the behaviour (loop) when the user writes "logout" as url
103
	- In the intercept page, fix the behaviour (loop) when the user writes "logout" as url
102
	- correction in "session time" radius counter (thanks to Olivier HOUSSENBAY)
104
	- correction in "session time" radius counter (thanks to Olivier HOUSSENBAY)
-
 
105
 
103
----------------------- 2.8  -----------------------
106
----------------------- 2.8  -----------------------
104
BUGS	- The file "alcasar-services" is now sorted
107
BUGS	- The file "alcasar-services" is now sorted
105
	- New graphic option in grub conf file in order to fix issues with mini-itx-ATOM moterboard
108
	- New graphic option in grub conf file in order to fix issues with mini-itx-ATOM moterboard
106
NEWS
109
NEWS
107
	- Firewall-eyes and AWstat are removed from ACC
110
	- Firewall-eyes and AWstat are removed from ACC
Line 109... Line 112...
109
	- Creation of a netflow probe (kernel module)
112
	- Creation of a netflow probe (kernel module)
110
	- complete network statistics can be viewed in ACC (nfsen)
113
	- complete network statistics can be viewed in ACC (nfsen)
111
	- The porttracker nfsen module allows to view network statistics by protocols
114
	- The porttracker nfsen module allows to view network statistics by protocols
112
	- The imputability files are now included in a single archive file (one per week)
115
	- The imputability files are now included in a single archive file (one per week)
113
	- The Alcasar name includes the domain name ('localdomain' by default). We prepare the future when we will include the domain name of company.
116
	- The Alcasar name includes the domain name ('localdomain' by default). We prepare the future when we will include the domain name of company.
-
 
117
 
114
----------------------  2.7.2  ---------------------
118
----------------------  2.7.2  ---------------------
115
BUGS
119
BUGS
116
	- Modify the unit 'radiusd.service in order to wait for mysql
120
	- Modify the unit 'radiusd.service in order to wait for mysql
117
	- Creation of an unit 'loadbalancing.service' instead of init.d script
121
	- Creation of an unit 'loadbalancing.service' instead of init.d script
118
	- Removing the rc.local file
122
	- Removing the rc.local file
119
NEWS
123
NEWS
120
	- Add fail2ban on the following attacks : ssh, https (ACC admin page), Unix accounts
124
	- Add fail2ban on the following attacks : ssh, https (ACC admin page), Unix accounts
121
	- Creation of a security page in the ACC : fail2ban alerts, virus stopped by havp+clamav, MAC addresses bloqued by the watchdog process (usurped) 
125
	- Creation of a security page in the ACC : fail2ban alerts, virus stopped by havp+clamav, MAC addresses bloqued by the watchdog process (usurped) 
-
 
126
 
122
----------------------   2.7.1  -----------------
127
----------------------   2.7.1  -----------------
123
BUGs
128
BUGs
124
	- Fix multi-users voucher
129
	- Fix multi-users voucher
125
	- Fix a mageia2 bug in network function
130
	- Fix a mageia2 bug in network function
126
NEWS
131
NEWS
127
	- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains
132
	- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains
128
	- Show the blacklist category in "Acces denied" page
133
	- Show the blacklist category in "Acces denied" page
129
	- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)
134
	- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)
-
 
135
 
130
----------------------   2.7  -----------------
136
----------------------   2.7  -----------------
131
BUGs
137
BUGs
132
	- some corrections in the connection popup
138
	- some corrections in the connection popup
133
	- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)
139
	- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)
134
NEWS
140
NEWS
Line 150... Line 156...
150
ACC
156
ACC
151
	- show user information when trusted equipment are listed (better than only MAC address)
157
	- show user information when trusted equipment are listed (better than only MAC address)
152
	- main page : doesn't show the date of installation in the version field (can be confused)
158
	- main page : doesn't show the date of installation in the version field (can be confused)
153
Install
159
Install
154
	- show the GPL
160
	- show the GPL
-
 
161
 
155
----------------------   2.6.0.1  -----------------
162
----------------------   2.6.0.1  -----------------
156
Bugs
163
Bugs
157
	- the deleted library fpdf has been restored
164
	- the deleted library fpdf has been restored
158
	- the mysqld and radiusd services are restarted when ALCASAR is launched
165
	- the mysqld and radiusd services are restarted when ALCASAR is launched
-
 
166
 
159
----------------------   2.6   --------------------
167
----------------------   2.6   --------------------
160
Bugs
168
Bugs
161
	- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
169
	- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
162
	- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
170
	- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
163
	- re-activation of COA between radius and coova (radius disconnect the users directly).
171
	- re-activation of COA between radius and coova (radius disconnect the users directly).
Line 184... Line 192...
184
	- clears the script "alcasar-mysql.sh --expire_user" users having an expiry date than 7 days
192
	- clears the script "alcasar-mysql.sh --expire_user" users having an expiry date than 7 days
185
	- user pages translations in portugese
193
	- user pages translations in portugese
186
	- voucher ticket with logo of organism
194
	- voucher ticket with logo of organism
187
	- intercept page with exception links
195
	- intercept page with exception links
188
	- the needed RPM for ALCASAR can be downloaded with the new script "alcasar-rpm-dowmload.sh" 
196
	- the needed RPM for ALCASAR can be downloaded with the new script "alcasar-rpm-dowmload.sh" 
-
 
197
 
189
----------------------   2.5   --------------------
198
----------------------   2.5   --------------------
190
Bugs
199
Bugs
191
	- watchdog of Daemons for service's test
200
	- watchdog of Daemons for service's test
192
	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
201
	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
193
	- reading of alcasar.conf file parameters more securely
202
	- reading of alcasar.conf file parameters more securely
Line 280... Line 289...
280
- installation à partir d'un mandriva 2010.2
289
- installation à partir d'un mandriva 2010.2
281
- diminution des ressource système (travail d'HAVP en mémoire plutôt que sur le disque)
290
- diminution des ressource système (travail d'HAVP en mémoire plutôt que sur le disque)
282
- distinction des fichiers de log (traçabilité - ssh - accès exterieur)
291
- distinction des fichiers de log (traçabilité - ssh - accès exterieur)
283
- amélioration du processus de mise à jour (prise en compte du numéro de version)
292
- amélioration du processus de mise à jour (prise en compte du numéro de version)
284
 
293
 
285
---- 2.0.1 ----
294
---------------------- 2.0.1 ---------------------
286
- simplification du processus de mise à jour (prise en compte mdv 2010.2)
295
- simplification du processus de mise à jour (prise en compte mdv 2010.2)
287
- déplacement du répertoire 'digest' vers /usr/local/etc/
296
- déplacement du répertoire 'digest' vers /usr/local/etc/
288
- correction horodatage des logs awstat
297
- correction horodatage des logs awstat
289
- inclusion d'un fichier de nommage DNS local
298
- inclusion d'un fichier de nommage DNS local
290
- inclusion d'un fichier 'alcasar-ethers' permettant la réservation d'adresses IP par Dnsmasq
299
- inclusion d'un fichier 'alcasar-ethers' permettant la réservation d'adresses IP par Dnsmasq
291
- inclusion d'un fichier 'alcasar-dns-name' permettant de définir des associations @IP <--> DNS par Dnsmasq
300
- inclusion d'un fichier 'alcasar-dns-name' permettant de définir des associations @IP <--> DNS par Dnsmasq
292
- qq bugs mineurs (ntpd, adresse coova 1.0.0.0, etc.)
301
- qq bugs mineurs (ntpd, adresse coova 1.0.0.0, etc.)
293
 
302
 
294
---- 2.0 ----
303
----------------------- 2.0 ---------------------
295
- mise à jour de la documentation technique
304
- mise à jour de la documentation technique
296
- ajout des switchs en '--' pour remplacer les '-' des scripts
305
- ajout des switchs en '--' pour remplacer les '-' des scripts
297
- accès authentifié à la la page de garde du centre de gestion
306
- accès authentifié à la la page de garde du centre de gestion
298
- Prise en compte du script "alcasar-iptables-local.sh" dans le cadre du ByPass
307
- Prise en compte du script "alcasar-iptables-local.sh" dans le cadre du ByPass
299
- Prise en compte des catégories de la BL dans l'interface de gestion
308
- Prise en compte des catégories de la BL dans l'interface de gestion