Line 1... |
Line 1... |
1 |
# $Id: CHANGELOG 2163 2017-04-06 19:42:48Z tom.houdayer $
|
1 |
# $Id: CHANGELOG 2164 2017-04-06 21:37:55Z richard $
|
2 |
************ ALCASAR CHANGELOG ***********
|
2 |
************ ALCASAR CHANGELOG ***********
|
3 |
|
- |
|
4 |
-----------------------3.1.1----------------
|
3 |
-----------------------3.1.1----------------
|
- |
|
4 |
NEWS
|
- |
|
5 |
- Linux Kernel (4.4.59)
|
5 |
BUGS
|
6 |
BUGS
|
6 |
- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS).
|
7 |
- Fix vulnerabilities in the public part (1 SQL injection & 2 XSS).
|
- |
|
8 |
- The users can change their password
|
7 |
|
9 |
|
8 |
-----------------------3.1-------------------
|
10 |
-----------------------3.1-------------------
|
9 |
NEWS
|
11 |
NEWS
|
10 |
|
- |
|
11 |
- The status window is now in a tab (no more popup).
|
12 |
- The status window is now in a tab (no more popup).
|
12 |
- Linux Kernel update (4.4.55) - coova-chilli updated (1.3.2) with IPSEC VPN resolve code (see #255 on coova github)
|
13 |
- Linux Kernel update (4.4.55) - coova-chilli updated (1.3.2) with IPSEC VPN resolve code (see #255 on coova github)
|
13 |
- network protocols filtering by user
|
14 |
- network protocols filtering by user
|
14 |
- The user is disconnected when his "status tab" is closed (no more watchdog for that)
|
15 |
- The user is disconnected when his "status tab" is closed (no more watchdog for that)
|
15 |
ACC
|
16 |
ACC
|
Line 20... |
Line 21... |
20 |
- Reporting of Week statistics (in PDF)
|
21 |
- Reporting of Week statistics (in PDF)
|
21 |
- the imputability logs can be displayed. All the users will be warned at their next connexion.
|
22 |
- the imputability logs can be displayed. All the users will be warned at their next connexion.
|
22 |
- admin connexion logs (when clicking on access counter)
|
23 |
- admin connexion logs (when clicking on access counter)
|
23 |
BUGS
|
24 |
BUGS
|
24 |
- manual user disconnexion in ACC (french page only)
|
25 |
- manual user disconnexion in ACC (french page only)
|
25 |
- import BlackList file : doesn't work with domain name longer than 3 letters (ie : .info)
|
26 |
- import BlackList file : doesn't work with domain name longer than 3 letters (ie : .info)
|
26 |
|
- |
|
27 |
|
27 |
|
28 |
-----------------------3.0.1----------------
|
28 |
-----------------------3.0.1----------------
|
29 |
BUGS
|
29 |
BUGS
|
30 |
- Fix : filter_id when importing an old users database
|
30 |
- Fix : filter_id when importing an old users database
|
31 |
- Fix : dupplicate/remove users attributes
|
31 |
- Fix : dupplicate/remove users attributes
|
32 |
- Fix : passing trusted websites
|
32 |
- Fix : passing trusted websites
|
- |
|
33 |
|
33 |
-----------------------3.0-----------
|
34 |
-----------------------3.0-----------
|
34 |
NEWS
|
35 |
NEWS
|
35 |
- Mageia 5.0 migration
|
36 |
- Mageia 5.0 migration
|
36 |
- ipt-netflow kernel module updated (V2.2) - coova-chilli updated (1.3.1.4)
|
37 |
- ipt-netflow kernel module updated (V2.2) - coova-chilli updated (1.3.1.4)
|
37 |
- HTTPS interception now works
|
38 |
- HTTPS interception now works
|
38 |
- user login name can be accentuated
|
39 |
- user login name can be accentuated
|
39 |
- A first BL category (malware) can be update on the fly via rsync
|
40 |
- A first BL category (malware) can be update on the fly via rsync
|
40 |
- Wildcard certificate can be used
|
41 |
- Wildcard certificate can be used
|
41 |
- a blacklist custom file is added (TOR nodes)
|
42 |
- a blacklist custom file is added (TOR nodes)
|
42 |
|
- |
|
43 |
ACC
|
43 |
ACC
|
44 |
- freeradius-web framework has been removed
|
44 |
- freeradius-web framework has been removed
|
45 |
- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)
|
45 |
- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)
|
46 |
- the network settings can be change (lan_ip_@, GW, DNS, etc.)
|
46 |
- the network settings can be change (lan_ip_@, GW, DNS, etc.)
|
47 |
- a first page in HTML5 (statistic / security)
|
47 |
- a first page in HTML5 (statistic / security)
|
48 |
- group attributes are displayed in the user edit page
|
48 |
- group attributes are displayed in the user edit page
|
49 |
- The menu of ACC is displayed according to the profile rights
|
49 |
- The menu of ACC is displayed according to the profile rights
|
50 |
- reoganisation of OSSI custom files (BL & WL)
|
50 |
- reoganisation of OSSI custom files (BL & WL)
|
51 |
|
- |
|
52 |
BUGS
|
51 |
BUGS
|
53 |
- The Whitelist now works fine
|
52 |
- The Whitelist now works fine
|
54 |
- The passwords can be longer than 15 digits
|
53 |
- The passwords can be longer than 15 digits
|
55 |
|
54 |
|
56 |
-----------------------2.9.2 -----------------------
|
55 |
-----------------------2.9.2 -----------------------
|
Line 62... |
Line 61... |
62 |
- MAC auth equipments are automatically logged just after creation
|
61 |
- MAC auth equipments are automatically logged just after creation
|
63 |
BUGS
|
62 |
BUGS
|
64 |
- MAC auth equipments in DHCP mode are logout after lease time. They can't be automatically reconnected
|
63 |
- MAC auth equipments in DHCP mode are logout after lease time. They can't be automatically reconnected
|
65 |
ACC
|
64 |
ACC
|
66 |
- PHP : migration of the deprecated functions --> should be continued for the V3
|
65 |
- PHP : migration of the deprecated functions --> should be continued for the V3
|
- |
|
66 |
|
67 |
------------------------2.9-1 ------------------------
|
67 |
------------------------2.9-1 ------------------------
|
68 |
|
68 |
|
69 |
BUGS
|
69 |
BUGS
|
70 |
- Problem with the resolver DNS at the time of the installation
|
70 |
- Problem with the resolver DNS at the time of the installation
|
71 |
- Configuration with external DHCP
|
71 |
- Configuration with external DHCP
|
Line 74... |
Line 74... |
74 |
- integration of an internal DNS in automatic configuration (alcasar-dns-local.sh)
|
74 |
- integration of an internal DNS in automatic configuration (alcasar-dns-local.sh)
|
75 |
- "SMS autoregistration" link in the 'intercept' page (if the service is enabled)
|
75 |
- "SMS autoregistration" link in the 'intercept' page (if the service is enabled)
|
76 |
- It's now possible to update via ssh
|
76 |
- It's now possible to update via ssh
|
77 |
ACC
|
77 |
ACC
|
78 |
- show user info (name & surname) in the "activity" screen (if set)
|
78 |
- show user info (name & surname) in the "activity" screen (if set)
|
- |
|
79 |
|
79 |
------------------------2.9 ------------------------
|
80 |
------------------------2.9 ------------------------
|
80 |
|
81 |
|
81 |
BUGS
|
82 |
BUGS
|
82 |
- Configuration radius with PAP module (remove a warning)
|
83 |
- Configuration radius with PAP module (remove a warning)
|
83 |
- Fix an issue when INTIF is a Gb/s card (generic-receive-offload : off)
|
84 |
- Fix an issue when INTIF is a Gb/s card (generic-receive-offload : off)
|
Line 94... |
Line 95... |
94 |
- BL/WL/Antivirus filtering now works with MAC authentication
|
95 |
- BL/WL/Antivirus filtering now works with MAC authentication
|
95 |
ACC
|
96 |
ACC
|
96 |
- simplify the user registration menu
|
97 |
- simplify the user registration menu
|
97 |
- import a file containing a list of blacklist ip addresses or DNS names (ie : CERT)
|
98 |
- import a file containing a list of blacklist ip addresses or DNS names (ie : CERT)
|
98 |
- reboot or halt the system is now possible
|
99 |
- reboot or halt the system is now possible
|
- |
|
100 |
|
99 |
------------------------2.8.1 -----------------------
|
101 |
------------------------2.8.1 -----------------------
|
100 |
BUG - a security hole has been patch (EDB-ID: 34595 - OSVDB-ID: 111026)
|
102 |
BUG - a security hole has been patch (EDB-ID: 34595 - OSVDB-ID: 111026)
|
101 |
- In the intercept page, fix the behaviour (loop) when the user writes "logout" as url
|
103 |
- In the intercept page, fix the behaviour (loop) when the user writes "logout" as url
|
102 |
- correction in "session time" radius counter (thanks to Olivier HOUSSENBAY)
|
104 |
- correction in "session time" radius counter (thanks to Olivier HOUSSENBAY)
|
- |
|
105 |
|
103 |
----------------------- 2.8 -----------------------
|
106 |
----------------------- 2.8 -----------------------
|
104 |
BUGS - The file "alcasar-services" is now sorted
|
107 |
BUGS - The file "alcasar-services" is now sorted
|
105 |
- New graphic option in grub conf file in order to fix issues with mini-itx-ATOM moterboard
|
108 |
- New graphic option in grub conf file in order to fix issues with mini-itx-ATOM moterboard
|
106 |
NEWS
|
109 |
NEWS
|
107 |
- Firewall-eyes and AWstat are removed from ACC
|
110 |
- Firewall-eyes and AWstat are removed from ACC
|
Line 109... |
Line 112... |
109 |
- Creation of a netflow probe (kernel module)
|
112 |
- Creation of a netflow probe (kernel module)
|
110 |
- complete network statistics can be viewed in ACC (nfsen)
|
113 |
- complete network statistics can be viewed in ACC (nfsen)
|
111 |
- The porttracker nfsen module allows to view network statistics by protocols
|
114 |
- The porttracker nfsen module allows to view network statistics by protocols
|
112 |
- The imputability files are now included in a single archive file (one per week)
|
115 |
- The imputability files are now included in a single archive file (one per week)
|
113 |
- The Alcasar name includes the domain name ('localdomain' by default). We prepare the future when we will include the domain name of company.
|
116 |
- The Alcasar name includes the domain name ('localdomain' by default). We prepare the future when we will include the domain name of company.
|
- |
|
117 |
|
114 |
---------------------- 2.7.2 ---------------------
|
118 |
---------------------- 2.7.2 ---------------------
|
115 |
BUGS
|
119 |
BUGS
|
116 |
- Modify the unit 'radiusd.service in order to wait for mysql
|
120 |
- Modify the unit 'radiusd.service in order to wait for mysql
|
117 |
- Creation of an unit 'loadbalancing.service' instead of init.d script
|
121 |
- Creation of an unit 'loadbalancing.service' instead of init.d script
|
118 |
- Removing the rc.local file
|
122 |
- Removing the rc.local file
|
119 |
NEWS
|
123 |
NEWS
|
120 |
- Add fail2ban on the following attacks : ssh, https (ACC admin page), Unix accounts
|
124 |
- Add fail2ban on the following attacks : ssh, https (ACC admin page), Unix accounts
|
121 |
- Creation of a security page in the ACC : fail2ban alerts, virus stopped by havp+clamav, MAC addresses bloqued by the watchdog process (usurped)
|
125 |
- Creation of a security page in the ACC : fail2ban alerts, virus stopped by havp+clamav, MAC addresses bloqued by the watchdog process (usurped)
|
- |
|
126 |
|
122 |
---------------------- 2.7.1 -----------------
|
127 |
---------------------- 2.7.1 -----------------
|
123 |
BUGs
|
128 |
BUGs
|
124 |
- Fix multi-users voucher
|
129 |
- Fix multi-users voucher
|
125 |
- Fix a mageia2 bug in network function
|
130 |
- Fix a mageia2 bug in network function
|
126 |
NEWS
|
131 |
NEWS
|
127 |
- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains
|
132 |
- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains
|
128 |
- Show the blacklist category in "Acces denied" page
|
133 |
- Show the blacklist category in "Acces denied" page
|
129 |
- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)
|
134 |
- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)
|
- |
|
135 |
|
130 |
---------------------- 2.7 -----------------
|
136 |
---------------------- 2.7 -----------------
|
131 |
BUGs
|
137 |
BUGs
|
132 |
- some corrections in the connection popup
|
138 |
- some corrections in the connection popup
|
133 |
- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)
|
139 |
- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)
|
134 |
NEWS
|
140 |
NEWS
|
Line 150... |
Line 156... |
150 |
ACC
|
156 |
ACC
|
151 |
- show user information when trusted equipment are listed (better than only MAC address)
|
157 |
- show user information when trusted equipment are listed (better than only MAC address)
|
152 |
- main page : doesn't show the date of installation in the version field (can be confused)
|
158 |
- main page : doesn't show the date of installation in the version field (can be confused)
|
153 |
Install
|
159 |
Install
|
154 |
- show the GPL
|
160 |
- show the GPL
|
- |
|
161 |
|
155 |
---------------------- 2.6.0.1 -----------------
|
162 |
---------------------- 2.6.0.1 -----------------
|
156 |
Bugs
|
163 |
Bugs
|
157 |
- the deleted library fpdf has been restored
|
164 |
- the deleted library fpdf has been restored
|
158 |
- the mysqld and radiusd services are restarted when ALCASAR is launched
|
165 |
- the mysqld and radiusd services are restarted when ALCASAR is launched
|
- |
|
166 |
|
159 |
---------------------- 2.6 --------------------
|
167 |
---------------------- 2.6 --------------------
|
160 |
Bugs
|
168 |
Bugs
|
161 |
- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
|
169 |
- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
|
162 |
- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
|
170 |
- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
|
163 |
- re-activation of COA between radius and coova (radius disconnect the users directly).
|
171 |
- re-activation of COA between radius and coova (radius disconnect the users directly).
|
Line 184... |
Line 192... |
184 |
- clears the script "alcasar-mysql.sh --expire_user" users having an expiry date than 7 days
|
192 |
- clears the script "alcasar-mysql.sh --expire_user" users having an expiry date than 7 days
|
185 |
- user pages translations in portugese
|
193 |
- user pages translations in portugese
|
186 |
- voucher ticket with logo of organism
|
194 |
- voucher ticket with logo of organism
|
187 |
- intercept page with exception links
|
195 |
- intercept page with exception links
|
188 |
- the needed RPM for ALCASAR can be downloaded with the new script "alcasar-rpm-dowmload.sh"
|
196 |
- the needed RPM for ALCASAR can be downloaded with the new script "alcasar-rpm-dowmload.sh"
|
- |
|
197 |
|
189 |
---------------------- 2.5 --------------------
|
198 |
---------------------- 2.5 --------------------
|
190 |
Bugs
|
199 |
Bugs
|
191 |
- watchdog of Daemons for service's test
|
200 |
- watchdog of Daemons for service's test
|
192 |
- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
|
201 |
- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
|
193 |
- reading of alcasar.conf file parameters more securely
|
202 |
- reading of alcasar.conf file parameters more securely
|
Line 280... |
Line 289... |
280 |
- installation à partir d'un mandriva 2010.2
|
289 |
- installation à partir d'un mandriva 2010.2
|
281 |
- diminution des ressource système (travail d'HAVP en mémoire plutôt que sur le disque)
|
290 |
- diminution des ressource système (travail d'HAVP en mémoire plutôt que sur le disque)
|
282 |
- distinction des fichiers de log (traçabilité - ssh - accès exterieur)
|
291 |
- distinction des fichiers de log (traçabilité - ssh - accès exterieur)
|
283 |
- amélioration du processus de mise à jour (prise en compte du numéro de version)
|
292 |
- amélioration du processus de mise à jour (prise en compte du numéro de version)
|
284 |
|
293 |
|
285 |
---- 2.0.1 ----
|
294 |
---------------------- 2.0.1 ---------------------
|
286 |
- simplification du processus de mise à jour (prise en compte mdv 2010.2)
|
295 |
- simplification du processus de mise à jour (prise en compte mdv 2010.2)
|
287 |
- déplacement du répertoire 'digest' vers /usr/local/etc/
|
296 |
- déplacement du répertoire 'digest' vers /usr/local/etc/
|
288 |
- correction horodatage des logs awstat
|
297 |
- correction horodatage des logs awstat
|
289 |
- inclusion d'un fichier de nommage DNS local
|
298 |
- inclusion d'un fichier de nommage DNS local
|
290 |
- inclusion d'un fichier 'alcasar-ethers' permettant la réservation d'adresses IP par Dnsmasq
|
299 |
- inclusion d'un fichier 'alcasar-ethers' permettant la réservation d'adresses IP par Dnsmasq
|
291 |
- inclusion d'un fichier 'alcasar-dns-name' permettant de définir des associations @IP <--> DNS par Dnsmasq
|
300 |
- inclusion d'un fichier 'alcasar-dns-name' permettant de définir des associations @IP <--> DNS par Dnsmasq
|
292 |
- qq bugs mineurs (ntpd, adresse coova 1.0.0.0, etc.)
|
301 |
- qq bugs mineurs (ntpd, adresse coova 1.0.0.0, etc.)
|
293 |
|
302 |
|
294 |
---- 2.0 ----
|
303 |
----------------------- 2.0 ---------------------
|
295 |
- mise à jour de la documentation technique
|
304 |
- mise à jour de la documentation technique
|
296 |
- ajout des switchs en '--' pour remplacer les '-' des scripts
|
305 |
- ajout des switchs en '--' pour remplacer les '-' des scripts
|
297 |
- accès authentifié à la la page de garde du centre de gestion
|
306 |
- accès authentifié à la la page de garde du centre de gestion
|
298 |
- Prise en compte du script "alcasar-iptables-local.sh" dans le cadre du ByPass
|
307 |
- Prise en compte du script "alcasar-iptables-local.sh" dans le cadre du ByPass
|
299 |
- Prise en compte des catégories de la BL dans l'interface de gestion
|
308 |
- Prise en compte des catégories de la BL dans l'interface de gestion
|