Subversion Repositories ALCASAR

Rev

Rev 790 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 790 Rev 791
Line 1... Line 1...
1
# $Id: CHANGELOG 790 2012-01-12 23:23:59Z richard $
1
# $Id: CHANGELOG 791 2012-01-13 21:31:36Z richard $
2
 
2
 
3
************  CHANGELOG *********** 
3
************  CHANGELOG *********** 
4
---- svn ----
4
---- svn ----
5
---- 2.5 ----
5
----------------------   2.5   --------------------
6
Bug 
6
Bugs
7
	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
7
	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
8
	- reading of alcasar.conf file parameters more securely
8
	- reading of alcasar.conf file parameters more securely
9
	- don't download RPMs twice
9
	- don't download RPMs twice
10
	- allow connexion to an LDAP server on WAN side
10
	- allow connexion to an LDAP server on WAN side
11
	- control that watchdog can't execute if already running
11
	- control that watchdog can't execute if already running
Line 15... Line 15...
15
	- update phpsysinfo page ("Internet access flag" nom show the right status)
15
	- update phpsysinfo page ("Internet access flag" nom show the right status)
16
	- Authenticate user on Mysql when LDAP server is down
16
	- Authenticate user on Mysql when LDAP server is down
17
	- import users via text file with or without password
17
	- import users via text file with or without password
18
Improve security
18
Improve security
19
	- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
19
	- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
20
	- ANSSI code review (sql escape string)
20
	- ANSSI code review (sql escape string in PHP)
21
	- remove the apache unused modules
21
	- remove the apache unused modules
-
 
22
	- the blacklist is no more update automaticly
22
Improve installation
23
Improve installation
23
	- control eth0 config on startup (no dhcp)
24
	- control eth0 config on startup (no dhcp)
24
	- don't dowload the last BL version
25
	- don't dowload the last BL version
25
	- remove unused RPM before update the system
26
	- remove unused RPM before update the system
26
Improve Alcasar Control Center (ACC)
-
 
27
	- 
27
News
28
---- 2.4 ----
-
 
29
- Bug : some minor bugs (log rotate, intercept page, squid, ...)
-
 
30
- Bug : ACC - correction of the Internet connectivity test flag
-
 
31
- Bug : ACC - correction of the network filtering flag
-
 
32
- Bug : core : ip filtering exception changes doesn't active protocols exception filter
28
	- allow/deny access to the LAN located between ALCASAR and the Internet gateway (box)
33
- Bug : core : remove dual log archive
-
 
34
- Bug : correction of "bypass" mode
-
 
35
- Bug : correction of squid cache
-
 
36
- Core : The blacklist is automaticly updated once a month
-
 
37
- Core : The distribution is automaticly updated every day
-
 
38
 
29
 
39
---- 2.3 ----
30
----------------------   2.4   --------------------
-
 
31
Bugs
-
 
32
	- some minor bugs (log rotate, intercept page, squid, ...)
40
- Bug : group properties are now written on the voucher
33
	- ACC : correction of the Internet connectivity test flag
41
- Bug : hold the state of network filter when update
34
	- correction of the network filtering flag
-
 
35
	- ip filtering exception changes doesn't active protocols exception filter
42
- ACC : group member is added in user list
36
	- remove dual log archive
43
- Core : simplify official certificate import process
37
	- correction in "bypass" mode
44
- Core : update with the last version of Coova (1.2.8)
38
	- correction with squid cache
45
- Core : End of implementation of ANSSI rules for netfilter
39
	- The blacklist is automaticly updated once a month
46
- Core : allow exception of IP addresses (or network addresses) in the authentication process
40
	- The distribution is automaticly updated every day
47
 
41
 
-
 
42
----------------------   2.3   --------------------
-
 
43
Bugs
-
 
44
	- group properties are now written on the voucher
-
 
45
	- hold the state of network filter when update
48
---- 2.2 ----
46
Improve core
49
- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
47
	- simplify official certificate import process
50
- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
48
	- update with the last version of Coova (1.2.8)
-
 
49
Improve security
51
- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
50
	- end of implementation of ANSSI rules for netfilter
-
 
51
News
52
- allow LDAP/AD connections both on WAN and LAN servers
52
	- allow exception of IP addresses (or network addresses) in the authentication process
53
- Add a LDAP connectivity test
53
	- ACC : group member is added in user list
-
 
54
 
54
- possibility to redirect users on a specific URL after login process
55
----------------------   2.2   --------------------
-
 
56
Bugs
55
- A bug with "sudo" is bypassed 
57
	- A bug with "sudo" is bypassed 
56
- close all accounting session when the system goes down or up
58
	- improve the script which display and close users open sessions
57
- if activate, sshd listen both on LAN and on WAN
59
	- some minor bugs
-
 
60
Improve core
58
- add a central conf file (/usr/local/etc/alcasar.conf)
61
	- add a central conf file (/usr/local/etc/alcasar.conf)
59
- add the equipment name in the activity window when MAC authenticate
62
	- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
-
 
63
	- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
60
- improve the script which display and close users open sessions
64
	- improve the script which managed the trusted sites and urls
-
 
65
Improve security
-
 
66
	- close all accounting session when the system goes down or up
-
 
67
Improve install process
61
- allow change of alcasar IP private address during install stage
68
	- allow change of alcasar IP private address during install stage
62
- improve the script which managed the trusted sites and urls
-
 
63
- no more question, when upgrating
69
	- no more question, when upgrating
-
 
70
News
-
 
71
	- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
-
 
72
	- allow LDAP/AD connections both on WAN and LAN
64
- some minor bugs
73
	- Add a LDAP connectivity test
-
 
74
	- possibility to redirect users on a specific URL after login process
-
 
75
	- if activate, sshd listen both on LAN and on WAN
-
 
76
	- ACC : add the equipment name in the activity window when MAC authenticate
65
 
77
 
66
---- 2.1  ----
78
----------------------   2.2   --------------------
67
- mise en conformité du parefeu avec les préco ANSSI (politiques à DROP + sysctrl) 
79
- mise en conformité du parefeu avec les préco ANSSI (politiques à DROP + sysctrl) 
68
- amélioration de la fonction bastion en limitant la charge sur l'interface externe (thanks to CPN) 
80
- amélioration de la fonction bastion en limitant la charge sur l'interface externe (thanks to CPN) 
69
- amélioration de la gestion des RPM 'wget' au lieu de 'curl' et changement de repository en 'live'
81
- amélioration de la gestion des RPM 'wget' au lieu de 'curl' et changement de repository en 'live'
70
- exception au filtrage réseau et DNS (double instance de dnsmasq)
82
- exception au filtrage réseau et DNS (double instance de dnsmasq)
71
- ajout d'un commentaire pour les exceptions à l'authentification
83
- ajout d'un commentaire pour les exceptions à l'authentification