RC1 to Release updates (build 72) * Updated the rule bundle * Fixed a bug in oinkupdate.sh, due to changes in snort.org * Update the webgui with new images * Added the latest version of the snort manual (doc section) * Fixed a bug in the login/logout function * Fixed a frontpage health check bug BETA to RC1 updates (build 60) ---------- * Update snort to 2.8.4 * Fixed a bug in the system health not detecting if snort died (bad grep) * Threat reports are now created with a random name * Turned off directory indexes (directory listing) in apache * The threat report now contains from which sensors data in the report is collected from. * Improved the threat report, removed the broken image if no data is to be shown. * If you removed a sensor, it was still visible in the system health view, fixed. * added a few
on add user and add sensor page, to prevent the button from disappearing in some browsers. * fixed the BASE admin section session check error * Clarifying the part during the sensor installation were one should first add the sensor to the center install before processing -- thanks to Leon * Add more memory to the BASE worldmap (from 128 to 256) * Fixed so that input containing space etc does not "mess up" the fullcontent configuration. * Fixed a bug in pf.conf so that one can add subnet notation (10.0.0.0/24) as the allowed range to connect to the center installation, single IP is still valid. * Fixed so that if a session expires the login.php breaks out from the frame. * Improved the detection for failing snort daemons * Updated the XSRF protection for the login and adduser functions (please try it to prove me wrong) * Changed ssl keysize to 2048 (from 1024) * Misc Updates to the threat_report * Updated the snort.conf to include the latest rulesets (somehow I had not changed from bleeding to emerging) * Added a newer rule pack (idsrules.tar.gz - 2009-04-05) to the distribution. * Due to a session/login function problem the IDS graph was not displayed on the frontpage, fixed * Began updating pads to vuln listing.(matching more pads detected services with vulnerabilities) ---- News and changes in 2.0 BETA ------------ * The profile search now also includes netflow data. * The health check is updated to detect if the sensor has not reported back to the center. * Nfsen is incorporated into OpenIDS (Web front-end for netflow data) * Added the settings found at nsmwiki.org for increased network performance under OpenBSD (http://nsmwiki.org/OpenBSD_Performance) * Nfdump is now compiled to support sFlow * Updated the rule script so that it handles the emerginthreats rules in a proper manner. * Cleaned up the client rule update script. * Added support for direct compression of netflow data (nfcapd -z) + minor fix * Added some more text to describe the different interfaces and there usage (thanks Michael for the idea) * Revered back to the old BASE version (1.40 - the one shiped with OIDS 1.9), due to multiple errors in 1.4.1 * Decreased the amount of mail sent, instead most cron output will end up in syslog instead. * Fixed a couple of php components installation bugs. * Replaced tshark with daemonlogger as the fullcontent function * removesensor.pl - Added a safety check to remove the problem if you remove the same sensor twice. * The PEAR modules that previously needed an Internet connection to be installed during first boot are now installed offline. * Removed some legacy packages * New art work added, courtesy of Mr.BQ! * Added a log view function for successful and denied logins. * Added a new authentication solution (multiple user) (SOX, PCI compliance anyone ;)) * Added "add user function" * Added "remove user function" * Removed the htaccess authentication function * P0f - new layout * P0f - new functions * Pads - new layout * Pads - new functions * Pads - more information shown (macaddress, vendor) * Pads - Mac address to vendor lookup * Pads - Vulnerability matching of detected applications (using cve data!) * Threat report to pdf * pdf archive * Added a favicon =)