v2.2f
... Fixed numbering in SNMP checks. If you had multiple SNMP oids
within a single check the ORDER numbering would be off on
anything past the first one. This fix WILL BREAK YOUR GRAPHS
if you have checks with multiple OID's.
... If last Check in MIDASc cycle returned a large response it would
cause the check proces (not the main MIDASc process) to hang
waiting for the pipe buffer to be cleared.
... SNMP.LOGIC option is now optional. If LOGIC or EXPECT is not
specified it will simply gather the value. It will still Flag
red on connection failures.
... If a numeric result is not returned from a SNMP check it will
not generate a Graph. This is useful if your just pulling
strings from a device (Ie Device description).
... Moved SendToServer() from being in each clients to its own
Common directory. This will become the home of other 'Client'
related functions.
... New SNMP Check option. SNMP.FORMAT is used to specify how the
result should be formated. Currently supports TIMETICKS and
BYTES. TIMETICKS is used for Uptime style counters and BYTES
is used for formating results into Byte strings (ie 12345 ->
12.30KB).
... Fixed problem with SNMP counter roll overs. Now correctly handles
when a counter object rolls over. Also MIDAS only supports
COUNTER32 objects.
... MIDASd maint process now a little more robust to crashes through
the cunning use of fork()'s.
... Fixed a few issues with hanging select()'s. Would cause some of
the socket calls to hang if select() errored out.
... Fixed uptime output of NTINFO.exe. Now outputs correctly so
uptime values can be correctly parsed.
... Fixed usage display for NTINFO.exe now shows correct arg usage
for using the TAIL command with NT Event logs.
v2.2e
... Fixed issues with Alert Queuing (again). Would only log events
if alert was also flagged and would not log green transitions if
MinFail>0.
... New MIDASd.cf config option: CONFIG.MAINT.SESSION. Sets the
expire time for Network Sessions. Specified in days.
... Bug in MAINT_PurgeNetSessionStats() function. Would cause
the MIDASd maint process to bomb.
... Changed dbr->num from a long to unsigned.
... Reverted RRD function to old method of Data value shift,
this allows MIDAS to work correctly on MySQL v3.2.x.
... Bug in ping() function. Issue with multiple MIDASc processes
and rand(). Would not have a unique packet id on for each
packet sent. Bug Caught/Killed by : Marius Schatte
... New MIDASa.cf config option. CONFIG.TMPEXTERN. Specifies the
path/filename of temp file created to contain an 'MTA
freindly' output for an external alert application to use (Ie
sendmail).
... Fixed bug in External Alert. Now propperly parses out alert
options.
v2.2d
... Fixed location problems with nimic.gif and next.gif
... Added support for determining HTTP/HTTPS sessions
... Fixed type-o in MIDAS.sql. Failed to specify NOT NULL on
IP field of MIDAS_MACIP table (A key field). Strangely
this does not produce an error on MySQL 4.0.14 but
does on 4.0.16.
... Fixed MD5 check. Handles Symlinks correctly. Does not
follow symlinks, and handles broken links correctly.
... MD5 check now watches directories as well as files.
Should have done this to begin with.
... Cleaned/Simplified Alert processing by MIDASd. Removed some
of the clutter in UpdateCheckStatus(). CurFail now counts the
concurant number of failures (RED) not status transitions.
CurFail is reset to 0 when an alert is issues or on a GREEN
status. If AlertOnRed is toggled on then RED statuses will
always cause an alert.
... Sessions can now be overwritten as long as "Allow Session
Overwrite" is toggled on for that user.
... Fixed bug in MIDASa. It was expecting CurFail to retain value
after alert had been queued. MIDASd expected to be able to
reset the value after the alert had been queued. Result:
No alert with a MinFail>0 would be sent.
... New command line arg: -L will cause applications to send debug
messages to STDERR instead of syslog.
... MIDASs now waits 30 seconds if it failed to retrieve config
from MIDASd, after which if tries again. It will also exit if
it is unable to execute the snort applications.
... New configure option: --without-debug . Removes all debugging
functions (MyDebug()) from applications.
v2.2c
... Re-Fixed configure script. Would cause the verion.php
to be created incorrectly.
v2.2b
... Fixed Fatal error: Call to a member function on a non-object
in inc/common.php on line 426 BUG #886345
... Fixed MIDASn compile problem on FreeBSD.
... Fixed configure script. Now produces correct version.php file.
... Fixed ping() problem on FreeBSD. Required ip_len specified in
host order not network order.
... Additional ./configure script options. --with-static. Causes
applications to be build as static applications instead of
using shared object libraries.
v2.2a
... Fixed problems when configuring the IDS Config/Rules from the
Web Configuration (IDS) BUG #872507
... Host List Blank in initial NetMon host creation fixed. BUG #860662
... Unable to login to Web Interface fixed. BUG #860666
... MIDAS db user unable to access MySQL Service fixed. BUG #861053
... Modified how host modules create their links in the host
screen. BUG #868609
... Special Characters not allowed for some fields. BUG #872523
This is not completely fixed. Support has been added
for allowing char (') in fields.
... Added extra checks in install/install.php. Verifies PHP is
compiled with MySQL support, and checks for GD+PNG support
... Added version number in web interface title
... Added inc/version.php file for holding MIDAS version. Modified
inc/common.php and install/install.php to use the new version
file.
... Fixed minor memory leaks in local checks.
... Increases error reporting in local checks.
... Moved MIDASc from using an external ping command to using an
internal ping() function., this makes it portable.
... processclient now uses a persistant SQL connection.
Greatly reduces the number of sql sessions and improves scaling.
... Replaced ReadConfig() function with the general FileToXMLTree()
function (in Common/XMLparser/XMLparser.c).
... All applications now support the HUP signal. Will cause them to
reload their configuration file. Also supports KILL and TERM,
causes app to exit.
... Fixed type-o in MIDASb.c. Now correctly specifies the MIDASb HID
value in queries sent to MIDASd. Also fixed using a integer
formating string instead of a char formatting string in a call
to dsprintf.
... Built autoconf/automake configure script (WooHoo). Now should
make editing the Makefile a thing of the past.
... Fixed MIDASn security issues and Promiscuous mode issues.
... New MIDASn.cf config options :
CONFIG.PROMISC Toggles setting nic to promiscuous mode.
CONFIG.USER User to run as (after nic init).
... Redid how NetMon options are specified. New format :
[Source Port]
[Dest. Port]
[Protocol: TCP/UDP]
... MIDASn Now uses libpcap for its low level ethernet API. Was
required to make MIDASn portable.
... MIDASn now gathers Session Stats. Front end (as of yet) still
required. Disabled within MIDASn for this version.
... MIDASn now gathers IP/MAC information and sends to MIDASd.
... Fixed two mem leaks in the MySQL lib functions. Affected MIDASa
and MIDASd.
... MIDASd now has 'Maint cycle' fork. It will purge old CHECK/IDS
events, MAC/IP records and partial Net Session RRD records. New
MIDASd.cf config ptions :
MAINT.INTERVAL Interval between Maint Cycles.
MAINT.MAKEBLUE Minutes before a check status is 'Overdue'.
MAINT.CHECKEVENTS Days before a check event is purged
MAINT.IDSEVENTS Days before a IDS event is purged
MAINT.MACIP Hours before MAC/IP record is purged.
... Now supports a native Win32 version of MIDASc. Builds on Mingw and
requires the libregex to be installed. Self installing package is
also available from MIDAS-NMS sf web site.
... Stat data is now queued in RRD_Values_Queue table during Client/
Server session. it is then processed into DataValues table during
MIDASd's maint cycle.
... if REGEX check option is passed to external checks it will be used
to parse out stat value from external application.
... Fixed MD5 bug. Would cause a core dump if directory was not present.
Would also core if the a file was 0 length.
... MD5 shows if file is NEW, CHANGED or DELETED in alert message. Will
also include files prev information in alert message.
... MD5 check now produces stat graph correctly.
... Fixed bug with dbQuery_P function. Would bomb on query if prev. query
results were large (>8192 bytes). This was the result of not properly
passing the correct mysql handle pointer.
... MIDASc Log checks once again use the CONFIG.CMD.LOG command to pass
the log file through when reading log lines. Also must have the @[LOG]@
token string in the command line. This is used to specify where in the
command line the Logfile/Eventlog name will be placed.
... New Log check option : LOG.EVENTLOG . Used to specify the (NT) Event
log to to parse. This can not be specified with the LOGFILE check option.
v2.1a 12/03/2003
... No longer requires rrdtool to produce graphs. Moved to built in
RRD functions and PHP produced graphs.
... Swapped makeKey() function with original function. Was not
functioning on Solaris.
... Added AlertOnRed flag to Check def. Allows Red Alerts to always
produce an event even if current status is red.
... Replaced Web interface. This has resolved several interface
issues (Ie $[]$ tag issue).
... Resolved many issues with SNMP checks. Now works.
... Fixed type-o in MIDASb.cf.dist for the tag.
... REGEX tag in SNMP checks are NO LONGER USED and is ignored
if present.
... Sanity check added for Client queries. Now require a HID (present)
HID before accepting queries.
... Sanity check added for Snort Alerts. Now requires IsSniffer to be
toggeled on before accepting Snort Alerts.
... Fixed bug with updating MIDAS_Check_Current records. Would reset
FirstCheck value to NULL on non transistion update.
... Fixed bug with MD5 check. Was not cleaning up the /tmp file if no DB
update was required. Do a rm /tmp/MD5tmp.db.* to remove tmp files.
... TCP Connection once again support 'Response required' connections.
When MIDASc connects it will expect a response of somekind (Ie welcome
message). You can specify what to send on connection with the
option tag. Must also have 'Connect Only' un checked in the check def.
If no response then the check is flagged red.
... Added error on IP/Hostname invalid for TCP/UDP checks.
... PING/ICMP checks now record the % of packet loss.
v2.0i 10/01/2003
... Redid graphing system (Again).
... Fixed strsep function. Now correctly works.
... Fixed close(); bug in MIDASa. Was not closing the socket
connection at the end of smtp/snpp sessions.
... Added the ability to specify ports for MIDASn to track traffic
on. Able to define rules based on protocol, source port and destination
port.
v2.0h 07/31/2003
... Added more detailed Debug logging to MIDASa.
... Fixed bug in MIDASa that would cause it to die if Event record
is missing.
... Can now purge old Events Data from web interface.
... MD5 check not detects when files have been deleted.
... Fixed security hole in web interface allowing non-logged in users to access
admin functions.
... Created the MIDASn client. A Network taffic stats client.
... Re arranged the WEB interface some. Now Snort/Network stats are listed under
the 'Host summary' page.
... Fixed SNMP support. Now actualy works.
... Added $[]$ tag support to External checks.
... Added an External Alert type with $[]$ support.
v2.0g 07/16/2003
... Rewrote how Stats are gathered and passed to MIDASd. Also
rewrote how the graphs are generated by rrdtool.
... Added the ability to copy all checks from one host to another.
v2.0f 05/14/2003
... Fixed SQL statement in MIDASd that was not incrementing the TotFail and CurFail.
This fixed the min # failures bug.
... MIDASd was alerting on transition from BLUE. Fixed this in processalert.c.
... Removing REGEX from being required in CheckStringLogic function. It will just
use the *text var instead of passing it through the regex.
... Need to have MIDASb swap &green, &yellow and &red with [GREEN], [YELLOW] and [RED].
These are in the status detail.
... Add strsep and atoll function for platforms that do not have these functions.
See Makefile.
v2.0e 05/11/2003
... Alert detail need to have \n replaced with \r\n when the text is inserted into the alert
email. This causes a Bare LF problem.
... Fixed type-os on MIDAS/install/convert-netsaint.php file. Had old Table field names.
... Fixed SQLImport function in installation script.
v2.0e 05/10/2003
... Fixed (again) bare LF problem. Problem stemed from using the alert details directly
from MIDASc. These had \n's instead of \r\n's.
... Fixed multiple problems in the MIDAS installation script and the Netsaint conversion
script. Now functions correctly.
v2.0d 05/08/2003
... Found/Fixed major performance bug in Base64Enc() and Base64Dec.
... Implemented Snort Statistics. Currently shows up under the
summery MIDAS screen.
... Fixed some of the mess that is Common/Crypt/tables.h
... Fixed email templates within MIDASa/alert_email.h to use \r\n as
new lines (as opposed to just \n). This would generate a 'Bare
LF' error on some mail servers (Qmail) and mail would bounce.
... Resolved 'warning: multi-line string literals are deprecated'
compile warnings.
v2.0c 05/06/2003
... MIDASd now reports (in debug messages) when an invalid query is sent.
... MIDASd -K option would seg fault if key file was unwritable or path to file invalid.
... If key file was not present or unreadble MIDASc would seg fault. New behavior is to not
encrypt when key/key not present.
v2.0b 05/05/2003
... Client/Server connections are not encrypted using TwoFish (256 bit).
... Added CONFIG.KEYFILE to all config files to specify the path and filename to the key file.
... Added -K command line option to MIDASd to generate a random key file.
config option CONFIG.KEYFILE and a new command line option for MIDASd -K which generates a
random MIDAS key file.
... SNMP check now reports when either the connection fails or there is not a response.
... Your able to know specify Hostnames as well IP's.