cipherdyne.org

01 March, 2007

The 2.0.5 release of psad is ready for download. This release has a few bugfixes and cleanups; most notably the kmsgsd.conf, psadwatchd.conf, fw_search.conf, and alert.conf files have all been consolidated within the psad.conf file. Here is the ChangeLog:

• Bugfix to account for iptables -nL output where the protocol may be reported as "0" instead of "all".
• Added a function safe_malloc() for kmsgsd.c and psadwatchd.c to ensure that a single API is used to perform a NULL check on heap-allocated memory.
• Bugfix to ensure that the psad_ip_len signature matching keyword is checked withing match_snort_ip_keywords() so that it applies to all protocol packets. This fixes a bug that would cause the "PSAD-CUSTOM Nachi worm reconnaisannce" signature to fire on normal ICMP packet log messages.
• Consolidated all configuration variables into the /etc/psad/psad.conf file. The kmsgsd.conf, psadwatchd.conf, alert.conf, and fw_search.conf files were all removed since the daemons just reference the psad.conf now. Updated install.pl to archive and remove these files if they exist from a previous psad installation.
• Added version and Subversion file revision numbers to die and warn messages that are written to /var/log/psad/errs/. This helps when trying to track these messages down to a specific file revisions when psad is being upgraded on the local system.
• Added version and Subversion file revision numbers to --Dump-conf output.
• Minor update to allow --fw-dump to be used on the command line without also having to use the -D argument.
• Updated the default_log() function in the IPTables::Parse module to handle iptables policies that were dumped with -v, such as when --Dump-conf is used.