ยซ Changelog History


Wazuh v3.4.0 Release Notes

Release Date: 2018-07-24 // almost 6 years ago

  • โž• Added

    • ๐Ÿ‘Œ Support for SHA256 checksum in Syscheck (by @arshad01). (#410)
    • โž• Added an internal option for Syscheck to tune the RT alerting delay. (#434)
    • โž• Added two options in the tag frequency and timeframe to hide alerts when they are played several times in a given period of time. (#857)
    • Include who-data in Syscheck for file integrity monitoring. (#756)
      • Linux Audit setup and monitoring to watch directories configured with who-data.
      • Direct communication with Auditd on Linux to catch who-data related events.
      • Setup of SACL for monitored directories on Windows.
      • Windows Audit events monitoring through Windows Event Channel.
      • Auto setup of audit configuration and reset when the agent quits.
    • Syscheck in frequency time show alerts from deleted files. (#857)
    • โž• Added an option target to customize output format per-target in Logcollector. (#863)
    • ๐Ÿ†• New option for the JSON decoder to choose the treatment of NULL values. (#677)
    • โœ‚ Remove old snapshot files for FIM. (#872)
    • Distinct operation in agents. (#920)
    • โž• Added support for unified WPK. (#865)
    • โž• Added missing debug options for modules in the internal options file. (#901)
    • โž• Added recursion limits when reading directories. (#947)

    ๐Ÿ”„ Changed

    • Renamed cluster client node type to worker (#850).
    • ๐Ÿ”„ Changed a descriptive message in the alert showing what attributes changed. (#857)
    • ๐Ÿ”„ Change visualization of Syscheck alerts. (#857)
    • โž• Add all the available fields in the Syscheck messages from the Wazuh configuration files. (#857)
    • Now the no_full_log option only affects JSON alerts. (#881)
    • โœ‚ Delete temporary files when stopping Wazuh. (#732)
    • Send OpenSCAP checks results to a FIFO queue instead of temporary files. (#732)
    • 0๏ธโƒฃ Default behavior when starting Syscheck and Rootcheck components. (#829)
      • They are disabled if not appear in the configuration.
      • They can be set up as empty blocks in the configuration, applying their default values.
      • Improvements of error and information messages when they start.
    • ๐Ÿ‘Œ Improve output of DELETE/agents when no agents were removed. (#868)
    • Include the file owner SID in Syscheck alerts.
    • ๐Ÿ”„ Change no previous checksum error message to information log. (#897)
    • ๐Ÿ”„ Changed default Syscheck scan speed: 100 files per second. (#975)
    • ๐Ÿ‘‰ Show network protocol used by the agent when connecting to the manager. (#980)

    ๐Ÿ›  Fixed

    • Syscheck RT process granularized to make frequency option more accurate. (#434)
    • ๐Ÿ›  Fixed registry_ignore problem on Syscheck for Windows when arch="both" was used. (#525)
    • ๐Ÿ‘ Allow more than 256 directories in real-time for Windows agent using recursive watchers. (#540)
    • ๐Ÿ›  Fix weird behavior in Syscheck when a modified file returns back to its first state. (#434)
    • Replace hash value xxx (not enabled) for n/a if the hash couldn't be calculated. (#857)
    • ๐Ÿ Do not report uid, gid or gname on Windows (avoid user=0). (#857)
    • ๐Ÿ›  Several fixes generating sha256 hash. (#857)
    • ๐Ÿ›  Fixed the option report_changes configuration. (#857)
    • ๐Ÿ›  Fixed the 'report_changes' configuration when 'sha1' option is not set. (#857)
    • ๐Ÿ›  Fix memory leak reading logcollector config. (#884)
    • ๐Ÿ›  Fixed crash in Slack integration for alerts that don't have full log. (#880)
    • ๐Ÿ›  Fixed active-responses.log definition path on Windows configuration. (#739)
    • โž• Added warning message when updating Syscheck/Rootcheck database to restart the manager. (#817)
    • ๐Ÿ›  Fix PID file creation checking. (#822)
      • Check that the PID file was created and written.
      • This would prevent service from running multiple processes of the same daemon.
    • ๐Ÿ›  Fix reading of Windows platform for 64 bits systems. (#832)
    • ๐Ÿ›  Fixed Syslog output parser when reading the timestamp from the alerts in JSON format. (#843)
    • ๐Ÿ›  Fixed filter for gpg-pubkey packages in Syscollector. (#847)
    • ๐Ÿ›  Fixed bug in configuration when reading the repeated_offenders option in Active Response. (#873)
    • ๐Ÿ›  Fixed variables parser when loading rules. (#855)
    • ๐Ÿ›  Fixed parser files names in the Rootcheck scan. (#840)
    • โœ‚ Removed frequency offset in rules. (#827).
    • ๐Ÿ›  Fix memory leak reading logcollector config. (#884)
    • ๐Ÿ›  Fixed sort agents by status in GET/agents API request. (#810)
    • โž• Added exception when no agents are selected to restart. (#870)
    • Prevent files from remaining open in the cluster. (#874)
    • ๐Ÿ›  Fix network unreachable error when cluster starts. (#800)
    • ๐Ÿ›  Fix empty rules and decoders file check. (#887)
    • Prevent to access an unexisting hash table from 'whodata' thread. (#911)
    • ๐Ÿ›  Fix CA verification with more than one 'ca_store' definitions. (#927)
    • ๐Ÿ›  Fix error in syscollector API calls when Wazuh is installed in a directory different than /var/ossec. (#942).
    • ๐Ÿ›  Fix error in CentOS 6 when wazuh-cluster is disabled. (#944).
    • ๐Ÿ›  Fix Remoted connection failed warning in TCP mode due to timeout. (#958)
    • ๐Ÿ›  Fix option 'rule_id' in syslog client. (#979)
    • ๐Ÿ›  Fixed bug in legacy agent's server options that prevented it from setting port and protocol.