Projects / Prelude LML / Releases

All releases of Prelude LML

  •  17 Oct 2008 14:46
Avatar

    Release Notes: This release fixes a possible permission error that could happen when a given logfile was only accessible through a group-specific permission. The ModSecurity ruleset now provides much more descriptive classification text, adds regexps for [file ..], [line ...], and [tag ...] fields, and finetunes targets/types. Gamin/FAM support has been deprecated in favor of libev, fixing an SELinux issue. The polling architecture has been improved by using an operating system-specific backend when possible. This release monitors files that are not immediately available for reading on startup. Once the file can be monitored, libev provides notification.

    •  21 Aug 2008 17:23
    Avatar

      Release Notes: A ModSecurity ruleset rewrite that handles the ModSecurity 2.0 log format. New rulesets for FreeBSD su attempts. An additional format in the default configuration to deal with the Apache error_log file format. Some classification has been normalized: Remote Login and Credentials Change have been introduced. The SSH ruleset has been improved. Automated regression tests on make check.

      •  23 Apr 2008 19:46
      Avatar

        Release Notes: This release removes the successful/failure keyword from classification (use IDMEF completion). Analyzer class sanitization. Handles Nagios V2 log entry. Incorrect AdditionalData assignment in the SpamAssassin ruleset has been fixed. There is a new Suhosin ruleset. An invalid log file inconsistency alert that could be triggered in a rare case after a renaming detection has been fixed. The 1024 bytes per PCRE reference limit has been removed. There are minor bugfixes and build system cleanup.

        •  17 Dec 2007 17:12
        Avatar

          Release Notes: Asterisk, Honeytrap, Kojoney, and Rishi support were added. A performance regression due to the introduction of OpenHostAPD (double LML performance) was fixed. Ntsyslog and Linux bonding rulesets were improved. A new "metadata" command line option was added, allowing you to monitor log files from the "head", "tail", or "last" analyzed position. The LML logging format was improved.

          •  08 Aug 2007 17:33
          Avatar

            Release Notes: SSH rules are now IPv6 compliant, allowing you to merge old IPv6 only rules with IPv4 rules. Incorrect target user assignment has been fixed in SSH rule, as well as incorrect PCRE reference in assessment.impact.description. CISCO router acl lists can now use names instead of numbers (this made rule id=500 in cisco-router.rules fail to alert on packet denys on newer cisco devices). Apache formatting when Apache logname or user is set has been fixed, as has invalid user.user_id(0).name assignment in SSH rule 1913. Various other bugfixes and minor improvements were also made.

            •  19 May 2007 23:55
            Avatar

              Release Notes: The ability to use regular expressions in plugins.rules to define monitored sources was added. This can be very useful when combined to file globbing. When the "*" keyword is used, the data is passed to the upper layer without trying to match anything. A problem with handling of empty context was fixed. The log parser was made more robust.

              •  02 May 2007 11:56
              Avatar

                Release Notes: A pattern can now be used to specify the file to be monitored. A problem in the detection of buggy writev() FAM notification was fixed. A new Linux bonding.rules ruleset was added. The ModSecurity ruleset was updated to remove unnecessary fields and to provide ModSecurity 2.0 compatibility. A new Cisco IOS common ruleset was added. Duplicating information is now avoided in node name and node address. Rule ID and revision were added to the generated alert for each matched rule. Various bugs were fixed.

                •  20 Dec 2006 19:21
                Avatar

                  Release Notes: Compiles and runs under OS X. Various portability fixes.

                  •  15 Dec 2006 18:38
                  Avatar

                    Release Notes: This release introduces Cisco ASA IPS module support, yum support, Cacti thold plugin support, and Microsoft Cluster Service support. Honeyd rules have been updated and improved. NAVCE rules have been updated, and ClamAV rules modified for consistency. The NTSyslog ruleset has been improved. A rule has been added to ignore LML's "could not match prefix" log entries. A format problem with Apache logs from the western hemisphere (- versus + TZ) has been fixed. The Squid 'process exited' rule has been fixed.

                    •  11 Sep 2006 16:31
                    Avatar

                      Release Notes: Reading from standard input was fixed. A OpenBSD getaddrinfo() problem was fixed. Cisco-CSS and Cisco-Router IDS module support was added. Checkpoint ruleset is supported again. The "fork failure" grsecurity warning is supported, and the "terminal being sniffed" match was fixed. The NTsyslog ruleset was audited. The WAP11 ruleset was fixed.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.