Version 0.9.13 of Prelude LML
Release Notes: A ModSecurity ruleset rewrite that handles the ModSecurity 2.0 log format. New rulesets for FreeBSD su attempts. An additional format in the default configuration to deal with the Apache error_log file format. Some classification has been normalized: Remote Login and Credentials Change have been introduced. The SSH ruleset has been improved. Automated regression tests on make check.
Other releases
Release Notes: This release fixes a possible permission error that could happen when a given logfile was only accessible through a group-specific permission. The ModSecurity ruleset now provides much more descriptive classification text, adds regexps for [file ..], [line ...], and [tag ...] fields, and finetunes targets/types. Gamin/FAM support has been deprecated in favor of libev, fixing an SELinux issue. The polling architecture has been improved by using an operating system-specific backend when possible. This release monitors files that are not immediately available for reading on startup. Once the file can be monitored, libev provides notification.
Release Notes: A ModSecurity ruleset rewrite that handles the ModSecurity 2.0 log format. New rulesets for FreeBSD su attempts. An additional format in the default configuration to deal with the Apache error_log file format. Some classification has been normalized: Remote Login and Credentials Change have been introduced. The SSH ruleset has been improved. Automated regression tests on make check.
Release Notes: This release removes the successful/failure keyword from classification (use IDMEF completion). Analyzer class sanitization. Handles Nagios V2 log entry. Incorrect AdditionalData assignment in the SpamAssassin ruleset has been fixed. There is a new Suhosin ruleset. An invalid log file inconsistency alert that could be triggered in a rare case after a renaming detection has been fixed. The 1024 bytes per PCRE reference limit has been removed. There are minor bugfixes and build system cleanup.
Release Notes: Asterisk, Honeytrap, Kojoney, and Rishi support were added. A performance regression due to the introduction of OpenHostAPD (double LML performance) was fixed. Ntsyslog and Linux bonding rulesets were improved. A new "metadata" command line option was added, allowing you to monitor log files from the "head", "tail", or "last" analyzed position. The LML logging format was improved.
Release Notes: SSH rules are now IPv6 compliant, allowing you to merge old IPv6 only rules with IPv4 rules. Incorrect target user assignment has been fixed in SSH rule, as well as incorrect PCRE reference in assessment.impact.description. CISCO router acl lists can now use names instead of numbers (this made rule id=500 in cisco-router.rules fail to alert on packet denys on newer cisco devices). Apache formatting when Apache logname or user is set has been fixed, as has invalid user.user_id(0).name assignment in SSH rule 1913. Various other bugfixes and minor improvements were also made.
