All releases tagged Major feature enhancements
Release Notes: h2xs support was added to install the Psad.pm perl module the right way. A trivial kernel patch ("conntrack_patch") was added, which seems to fix the problem where the ip_conntrack module would drop packets that are part of legitimate TCP sessions. The --USR1 command line option was added to have psad automatically send a running psad process a USR1 signal, which is useful for peering into a running scan data structure. An email installation subroutine was added to install.pl.
Release Notes: Consistency with the Filesystem Hierarchy Standard (FHS), support for Red Hat 7.0/7.1, a process management system which is used by the psad init script and includes /var/run/[daemon].pid files, addition of Psad.pm which contains several commonly-used functions in the various psad daemons, and support for ipchains firewalls on the 2.4.x kernels.
Release Notes: A man page was added. Deep scans are now detected properly. A set of benchmarks was added. Regex processing of packet strings was made faster. whois calls were wrapped with SIGALRM. A security bugfix was made in config file processing. A bug in local port lookups for signature processing was fixed.
Release Notes: Support for UDP scan detection along with a few UDP scan signatures, install.pl parses the configuration sections of previously installed versions of psad on a per-variable basis, a new verbose mode to install.pl, improved check_flags() for better TCP flag recognition (nmap NULL scans are supported), and a fix for psadwatchd not parsing ps output correctly.
Release Notes: A separate monitoiring daemon "psadwatchd" to monitor both psad and kmsgsd, support for multiple email address reporting, and a debugging mode for psad have all been added. A bug where multiple scanned hosts were not being reported has been fixed.
Release Notes: Whois lookups against scanning IPs were added. An uninstall option was added to install.pl. A bug in the 'stop' routine in psad-init was fixed. A bug in the syslog restart system call in install.pl was fixed.
Release Notes: New automatic danger level assignment for known trouble IPs, on the fly signature checking and updating, and improvements to the install.pl script to parse ipchains rulesets better.
