Release Notes: This release adds support for login/logout events. It adds support for account modification events. It has improved resource handling and collection speed.
Release Notes: Several problems have been resolved, including those related to service restart and socketcall auditing. Binary releases (including kernels with snare already patched in) are available or will soon be available in RPM/DEB format for Red Hat Enterprise 4, Red Hat Enterprise 3, Fedora Core 2, Red Hat 9, and Debian Sarge.
Release Notes: A tiny Web server is included for remote management. Module load/unload monitoring was integrated. SMP support was improved. CPU usage was significantly reduced. A GNOME 2 GUI was added.
Release Notes: This version includes support for all the system calls by the module version of snare, SMP support, non-i386 architecture support, more monitoring of system calls, extra details in other system calls, better file path resolution, and optimised communications between the kernel and daemon.
Release Notes: In this version, the module load code has been modified to allow RedHat 8 users to install the module.
Release Notes: The core package was significantly restructured, leading to better stability under extreme audit loads. Many changes recommended by the RedHat kernel team have been implemented, including migration to semaphore locking rather than spin-locks, better mirroring of the execve functionality, and optimized handling of the various audit classes. Some code has also been modularized, in order to share some routines with SNARE for Windows and SNARE for Solaris.
Release Notes: SNARE now includes Network Connect/Accept monitoring, user exception reporting, file open flag filtering, and create_module auditing. A much-improved memory management model, using linked lists rather than a kernel ring buffer has been implemented, a compatibility problem with a mkdir() call in Nautilus has been caught and fixed, and SNARE now builds without changes on SMP kernels and SELinux. Audit objectives such as "Let me know whenever anyone except ROOT attempts to WRITE to /etc/passwd" can be defined, and sent to a remote system for archival.