2.4: CHANGED: removed completely the encryption feature, which was weak :-| An attacker were able to create an encrypted database entry, because since version 2.2 the cipher key used for encryption was readable using the private key, so an attacker could use this cipher key to create a valid encrypted database entry. This was a design flaw which has now been fixed. From now on only database entry signing is supported which adds the required security because only an authorized user is able to create a signature for a database entry. Thanks to the guys at the "Heise Forum Verschlüsselung" (http://www.heise.de/security/foren/go.shtml?list=1&forum_id=44716) who helped me finally really understanding asymetric cryptography and therefore making nabou more secure. FIXED: now I use OpenSSLs builtin signing and verification support, which is faster, standards compliant and simpler to work with. CHANGED: the misleading reversing of the meaning of private and public key has been removed too. So now the private key is really the private one and is encrypted and password protected. The pubic key is unencrypted and used for signature verification (just as RSA works in PGP). CHANGED: the testscript'bin/rsa_test.pl' has been fixed to reflect the changes above. In addition there is now a new target in the Makefile 'make test' which executes the test. ================================================================== 2.3: CHANGED: when using database encryption a new encryption key will be generated for every entry. ADDED: new config option in block: "sign", which enables cryptographic signatures for the database entries. This is much more secure since it cannot be tampered by an attacker. ADDED: better failure handling in crypto functions. Current filename will be printed too in case of failures. CHANGED: now the user can leave the 'use_algo' option, in this case nabou tries to find one (preferrably SHA1) and uses this. And it is now also possible to use multiple lines of the 'use_algo' parameter to specify that multiple checksums should be made, which enhances security a lot. CHANGED: the check option 'chk_md5' is deprecated. While it still works (and is still used internally), you are encouraged to use 'chk_hash' instead from now on. The old option will be removed soon. FIXED: -d now works again (it did not after last updates) on all types of databases. ================================================================== 2.2: FIXED: catch errors when trying to produce the checksum, sometimes Digest::* fails, which were not correcty catched before. CHANGED: the installation uses now ./configure (generated from configure.in using GNU autoconf), which makes things much more simpler for the user. It also checks for perl module installation state. FIXED: in previous versions when using the rsa feature for database encryption, I used directly RSA. Now I use RSA for encrypting the cipher key and use the cipher key for encrypting the actual data. FIXED: File object does no more try to get a checksum of directories. FIXED: use better (saver) regex to find out if decryption of an encrypted DB entry is not clean-text. CHANGED: if using encryption, now all databases will be encrypted. ================================================================== 2.1: CHANGED: reorganized the src directory structure ADDED: added a Makefile which helps to install nabou CHANGED: the pod has been updated to reflect the changes below. FIXED: the pod documentation nabourc.pod (the src for the manpage contained an invalid description of include/exclude in the check block part, but it is only allowed inside define blocks, check blocks can only contain file/dir names. ADDED: The block may now also contain include or exclude definitions. This is usefull for excluding filesystems, which are mounted with the nosuid option. Thanks to for the suggestion. CHANGED: The ls output will display a d instead of a - if the file is a directory, suggested by . CHANGED: If a directory has been re-configured in a check block then nabou will also complain. CHANGED: Files explizitly listed in include can also be directories ADDED: exclude and include may also be blocks within blocks. CHANGED: the db filenames are no longer required, the script uses default filenames if they are not specified. FIXED: Scriptlet support was faulty. If a scriptlet was not correct perl, then it was not loaded. While this seems to be the best thing to do in such a situation - nabou did not realize this and did not report those errors. Now it does. CHANGED: if a scriptlet "BEGIN" exists, it will now really be executed as the very first thing, which was not the case previously ADDED: A global variable exists now, %my, which can be used by scriptlet users to store global variables somewhere, because it is *not* possible to define a new global variable from within a scriptlet (because of the scope of the eval {}, which executes the scriptlet). CHANGED: The sample config nabourc contains now a really working scriptlet example. That means: I TESTED IT. AND IT WORKED :-) 2.0: FIXED: Added check to see if a directory block exists only once, because if it would exist twice or more, the config module would have created an array-ref and not a hash-ref, which causes very weird errors later then. CHANGED: gen_rsa_key() asks now twice for the password to verify its correctness. ADDED: new global option check_symlinks added, when turned on symlinks are checked. see next change entry. CHANGED: it is now the default to ignore symlinks. If you still wanna check them, turn n check_symlinks. FIXED: ShellChecksum() did not ignore comments in /etc/shells CHANGED: made the script more robust, if one don't want to use rsa. CHANGED: it finds now out itself, which hash module is loaded, if it is not configured. CHANGED: the options usemail and useshadow were changed to the standard nabou naming scheme: use_mail and use_shadow. but the old names are still supported for backward compatibility. FIXED: some odd typos fixed, thx to Jean-Pierre Bourrely. while fixing the typos I've rewritten most of the relevant stuff, since it did not work either, see below. FIXED: check_cron did not work because of a typo and some other bad programming (most of this is stuff which I adopted from thor.pl - see README about thor.pl). FIXED: check_user did not work if check_root was not turned on, because the (global!) user hash was initialized in &check_root (!), this user hash is no more global and user account date will now gathered by it's own sub. FIXED: the use_shadow feature did not work at all, and it was in-efficient. Now it a) works and b) it has changed. passwords are normally stored in an encrypted form (using unix crypt(1)) in the shadow file. Since the report of nabou can be sent by email it would be dangerous to include those encrypted passwords in the report (because an attacker could use them for cracking and thus gaining unauthorized access!). Therefore nabou only stores a MD5 checksum of the password instead of the password itself. CHANGED: simplified things, in &main no more &update... subs are called. Either they are called directly by the &check_.. sub or it has been incorporated into the &check_.. subs. ADDED: new check mode: check_ports, which looks for listening internet ports using lsof. check_ports can be set to 1 which causes it to report only new or removed listeners, but you can it set to "all" too, which causes it to report all listening ports on every run. If set to 1 rsa db is supported. CHANGED: suid/sgid check uses encrypted database too, now only the crontab and the pwdDB are not enrcypted. CHANGED: verify programs simplified, and it does use encryption too ADDED: the alert routine does now gather much more information. about the possible attacker, such as running processes under it's UID, from where he's logged on and so forth. REMOVED: The protected feature does no more work as in version 1.x It still exists, but has been completely rewritten (just the feature, not the entire nabou, you know :-). see next. ADDED: Nabou supports now maximum security for it's database, or maximum paranoia-mode: if you turn on the protected feature, nabou will use RSA public key cryptography for protecting it's database. An encrypted, passphrase-protected public key is required to ALTER the database, and like- wise a public key is required to READ the database. Since the public key is encrypted (and not the private one!) nabou is able to read the database, even if it runs from a cronjob (which it should), but user-action is required, if the database needs to be updated, because the public key, which is used to encrypt database entries is encrypted. ADDED: In conjunction with the above new RSA feature a new command- line option has been added: -k. This will allow you to create a new private/public key-pair, ask you for the passphrase and it will encrypt the generated public key. ================================================================== 1.9: ADDED: new config feature "IDEF" added, this works like a pre- processor in C, in the config you can use blocks and turn them on/off via command line --def blah. ================================================================== 1.8: FIXED: If the directory to be checked was "/", then nabou prepended each file/dir with an additional "/", so it checked for "//home" instead for "/home". FIXED: if the readonly option was turned on, then the filename of removed/added file(s) was not displayed. ADDED: to exclude files/dirs from being checked one can now use blocks instead of "exclude file" for every single file. The old notation is of course still supported. ADDED: new global config option "use_temp_sum", which allows one to explicitly turn on the use of a temporyry dbm hash file for storing the results of the current check. This can be usefull, if nabou has to check very much files and if you are getting memory trouble (since every single file and all it's attributes plus the checksum are normally stored in RAM). CHANGED: there was no shell glob expansion for include statements. CHANGED: Errors are now collected and reported too. Thus, an error does not keep nabou from doing it's work, you will even get informed if something really strange happens. FIXED: @include was not made empty and thus no recursion was made! FIXED: the sort method in check_directories() was incorrect, now it is, thus single files or directories _within_ a directory with it's own config are checked earlier. i.e.: if you define for /var/log/messages only the chk_shrink option but for /var/log all options, then /var/log/messages will be checked first, and then /var/log/ and therefore it will be ognored under /var/log/ because it has already been checked. CHANGED: the headline formatting for each directory changed a little bit again, plus directories are now prepended with a "/". ADDED: the top of each report contains now a statistic of how many files has been observed, added, removed and changed. ================================================================== 1.7: CHANGED: I do not use "require newgetopt.pl" anymore, because commandline parsing was not correct. I.e. a call like nabou -d db -c config ignored the -d and run a check instead! So now I use Getopt::Long. So from not on perl versions from the dark ages (5.004 and below) are no more supported unless you install Getopt::Long manually. ADDED: --dump is now able to dump only filenames given on the commandline (after --dump ). ADDED: now nabou keeps also track of directories and symlinks. CHANGED: the temporary hash of the current state is not more kept in RAM, instead I use a temporary dbmfile in the same directory as the other db-files. On my machine I've got a 4.9Gig /usr and nabou died upon checking because the temporary hash occupied too much RAM (I got "out of memory"!). FIXED: the regexp used in exclude check was incorrect, the reg also matched on filenames, which _contained_ the expression. CHANGED: by default check now also for uid and gid changes in check_suid mode. ADDED: two new check attributes: chk_shrink and chk_grow, usefull for logfiles or the like. ADDED: a new file, linuxrc, added, a complete ready to run nabou config for most modern linux systems. CHANGED: if a file/dir specified with "exclude" or "include" begins with a "/" then nabou considers it to be an absolute pathname and will not prepend the current directory to it. This is usefull in blocks. CHANGED: now it is possible to use empty directory or define blocks in which case nabou checks only for new or removed files. CHANGED: simplified the output, the filename is only printed once per file (and no more once per check like in previous versions). ADDED: new sub do_bit_checks(), this code was both in suid and in dir check routines and did the same(bit checks). ADDED: print now the date/time and so on to the head of the report and a proudly copyleft notice to the end of it :-) ADDED: 2 new config statements: define and check, which allows a user to define custom check-sets and to apply them to many files/dirs instead of using multiple blocks. ADDED: psmonitor-mode, new config statement: dump_proc, which causes nabou to dump the observed processtable to a file using Data::Dumper serialization (experimantal). FIXED: The pipe to sendmail now opens upon sending and no more on script start. FIXED: --quiet works not really as expected. CHANGED: if use_ls is turned on, only one ls line will be printed in case of a positive check, even if there are more than one positive checks. CHANGED: disk_usage output is now called "storage occupancy", just better english :-) CHANGED: Removed the Conf package out of the nabou script, because it evoled to it's own package which today is available on CPAN: Config::General (currently 1.20) and which contains some bugfixes and enhancements. nabou itself still runs as before besides that it requires the mentioned module. CHANGED: [Old] has changed to [Expected] and [New] to [Observed] (idea stolen from tripwire output I saw last week :-) ================================================================== 1.6: CHANGED: the sample proc mon config psrc was incorrect, sendmail was not defined and the usemail attribute was wrong. ================================================================== 1.5: ADDED: there are now some comments in the sample config files. UPDATED: updated the README, contains now a complete description about the process monitoring mode. ADDED: process monitoring, which allows you to look for weird programs running on your machine.(Classes: PS and Process) ADDED: (for proc mon): new option -D or --daemon, which causes nabou to fork() and run in background. ADDED: (for proc mon): many new options: check_nabou, check_proc block with a lot of attributes which allow you to define, WHAT is actually a "weird" process on your machine. ADDED: BEGIN and END special blocks for scriptlets. If an BEGIN scriptlet exists, then it will be executed at startup. If an END scriptlet exists, then it will be executed at end of nabou run. CHANGED: Changed the getpasswd code, so it will work on systems without the "stty" program too. ADDED: new global option "use_ls", which causes a "ls -l" like output for every changed/added file. ADDED: one can now define one or more additionaly receipients using the "cc" mailo-option, which takes a comma separated list of email-addresses. ADDED: Now protected=1 results in a different behavior then pre- vious versions of nabou. It does now store an encrypted version of the file-data (stat-Array) in the database, which will be compared with the existing one before updating. ADDED: sub alert($). Nabou will now send out an alert-message, if something weird has happended, like invalid passwords, not matching ciphers(see the addition above) and likewise. FIXED: another bug in the GetOptions Call fixed: The program did not exit in case of invalid commandline usage. FIXED: there was a bug in a method of the internal File module: File::filename() which returned an empty string in case of a non-stat'ed file (empty obj, for csv-oop translation). ADDED: added the "readonly" option to th db block. This allows one to use readonly-mounted database, but requires manual update. CHANGED: Config format for custom scripts changed so that you just give the here-document(which defines the script) the name of the script, instead of using a 2nd option "perl". ================================================================== 1.4: FIXED: nabou creates now the database directory if it does not exist. CHANGED: use now readdir in list context, so the file listings can be sorted alphabetically. ADDED: another config option, which allows one to choose one of the following hash-algorithms: MD5, SHA1, MD2. ADDED: -q --quiet commandline flag, if used, nabou reports only changes, otherwise it will be quite. ADDED: check_diskusage, and 2 new per-directory options: du_increase and du_decrease, in percent. CHANGED: I use now consequently nabou's internal File package, that allows the use of changing the file-attribute api without changing the rest of the nabou script. FIXED: there was an odd bug, which caused the "Verifying nabou stability" not to work, in fact, it did simply not check! But now it does ;-) really. Trust me. ADDED: --update option, which allows the admin to update one or more given file(s) in the nabou database. ADDED: Password protection for the --update feature, that means not everyone can update the naboudb, even root. (ok, if she knows the format...) CHANGED: use newgetopts.pl instead of Getopt::Long, so nabou runs also under older versions of perl. THANKS: many thanks to dArtagnon (#linux.de), for his beta testing, bug reporting, feature requests! ================================================================== 1.3: FIXED: there was a typo in the File package, which caused block- numbers not saved. FIXED: the suid check had an ugly bug, it compared the whole database entry (including the accesstime, which changed by every access throgh nabou!). see next Changelog entry. ADDED: block which allows to define which attributes shall be checked by nabou. The defaults are MD5 and MODE. ADDED: --dump option and --raw option, allows one to view the cntents of a nabou database. ================================================================== 1.2: initial public release. ================================================================== 1.1: ADDED: The Conf package, which allows an apachelike config format. ADDED: The File module, which stats a file and provides an oop interface to file properties. CHANGED: nabou uses now "use strict" and runs successful with -w. ADDED: The README file. ================================================================== 1.0: initial release, minor changes from thor.pl to nabou