Sentry Firewall CD-ROM v1.3.0 (www.SentryFirewall.com) Obsid@Sentry.net http://www.SentryFirewall.com/files/CHANGES 06.27.02 Version 1.3.0-3 Released. 06.29.02 Updated BIND(http://www.isc.org/) to version 8.3.2-REL. 06.27.02 Updated floppy image(/SENTRY/images/ext2-144.img). 06.26.02 Upgraded to OpenSSH(http://www.openssh.com/) to version 3.4p1. 06.26.02 Updated snort signatures. ------------------------------------------------------------------------------------ 06.21.02 Version 1.3.0-2 Released. 06.20.02 Updated HOWTO to reflect addition of new development branch(sentrycd-RH). 06.20.02 Upgraded Apache(http://www.apache.org/) HTTP daemon, security fix. ------------------------------------------------------------------------------------ 06.11.02 Version 1.3.0 Released. 06.11.02 Updated floppy image(/SENTRY/images/ext2-144.img). 06.11.02 Added natsemi.o module to 2.2.21-ow1 kernel. You would need to insmod both pci-scan.o and natsemi.o to get these NICs to work. 06.04.02 Added(by popular demand) mc package to CDROM. 06.04.02 Added ntp package to CDROM, added ntp.conf directive. 06.03.02 Updated README file. 06.03.02 Updated HOWTO, added info on new features in upcoming 1.3.0 release. 06.03.02 Recompiled generic kernel(2.4.18), added support for several SCSI controllers. 06.03.02 Updated 2.2 kernel to 2.2.21-ow1; 2.2.21 Linux kernel with OpenWall patch. 06.03.02 Released new version of mkconfig(v0.2). This tool uses dialog(1) and is designed to assist in the creation of a configuration floppy for the Sentry Firewall CD. I'd still call this program beta, at best. 05.30.02 Added "passive-ftp" directive for file retrieval via ftp. 05.23.02 Added support for retrieving configuration files via https/sftp/scp. 05.23.02 Added proxy support for retrieving configuration files via http(s)/ftp. Added new directives; http_proxy, ftp_proxy, proxy-user, proxy-passwd. 05.21.02 Upgraded OpenSSH(http://www.openssh.com/) to version 3.2.3p1. 05.21.02 Upgraded wget(ftp://ftp.gnu.org/gnu/wget/) to version 1.8.1. 05.21.02 Updated Aris Extractor(http://aris.securityfocus.com/). 05.21.02 Sub do_config() isolated to a separate file for interoperation with other Linux distros. 05.21.02 Several updates to the perl configuration scripts, major updates to networking.pl. ------------------------------------------------------------------------------------ 04.22.02 Version 1.2.1 Released. 04.22.02 Several bugfixes in networking.pl and cd-config.pl. 04.22.02 Recompiled 2.2.20 kernel with ow3 patch(http://www.openwall.com/). 04.21.02 Updated floppy image(/SENTRY/images/ext2-144.img). 04.20.02 Updated BIND(http://www.isc.org/) to version 8.3.1-REL. 04.20.02 Updated Snort(http://www.Snort.org/) to version 1.8.6. 04.18.02 Added python interpreter to CDROM. 04.18.02 Added sleep(1) to the mount() function in get_config.pl. This may prevent some disk curruption from occuring on certain hardware. 04.18.02 Added $ADD_ARG variable to rc.inet1 to manually pass additional arguments to dhcpcd, ie. -I or -d. Thanks to Paul Barrette for the suggestion. 04.18.02 Bugfix to rc.inet1, hostname argument with DHCP now works properly. 04.02.02 Modified rc.inet2 to attempt to add /etc/hosts entry for running host if /etc/hosts is a symlink. 04.01.02 Updated Snort(http://www.Snort.org/) to version 1.8.4. 04.01.02 Updated ucd-snmp(http://www.net-snmp.org/) to version 4.2.3. 04.01.02 Updated Squid(http://www.squid-cache.org/) to version 2.4.STABLE6. 04.01.02 Modified rc.local to make it easier to modify and understand. Also "scanlogd" now starts by default. 04.01.02 Recompiled 2.4.18GENERIC kernel, all netfilter patches applied, added "console on serial port" support. 04.01.02 Recompiled 2.2.20-ow2 kernel, added "console on serial port" support. 04.01.02 Updated iptables(http://www.netfilter.org/) to version 1.2.6a. ------------------------------------------------------------------------------------ 03.27.02 Version 1.2.0 Released. 03.21.02 Finished version 1.0 of the Sentry Firewall HOWTO, available on the SentryFirewall.com website. 03.15.02 Cleaned up networking.pl a bit, fixed dhcpcd error while setting up a device during the configuration process. 03.12.02 Rebuilt floppy image /SENTRY/images/ext2-144.img, removed dos-144.img(useless). 03.12.02 Added 'httpd.conf', 'smb.conf', 'pppoe.conf', 'syslog-ng.conf', 'squid.conf', and 'openssl.cnf' directives. 03.12.02 Added %specdir hash to cd-config.pl allowing us to declare new configuration directives for any file, not just those kept in /etc. Should make adding directives for configuration files much easier. 03.12.02 Recompiled 2.4.18GENERIC and 2.2.20-ow2 kernels to avoid any possible libz problems(will it ever end...). 03.11.02 Updated zlib libraries to version 1.1.4. 03.10.02 Updated OpenSSH to version 3.1p1. 03.10.02 Updated OpenSSL to version 0.9.6c. 03.06.02 Updated 2.2 kernel to version 2.2.20-ow2. 03.06.02 Updated default kernel to version 2.4.18. 03.05.02 Updated iptables utility to version 1.2.5. 03.05.02 Modified the default syslog.conf file to log more crap. 03.05.02 Added 'newsyslog' utility to CDROM, added 'newsyslog.conf' configuration directive. 03.03.02 Added gated(http://www.gated.org/) utility to CDROM. Added gated.conf configuration directive. 03.03.02 Added zebra(http://www.zebra.org/) utility to CDROM. Added zebra.conf configuration directive(zebra.conf is kept in /etc/zebra/ directory). 03.03.02 Added bridge-utils(http://bridge.sourceforge.net/) to CDROM. 03.03.02 Added PopTop(http://poptop.lineo.com/), PPTP server/client, to CDROM. Added pptpd.conf configuration directive. 03.03.02 Recompiled Squid(http://www.squid-cache.org/), updated to version 2.4.STABLE4. 03.03.02 Updated 'at' package to version 3.1.8. 03.03.02 Updated 'glibc' package(glob security fix). 03.01.02 Added 'lsof' utility to CDROM. 03.01.02 Added 'rpcinfo' utility to CDROM. 03.01.02 Quieted I/O error a bit while trying to mount /dev/fd0 when there is no disk available. Thanks to Stefan Andersson. ------------------------------------------------------------------------------------ 01.17.02 Version 1.1.1 Released(bugfix release). 01.17.02 Rebuilt floppy images(/SENTRY/images/{ext2-144.img,dos-144.img}). 01.17.02 rc.local: made variable FIREWALL equal "1" again as it was in previous versions - warning message displayed if /etc/rc.d/rc.firewall does not exist. 01.17.02 Added symlink from /usr/local/sbin/iptables to /sbin/iptables 01.17.02 Recompiled Netfilter userspace tools(iptables), iptables now looks for the libipt_*.so libs in /usr/lib/iptables/ instead of /mnt/usr/lib/iptables/ :-/ ------------------------------------------------------------------------------------ 01.08.02 Version 1.1.0 Released. 01.08.02 Moved ssnarf.sh to /sbin. 01.08.02 Fixed problem when accessing man pages(gunzip symlink problem). 01.05.02 Rebuilt floppy images(/SENTRY/images/{ext2-144.img,dos-144.img}). 01.05.02 Added new /dev files from Slackware 8.0, fixed some perm problems. 01.05.02 Upgraded snort to 1.8.3, replaced old rules with current. 01.05.02 Fixed bug in rc.inet2 calling rc.named. 12.10.01 Upgraded to 2.2.19-ow4 kernel(previously using ow1 patch). 12.10.01 Removed generic.smp kernel. 12.10.01 Rebuilt kernel based on the 2.4.16 kernel. 12.01.01 Added rc.nfsd to startup scripts. 12.01.01 Rebuilt Sentry Firewall utilizing Slackware 8.0. ------------------------------------------------------------------------------------ 07.02.01 Fixed broken 'hostname' directive. Thanks to Hauser Marcel for pointing this out. ------------------------------------------------------------------------------------ 06.25.01 Version 1.0.7 Released. 06.25.01 Rebuilt floppy images(/SENTRY/images/{ext2-144.img,dos-144.img}). 06.25.01 Bugfix to retr_file(), files matching /^rc\./ pattern are now made executable if retrieved over the network. 06.25.01 Upgraded to e2fsprogs-1.22. 06.25.01 Bugfixes to networking(), now checks to see if device{1..10} has already been processed before attempting to set up an interface. 06.24.01 Rebuilt floppy images(/SENTRY/images/*). 06.21.01 Added cron directive to replace user's crontab file. ie, a line like "cron:root = /floppy/config/root" will replace root's crontab file with /floppy/config/root. 06.21.01 Added squid to iso. Edited /etc/squid.conf slightly to allow localhost connections and run squid as user/group "squid". 06.20.01 Added SnortSnarf to iso. Also added /usr/libexec/ssnarf shell script to help run the script from cron(or wherever). 06.20.01 Added ability to merge shadow/passwd/group files rather than just replace them. 06.20.01 Several bugfixes to networking.pl, network device modules should now load properly when declared in the config file. 06.19.01 Added 'hostname' directive, to replace /etc/HOSTNAME. 06.19.01 Added FAQ. 06.19.01 Fixed buggy rc.local script, thanks to Hauser Marcel for pointing this out. 06.17.01 Added new function do_log(). Boot time configuration scripts now write some logging information to /var/log/config_log to assist in debugging configuration problems. 06.17.01 Increased ramdisk size to ~16M. 06.15.01 Several bugfixes in mkrootdsk.sh, now works properly when building rootdisk on live system running the Sentry CD. 06.13.01 Fixed broken 'cdrom' directive in cd-config.pl. 06.13.01 Recompiled all(3) kernels. 06.13.01 Removed SCSI-SMP and IDE-SMP kernels - GENERIC kernels work just as well. 06.13.01 Added hot-swap and pcmcia support to default kernels. 06.13.01 tlan.o removed from GENERIC kernel and scripts, now built as module. 06.12.01 Wrote mkconfig(v0.1) to assist in creating config floppy and sentry.conf. Running "mkconfig save" will create configuration floppy based on the current configuration. 06.08.01 Several bugfixes to rc.inet1. 06.07.01 Added 2.2.x support to cd-config and mkrootdsk.sh scripts. 06.07.01 Added new kernel 2.2.19; generic 2.2.19 kernel with OpenWall patch. 06.06.01 Added XFS toolkit (acl-1.0.1, dmapi-0.1.1, xfsprogs-1.2.0, attr-1.0.1, xfsdump-1.0.5) -- waiting for a newer XFS kernel patch. 06.05.01 Upgraded to e2fsprogs-1.19 ------------------------------------------------------------------------------------ 06.03.01 Version 1.0.5 Released. 05.31.01 New /SENTRY/images/ext2-144.img floppy image. Added /SENTRY/images/dos-144.img floppy image. 05.29.01 Lots of bugfixes to networking.pl/process_conf.pl 05.29.01 Recompiled iptables-1.2.2 05.27.01 Added libnss_dns-2.2.3.so and libresolv-2.2.3.so to rootdisk. 05.27.01 Upgraded to glibc v2.2.3 05.27.01 Rewrote rc.inet1 in perl (hey, I was bored) 05.24.01 Bugfixes to networking() function in cd-config scripts. 05.24.01 More changes to cd-config scripts. inetd.conf is symlinked to /etc/default/inetd.conf.none and /etc/ssh/sshd_config is symlinked to /etc/default/ssh/sshd_config.local if /etc/shadow has not been replaced. To avoid insecurity via default passwords. 05.23.01 Added LVM v.0.9.1_beta7 toolkit(in GENERIC kernel as a module). - Recompiled 2.4.4{GENERIC/GENERIC-SMP/IDE-SMP/SCSI-SMP} kernels. 05.23.01 More tweaks to mkrootdsk.sh 05.23.01 BIND upgrade(8.2.4-REL) Dynamically linked binary - /usr/sbin/named Statically linked - /var/chroot/usr/sbin/named (chroot stuff) 05.23.01 Upgraded several packages(apache,dhcpcd,mod_php,modssl) 05.22.01 Wrote rc.named to start named normally or in chroot environment. 05.22.01 Added "include" directive to cd-config scripts. 05.22.01 Major additions to cd-config configuration scripts - Network device setup support - "device{1..10}" config directive added. - Added "nameserver" directive. 05.20.01 Several bugfixes to mkrootdsk.sh 05.20.01 Minor bugfixes to cd-config.pl ------------------------------------------------------------------------------------ 05.11.01 Made /SENTRY/scripts/MK-CD/mkrootdsk.sh much more verbose Easier to see what the script is doing, prompts to umount/gzip rootdisk for you. 05.11.01 Upgraded Samba package(v2.2.0). 05.11.01 Upgraded OpenSSH package(v2.9p1). 05.11.01 Cleaned up /SENTRY/doc/DOCUMENTATION file, release v0.3. ------------------------------------------------------------------------------------ 05.01.01 Initial 1.0.2 release. ## _EOF_ ##