PacketFence NEWS
Project homepage: https://www.packetfence.org/
Please report bugs to: http://www.packetfence.org/bugs/
Interested in contributing to the project? Check the following link:
http://www.packetfence.org/support/community.html
This is a list of noteworthy changes across releases.
For more details and developer visible changes see the ChangeLog file.
For a list of compatibility related changes see the UPGRADE file.
--------------------------------------------------------------------------------
Version 2.0.0 released on 2010-12-14
New Hardware Support
- SMC TigerStack 6128 L2 support in Port Security (feature sponsored by Seattle
Pacific University)
- HP ProCurve MSM710 Mobility Controller
- Meru Networks MC3000 Wireless Controller
- Juniper EX Series in MAC RADIUS (Juniper's MAC Authentication)
New Features
- Simplification of the Wireless, Wired 802.1X and Wired MAC Authentication
configuration. Because of a new FreeRADIUS module and a Web Service interface,
everything is now using standard PacketFence proccesses and configuration
files.
- VoIP devices authorization over RADIUS (#1008)
- Proxy interception. PacketFence can now operate in an environment where there
is a client-side proxy configured. Check proxy-bypass in addons/ for details.
(#1035)
- Passthroughs support! You can now configure PacketFence to let your users
reach specific websites even if they are in registration or isolation. (#772)
(feature sponsored by Shippensburg University)
- New pf::web::custom extension point to customize the captive portal's code
without the usual maintenance burden on upgrades (#1045)
- Bulk importation of nodes through CLI or Admin Web interface
- New parameter in switches.conf to ease FreeRADIUS integration
- Optional automatic configuration of FreeRADIUS' clients using switches.conf
(see addons/freeradius-integration/README for details)
- New 'pending' status for node. Allows for a wide range of captive portal
workflows where an administrator approves network access (by email, SMS...)
Enhancements
- New information available in Node Lookup (Connection Type, SSID, 802.1X
User-Name, ...)
- FreeRADIUS module improvements (#1034) and major revamping
- Easier installation process using yum groupinstall (#1089)
- Faster Web Services layer running under mod_perl
- Refactoring of the pf::vlan method names for more meaningful ones
- Removed unnecessary database connections and duplicated code
- 802.1X improvements (#995, #1002)
- General codebase improvements, refactoring (#914, #977, #1001, #973)
- Usability improvements (#1006, #820, #1075)
- Migrated to the new Emerging Threats rules for snort and added rules for
botnets, malware, shellcode, trojan and worm by default (#1102)
- New DHCP fingerprints (HP ProCurve Wireless, Ricoh MFP, Cisco/Linksys,
Netgear, D-Link, Trendnet, Belkin Home Wireless Routers, Sony Ericsson
Android, Aruba Access Point, Avaya IP Phone, Gentoo Linux and Fedora Linux 13)
- pfcmd_vlan's logging is now consistent with the rest of the system (#874)
- configurator.pl now handles DNS and DHCP basic configuration (#1112)
Documentation
- Merged Installation and Administration guides into a more coherent document
- New documentation about DHCP and DNS services. Now easier to manage! (#1113)
- New documentation about running in a routed environment
- Improved documentation about Snort, Oinkmaster, and log rotation in Admin
Guide
- Improved documentation on violations (external remediation pages and
redirect_url) in the Administration Guide
Bug fixes
- Captive Portal remediation pages can be hosted externally again! (#1024)
- Fixes to the SMC TigerStack 8824M and 8848M modules (see UPGRADE)
- No error reporting when trying to change configuration files with bad rights
(#1088)
- Violation priorities are now enforced according to documentation (1 = highest)
- Wrong URL in the provided oinkmaster.conf (#1101)
- MAC addresses of format xxxx.xxxx.xxxx properly recognized in pf::util
Special thanks to University of Oregon who, from early on, were running the
bleeding edge and provided invaluable feedback and contributions!
--------------------------------------------------------------------------------
Version 1.9.1 released on 2010-09-22
New Hardware Support
- Extreme XOS Port Security (MAC address lockdown) and Voice over IP support
(feature sponsored by Extreme Networks)
- Nortel ERS 2500 Series Port security and Voice over IP support
New Features
- Basic Access Control in the Web Administration interface (#965, Thanks to
eSubnet Enterprises for their initial contribution)
- New parameters in switches.conf to manage Web Services enabled switches
Enhancements
- Captive portal performance improvements. Up to 23x on some workloads (#879)
- More than 35 new DHCP fingerprints (Thanks to Eric Kollmann and Sam Winottai!)
- Improved Nessus failed scan error reporting (partial fix for #1032)
- Better error reporting on Cisco ISR 1800
- Added some documentation for Cisco (2960, 3550) and Aruba in the SNMP modules
- Documented performance optimization regarding blocking non-browser requests in
the captive portal (#1072)
- Avoiding unnecessary load where a lot of non-trap violation are used (#857)
- Updated (for clarification purpose) documentation for Cisco stacked and
4500 Series switches. (#1037)
- Error handling and error messages improvements (#1052)
- Updated documentation for FreeRadius 1.x and added some for 2.x. (#1036)
Bug fixes
- Node categories related fixes (#1063, #1056)
- Deleting a node no longer breaks paging in Web Admin (#1055)
- Max number of node per user is enforced more consistently (#1057)
- RPM packaging fixes (#1047)
- Misc fixes (#1068)
--------------------------------------------------------------------------------
Version 1.9.0 released on 2010-07-15
New
- Official Linux 64 bit support
New Hardware Support
- Cisco Wireless Services Module (WiSM)
- Cisco Integrated Services Routers (ISR) 1800 Series
- Cisco Catalyst 3750 Series
- Cisco Catalyst 4500 Series
- Foundry FastIron 4802 Port security and Voice over IP support (feature
sponsored by an entity who preferred to remain anonymous)
- HP Procurve 3400cl (tested by roelof)
- SMC SMC8824M and SMC8848M in Port Security (feature sponsored by Seattle
Pacific University developed with the help of SMC)
New Features
- Node category support, you can assign different VLANs or whitelist violations
based on a node's category (#968)
- Added support for Floating Network Devices (See Admin Guide for details)
Enhancements
- Improved error reporting in the web administration panel and cli (#847, #898,
#899, #964, #993)
- More information available in Node Lookup (IP, DHCP lease)
- Improved database layer (more robust and logs errors)
- pfsetvlan is more resistant to configuration mistakes and reports them (#766)
- Net-SNMP 5.4 support (#940 Thanks to Maikel)
- Freeradius 2.x support (#1007)
- @ character now allowed in person id (pid). This is very common in Active
Directory environment.
- New admin authentication mechanism added (disabled by default)
- New debugging features (disabled by default)
- New DHCP fingerprints
- Optional backup script in addons/ now archives old records
- New helper synchronization scripts in addons/high-availability
- Little improvements (#866, #886, #911, #916, #952, #975)
Documentation improvements
- Install guide more accurate
- Added directions to configure PacketFence in a routed environment to the
admin guide
- Updated the High-Availability section with details about DRBD and HeartBeat v1
- More MySQL tips (#951)
- Fixed Procurve 2600 switch configuration (Thanks to Andrew Niemantsverdriet!)
Bug fixes
- Performance fixes (#908, #910)
- Captive portal stability fixes (#892, #961)
- Mitigated Net::Telnet problems with perl threads (#903, #907)
- Proper violation description shown in violation edit (#922)
- Fixed RPM spec to create package packetfence-remote-snort-sensor again (#888)
- Fixed PacketFence RPM upgrade bug if your version is lower than 1.8.5 (#931)
- Fixed rare port-security problems with stacked switches or switches with
large ifIndex (#921)
- Fixed problems with DHCP Fingerprint submission
- Fixed call to non-existing script lookup_node.pl in pfdhcplistener (#858)
- Correct VLAN information shown in Node Lookup (#893)
- Minor corrections to the Admin Web UI
- Clarified some error messages
- Misc. stability and general fixes (#833, #885, #868, #869, #896, #923, #927,
#946, #950)
--------------------------------------------------------------------------------
Version 1.8.7 released on 2010-01-06
Bug fixes
- SECURITY: Fixed "username" Cross-Site Scripting Vulnerability (#884)
- Fixed issues with Aruba Controller (#871, #873)
- Fixed issues with multiple registration in same browser session (#761)
- Fixed issues in some wireless scenarios (#880)
- Fixed situation where a Windows 7 client would slow down captive portal
- Fixed missing dependencies in packetfence-remote-snort-sensor RPM (#881, #882)
- Fixed bad HTML in registration pages
- Clarified some error messages
- Removed some unnecessary warnings
--------------------------------------------------------------------------------
Version 1.8.6 released on 2009-12-01
New Features
- New iPod UserAgent blocking strings examples
- Snort 2.8.5 compatibility (closes #581, #846, #849)
- Expire mode deadline now works in vlan isolation mode (closes #865)
- Installation guide updated
Bugfix
- Fixed issues with SSH as CLI transport
- Fixed broken 802.1x behaviour (closes #839, #841)
- Fixed pfmon Out of Memory! crash when trappable network is very large ie: /8
(closes #861)
- Fixed a problem when adding or editing a Cisco Catalyst 2970, 3500XL and
Wireless Controller 4400 from the Web Admin interface (closes #836)
- Fixed SNMPv3 configuration from Web Admin interface and pfcmd. Missing
SNMPUserNameTrap parameter. Did not affect flat file config. (closes #853)
- Fixed missing library requirement when using PacketFence with routed VLANs
(closes #838)
- Database schema updated for our backup script in addons/ (closes #800)
- Backup script keeps more location history by default
- Got rid of the non-InnoDB tables (closes #747)
- Removed some unnecessary warnings (closes #850, #862)
--------------------------------------------------------------------------------
Version 1.8.5 released on 2009-10-28
New Hardware Support
- Amer SS2R24i switch in linkUp/linkDown mode
- 3Com Switch 4200G and SuperStack 4500 in port-security mode
- Enterasys D2, Matrix N3 and SecureStack C3 in linkUp/linkDown and maclock
(port-security)
- Extreme Networks Summit X250e in linkUp/linkDown mode
New Features
- Nessus integration with captive portal for scanning on registration
- PacketFence is now distributed as a yum repository (avoids having the
installer pull a lot of cpan modules and jpgraph)
- normal/correct VLAN default behaviour changed (see UPGRADE for details)
- PacketFence is now able to automatically create static routes for routed
registration and isolation VLANs (closes #794)
- significant performance improvement in 802.1X mode (wired and wireless) or
in MAC authentication on wireless networks
- massive documentation update (how to configure hardware, new install method,
new support packages and more...)
- blocking misbehaving user-agents on captive portal (avoid unnecessary load)
- logging priority (INFO, WARN, ERROR) shown in log files
- added a few utilities in addons/
Bugfix
- SECURITY: fixed sensitive information leak in admin login: When password were
considered invalid they were displayed
- removed Hub violation that caused too many false positives (#793)
- whitelisting MAC addresses more consistent across violation types (#801)
- init script more robust (#805)
- using temporary redirects instead of permanent ones (#757)
- fixed crashes in corner cases (violations without triggers, config not
upgraded, etc.)
- fixed SNMPv3 trap-handling for HP ProCurve
- fixed maclock (port-security) support on Enterasys
- added missing dependencies
- stability and error reporting fixes
--------------------------------------------------------------------------------
Verion 1.8.4
- added code to generate violations on MAC vendors (to ban a device category)
- added code to generate violations on Web browser's User-Agent information (to
ban a browser)
- added a specific VLAN for each violation (node with this violation will be put
in the specified VLAN)
- added support for Aruba Networks wireless controllers
- added support for Foundry (Brocade) FastIron 4802
- added support for 3COM 4200G
- added support for D-Link DES-3526 (in the Web interface)
--------------------------------------------------------------------------------
Version 1.8.3
- added italian translation
- added new fields to person table
- new nessus scans using nessusclient files
- fixed iptables generation with multiple internal interfaces
- fixed start date and end date in reports
- fixed desAssociate trap handling
- added necessary taint check to pfcmd generate_switchport_vlan_assignment
- enhanced configuration sanity check
--------------------------------------------------------------------------------
Version 1.8.2
- enhanced integration of expire_mode and VLAN isolation (thanks to Maikel Van
Der Roest)
- added many tests using Test::More (in the t subdirectory)
- correct process ID is now written into pid file by pfmon and pfredirect
- adjusted dependency checks in installer and the RPM spec file
- fixed SNMPv3 createUser command
- better handling of non-english installations
- removed unused icons and HTML files from web admin GUI
- renamed passive mode into arp mode in configurator templates
--------------------------------------------------------------------------------
Version 1.8.1
- added support for SMC TigerStack 6224M (thanks to Chinasee B.
<chinasee.b@psu.ac.th>)
- switch configuration (switches.conf) can now be done from the CLI and from the
Web interface
- violation modification (violations.conf) can now be done from the CLI and from
the Web interface
- added support for starting and configuring DHCPd and bind in VLAN isolation
mode
- added push and pull commands for configuration files
- added scripts for automated testing (using Test::More)
- internationalization of remediation pages
- compatibility with Config::IniFiles 2.47
- LSB compliance of service script
- various bugfixes in reports and graphs
--------------------------------------------------------------------------------
1.8.0
- major performance improvements in pfcmd and in the Web administrative interface
- redesigned the Web administrative interface
- added support for SSH CLI sessions on Cisco switches
- added support for SNMP version 3
- added support for categories of nodes
- added a view on switches.conf to the Web administrative interface
--------------------------------------------------------------------------------
1.7.5
- added support for stacked Nortel BayStack 5520 (contribution from Matt Ashfeld)
- added support for Enterasys SecureStack C2
- added support for Cisco Controller 4400
- added support for 3COM SS4500
--------------------------------------------------------------------------------
1.7.0
- added support for VLAN isolation
- added support for 802.1X
- added support for wireless access points and controllers
- temporarily disabled support for ARP-based registration (please consult the
May 2008 archive of the packetfence-devel mailing list for more information)
- many bug fixes and general enhancements
===============================================================================
1.8.5
added support for Amer SS2R24i switch in linkUp/linkDown
mode
PacketFence is now distributed as a yum repository (avoids
having the installer pull a lot of cpan modules and jpgraph)
normal/correct VLAN returned by custom_getCorrectVlan is
now based on switch (switches.conf) instead of node
new UPGRADE document that documents things to look out for
when upgrading versions
added support for 3Com Switch 4200G and SS4500 in
port-security mode
added support for Extreme Networks Summit X250e in
linkUp/linkDown mode
fixed SNMPv3 trap-handling for HP Procurve
(http://www.packetfence.org/mantis/view.php?id=744)
SECURITY: fixed sensitive information leak in admin login.
When password were considered invalid they were displayed
misc cleanups (more warning messages, reduced code
duplication)
1.8.4
installer.pl asks to install Emerging Threats rule files
(http://www.packetfence.org/mantis/view.php?id=717)
allowed to specify several languages for user registration
Nessus scan nbe files are not shown in the web admin GUI
(http://www.packetfence.org/mantis/view.php?id=720)
configurator.pl now shows default and current configuration
when upgrading existing configuration
(http://www.packetfence.org/mantis/view.php?id=718)
fixed Config::Inifiles compatibility issue in
configurator.pl
(http://www.packetfence.org/mantis/view.php?id=721)
enhanced presentation in more_info.php
(http://www.packetfence.org/mantis/view.php?id=722)
added check that documentation.conf and pf.conf.defaults
contain same set of options
(http://www.packetfence.org/mantis/view.php?id=723)
added access to nessusclient file scan from web admin GUI
(http://www.packetfence.org/mantis/view.php?id=724)
fixed check for SELinux enforcing mode
(http://www.packetfence.org/mantis/view.php?id=725)
fixed schedule now and VLAN isolation integration
(http://www.packetfence.org/mantis/view.php?id=726)
fixed logfile name in monitorpfsetvlan.pl
(http://www.packetfence.org/mantis/view.php?id=727)
fixed violation report in mrtg_wrapper.pl
(http://www.packetfence.org/mantis/view.php?id=729)
fixed missing header line for openviolations report
(http://www.packetfence.org/mantis/view.php?id=728)
removed invalid reports from conf/ui.conf
(http://www.packetfence.org/mantis/view.php?id=730)
added trace log level to pfcmd_vlan
(http://www.packetfence.org/mantis/view.php?id=733)
added support for 3COM 4200G switch
added support for Dlink DWS 3026 Wireless controler
added Dlink DES 3526 to web admin GUI
(http://www.packetfence.org/mantis/view.php?id=737)
removed Net::SNMP inclusion from bin/flip.pl
(http://www.packetfence.org/mantis/view.php?id=736)
added support for Foundry FastIron 4802 switch
added missing use Net::Telnet to SS4500.pm
(http://www.packetfence.org/mantis/view.php?id=742)
fixed usage of _telnet variables
(http://www.packetfence.org/mantis/view.php?id=741)
fixed support of Linksys switches (removed support of
buggy Port Security because of firmware problems)
registering User-Agent in the node each time a browser
reaches the captive portal
added support for Aruba controller 200
the character + is now allowed as a value in pfcmd command
added a new violation type: MAC Vendor
prefer to show a violation page over the registration page
(http://packetfence.org/mantis/view.php?id=746)
more logging in violation_trigger
added a new violation type: UserAgents
updated documentation in violations.conf
added examples in violations.conf
database schema upgrade and updated installer for UserAgent
change
you can now specify a destination vlan on a violation in
violations.conf
added examples in violations.conf
updated dhcp fingerprints (added Android and iPhone)
(http://packetfence.org/mantis/view.php?id=745)
several updates to developer documentation and TODO tasks
1.8.3
fixed issue between connect_and_read.pl and
Aironet
(http://www.packetfence.org/mantis/view.php?id=692)
fixed iptables generation with multiple internal
interfaces
(http://www.packetfence.org/mantis/view.php?id=693)
fixed start date and end date in reports
(http://www.packetfence.org/mantis/view.php?id=694)
added italian translation
fixed desAssociate trap handling
(http://www.packetfence.org/mantis/view.php?id=695)
fixed issues with terminal connections to Cisco gear
(http://www.packetfence.org/mantis/view.php?id=696)
added necessary taint check to pfcmd
generate_switchport_vlan_assignment
(http://www.packetfence.org/mantis/view.php?id=697)
new nessus scans using nessusclient files
fixed documentation regarding NIC configuration
(http://www.packetfence.org/mantis/view.php?id=702)
fixed web admin GUI violation config
(http://www.packetfence.org/mantis/view.php?id=698)
removed unused last_seen column from reports
(http://www.packetfence.org/mantis/view.php?id=607)
GET instead of POST requests in reports.php
(http://www.packetfence.org/mantis/view.php?id=531)
fixed issue in pfsetvlan when a switch was removed
from the switch config
(http://www.packetfence.org/mantis/view.php?id=690)
added new fields to person table
(http://www.packetfence.org/mantis/view.php?id=701)
fixed last column display in printer.php
(http://www.packetfence.org/mantis/view.php?id=704)
fixed editing of last_arp column in node table
(http://www.packetfence.org/mantis/view.php?id=705)
enhanced valid_mac sub
(http://www.packetfence.org/mantis/view.php?id=706)
added pretty headers to exporter.php
(http://www.packetfence.org/mantis/view.php?id=708)
fixed sample column display in exporter.php
(http://www.packetfence.org/mantis/view.php?id=707)
show processID in services.php
(http://www.packetfence.org/mantis/view.php?id=709)
removed all service restart in services.php
(http://www.packetfence.org/mantis/view.php?id=710)
enhanced configuration sanity check
(http://www.packetfence.org/mantis/view.php?id=711)
added argument check for getLocation (pfcmd_vlan)
(http://www.packetfence.org/mantis/view.php?id=712)
removed showMACVendor option from pfcmd_vlan
(http://www.packetfence.org/mantis/view.php?id=713)
fixed display of showPF option in pfcmd_vlan
(http://www.packetfence.org/mantis/view.php?id=714)
1.8.2
added Readonly to dependencies
(http://www.packetfence.org/mantis/view.php?id=608)
added missing header.selected.png
(http://www.packetfence.org/mantis/view.php?id=609)
date initialization in locationhistorymac command
(http://www.packetfence.org/mantis/view.php?id=610)
removed core perl modules from dependency lists
(http://www.packetfence.org/mantis/view.php?id=613)
fixed SNMPv3 createUser command
(http://www.packetfence.org/mantis/view.php?id=612)
fixed Web Admin GUI - violation add
(http://www.packetfence.org/mantis/view.php?id=615)
fixed configurator walkthrough in ZEN installation guide
(http://www.packetfence.org/mantis/view.php?id=618)
fixed pf.conf example in ZEN installation guide
(http://www.packetfence.org/mantis/view.php?id=619)
fixed comments in BIND zone file templates
(http://www.packetfence.org/mantis/view.php?id=617)
ifconfig -a and non-english installations
(http://www.packetfence.org/mantis/view.php?id=614)
removed unused icons from distribution
(http://www.packetfence.org/mantis/view.php?id=621)
removed unnecessary files from web admin GUI
(http://www.packetfence.org/mantis/view.php?id=622)
fixed compilation error in bin/accounting.pl
(http://www.packetfence.org/mantis/view.php?id=623)
added tests for compilation of binaries
fixed compilation error in addons/convertToPortSecurity.pl
(http://www.packetfence.org/mantis/view.php?id=624)
fixed list of dashboard widgets
(http://www.packetfence.org/mantis/view.php?id=625)
web admin GUI: fixed proxies configuration help
(http://www.packetfence.org/mantis/view.php?id=626)
fixed handling of proxies section in configuration file
(http://www.packetfence.org/mantis/view.php?id=627)
removed automatic refresh from web admin GUI
(http://www.packetfence.org/mantis/view.php?id=629)
fixed presentation of proxies config in web admin GUI
(http://www.packetfence.org/mantis/view.php?id=628)
added Test::Perl::Critic tests
added tests for compilation of PHP scripts
added tests for compilation of CGI scripts
usage of UNIVERSAL::require
(http://www.packetfence.org/mantis/view.php?id=631)
updated jpgraph version
(http://www.packetfence.org/mantis/view.php?id=632)
moved admin/calendar into 3rdparty directory
(http://www.packetfence.org/mantis/view.php?id=635)
moved lookup_node and lookup_person into libraries
(http://www.packetfence.org/mantis/view.php?id=633)
cleaned contrib directory
(http://www.packetfence.org/mantis/view.php?id=634)
fixed POD warnings and errors
(http://www.packetfence.org/mantis/view.php?id=636)
added Test::POD tests
fixed uninitialized variable when calling pfdetect -h
(http://www.packetfence.org/mantis/view.php?id=638)
fixed uninitialized variable when calling
pfdhcplistener -h
(http://www.packetfence.org/mantis/view.php?id=640)
fixed code execution in util.pm when calling pfmon -h
(http://www.packetfence.org/mantis/view.php?id=641)
fixed wrong PID written to pid file in pfmon
(http://www.packetfence.org/mantis/view.php?id=639)
fixed wrong PID written to pid file in pfredirect
(http://www.packetfence.org/mantis/view.php?id=642)
corrected startup of imap and pop3 redirectors
(http://www.packetfence.org/mantis/view.php?id=643)
fixed crash in pop3 redirector
(http://www.packetfence.org/mantis/view.php?id=644)
moved accounting.pl into addons
removed pngfix.js
dhcp_dumper compatibility with Config::IniFiles 2.47
(http://www.packetfence.org/mantis/view.php?id=645)
better configuration parameter check
(http://www.packetfence.org/mantis/view.php?id=646)
fixed comparison in line 180 of services.pm
(http://www.packetfence.org/mantis/view.php?id=647)
enhanced jpgraph installation
enhanced expire_mode and VLAN integration
take snort startup dependency on pfdetect in pfcmd
into account
(http://www.packetfence.org/mantis/view.php?id=648)
fixed read_dhcp_fingerprints_conf() and
read_violations_conf() calls during service stop
(http://www.packetfence.org/mantis/view.php?id=649)
fixed error messages layout in adduser.php
(http://www.packetfence.org/mantis/view.php?id=650)
fixed violation deletion
(http://www.packetfence.org/mantis/view.php?id=651)
fixed web admin GUI - violation edit
(http://www.packetfence.org/mantis/view.php?id=652)
fixed web admin GUI - node and person edit
(http://www.packetfence.org/mantis/view.php?id=653)
fixed icons for violation modifications
(http://www.packetfence.org/mantis/view.php?id=655)
Web admin GUI - show configured hostname in services
(http://www.packetfence.org/mantis/view.php?id=654)
fixed insecure dependency while starting pfdhcplistener
(http://www.packetfence.org/mantis/view.php?id=656)
fixed insecure dependency while restarting snort
(http://www.packetfence.org/mantis/view.php?id=657)
changed dhcp lease time config variables from 'text'
to 'time'
(http://www.packetfence.org/mantis/view.php?id=658)
fixed number of rows in dashboard customization
(http://www.packetfence.org/mantis/view.php?id=659)
added Config::IniFiles requirement in node.pm
(http://www.packetfence.org/mantis/view.php?id=661)
better Config::IniFile error handling
(http://www.packetfence.org/mantis/view.php?id=660)
fixed file path in remote dhcp listener startup
(http://www.packetfence.org/mantis/view.php?id=662)
moved pfdetect_remote into sbin directory
(http://www.packetfence.org/mantis/view.php?id=666)
removed remote DHCP listener
snmptrapd now appends to log file (instead of trunkating)
(http://www.packetfence.org/mantis/view.php?id=668)
web admin gui - filename for scan result download
(http://www.packetfence.org/mantis/view.php?id=669)
fixed issues in pfcmd schedule call
(http://www.packetfence.org/mantis/view.php?id=670)
error handling in schedule view for unknown ID
(http://www.packetfence.org/mantis/view.php?id=671)
changed schedule.pm namespace
(http://www.packetfence.org/mantis/view.php?id=672)
faster schedule deletion
(http://www.packetfence.org/mantis/view.php?id=673)
fixed database schema version symlink and installer
(http://www.packetfence.org/mantis/view.php?id=675)
RPM SPEC file now ensure file modes
(http://www.packetfence.org/mantis/view.php?id=676)
renamed passive mode into arp mode in configurator
templates
(http://www.packetfence.org/mantis/view.php?id=677)
fixed typo in violations.conf
(http://www.packetfence.org/mantis/view.php?id=678)
allowed correct modification of pf.conf from
web admin GUI
(http://www.packetfence.org/mantis/view.php?id=680)
fixed issue in web admin GUI during fingerprint upload
(http://www.packetfence.org/mantis/view.php?id=681)
ensured log file ownership in installer.pl
(http://www.packetfence.org/mantis/view.php?id=682)
added DBD::mysql and DBI to dependencies
(http://www.packetfence.org/mantis/view.php?id=683)
fixed issue in menu display during reports
(http://www.packetfence.org/mantis/view.php?id=684)
node/add.php shows status option list
(http://www.packetfence.org/mantis/view.php?id=686)
fixed issues in OS report graphs when no nodes are
present
(http://www.packetfence.org/mantis/view.php?id=685)
fixed issues with violation add
(http://www.packetfence.org/mantis/view.php?id=687)
new log files for pfdetect and pfredirect
(http://www.packetfence.org/mantis/view.php?id=688)
corrected handling of SIGHUP in daemons
(http://www.packetfence.org/mantis/view.php?id=689)
1.8.1
authorized @ as first symbol in password
(http://www.packetfence.org/mantis/view.php?id=551)
daily graphs and issues with year end
(http://www.packetfence.org/mantis/view.php?id=553)
correct order in monthly graph
(http://www.packetfence.org/mantis/view.php?id=552)
new configfiles push and pull commands
(http://www.packetfence.org/mantis/view.php?id=550)
documented pfcmd manage commands
(http://www.packetfence.org/mantis/view.php?id=554)
CSS style for web admin gui help pages
(http://www.packetfence.org/mantis/view.php?id=555)
added favicon
(http://www.packetfence.org/mantis/view.php?id=557)
CSS style for web admin gui edit pages
(http://www.packetfence.org/mantis/view.php?id=558)
permitted switches.conf modification through CLI
and web admin GUI
(http://www.packetfence.org/mantis/view.php?id=433)
made default LDAPUserScope sub
(http://www.packetfence.org/mantis/view.php?id=561)
permitted violations.conf modification through CLI
and web admin GUI
(http://www.packetfence.org/mantis/view.php?id=560)
authorized & character in grammar
(http://www.packetfence.org/mantis/view.php?id=563)
fixed link to nonexisting add.png file
(http://www.packetfence.org/mantis/view.php?id=564)
updated web admin gui help file content
(http://www.packetfence.org/mantis/view.php?id=556)
fixed pfcmd report os and report osclass crashes when
no nodes were present
(http://www.packetfence.org/mantis/view.php?id=566)
fixed issues in grapher when no nodes were present
(http://www.packetfence.org/mantis/view.php?id=565)
removed HTML footer from grapher.php
(http://www.packetfence.org/mantis/view.php?id=567)
added support for SMC TigerStack 6224M
(thanks to Chinasee B. <chinasee.b@psu.ac.th>)
show switches section in web admin GUI only in VLAN
isolation mode
(http://www.packetfence.org/mantis/view.php?id=571)
moved interface configuration into separate HTML page
(http://www.packetfence.org/mantis/view.php?id=573)
switchconfig get all is now nicely sorted
added networkconfig CLI and web admin GUI
added support for starting and configuring DHCPd in
VLAN isolation mode
(http://www.packetfence.org/mantis/view.php?id=568)
(http://www.packetfence.org/mantis/view.php?id=570)
added support for starting and configuring named in
VLAN isolation mode
(http://www.packetfence.org/mantis/view.php?id=569)
(http://www.packetfence.org/mantis/view.php?id=572)
management IP address in configurator.pl
(http://www.packetfence.org/mantis/view.php?id=574)
determine default gateway in configurator
(http://www.packetfence.org/mantis/view.php?id=577)
fixed startup error when networks.conf was empty
(http://www.packetfence.org/mantis/view.php?id=578)
configurator had issues with VLAN interfaces
(http://www.packetfence.org/mantis/view.php?id=582)
in installer.pl make sure that perl modules could be
installed
(http://www.packetfence.org/mantis/view.php?id=583)
removed legacy vlan.bind
(http://www.packetfence.org/mantis/view.php?id=585)
fixed help info in web admin GUI
(http://www.packetfence.org/mantis/view.php?id=584)
fixed LSB compliance
(http://www.packetfence.org/mantis/view.php?id=588)
compatibility with Config::IniFiles 2.47
(http://www.packetfence.org/mantis/view.php?id=590)
removed switchTypesToExclude parameter
(http://www.packetfence.org/mantis/view.php?id=592)
updated zen-vlan configurator template
(http://www.packetfence.org/mantis/view.php?id=593)
sanity_check vlan.dhcpd/named vs networks.conf
(http://www.packetfence.org/mantis/view.php?id=594)
internationalize remediation pages
(http://www.packetfence.org/mantis/view.php?id=596)
added automatic test scripts
remove 'ip' parameter from switches.conf
(http://www.packetfence.org/mantis/view.php?id=597)
switches.conf and cliEnabledPwd
(http://www.packetfence.org/mantis/view.php?id=598)
make maximal column width of contents in web admin
GUI 30 characters
converted some fields in web admin GUI configuration
from text to textarea
removed start/stop symlinks from RPM
fixed httpd restart and tainted mode issues
(http://www.packetfence.org/mantis/view.php?id=599)
allow to (de)activate named and dhcpd per network
section
(http://www.packetfence.org/mantis/view.php?id=601)
fixed oinkmaster.conf file
(http://www.packetfence.org/mantis/view.php?id=603)
better pfcmd service pf watch output
(http://www.packetfence.org/mantis/view.php?id=604)
fixed issues in lookup_node.pl
(http://www.packetfence.org/mantis/view.php?id=605)
fixed calculations in OS reports
(http://www.packetfence.org/mantis/view.php?id=606)
1.8.0
unify log management
(http://www.packetfence.org/mantis/view.php?id=356)
unify vlan_determine_for_node and node_determine_VLAN
(http://www.packetfence.org/mantis/view.php?id=357)
not all log statements contain thread and proc ID
(http://www.packetfence.org/mantis/view.php?id=384)
service packetfence status works only if mysql is running
(http://www.packetfence.org/mantis/view.php?id=142)
support MAC addresses in several different formats
(http://www.packetfence.org/mantis/view.php?id=385)
arp.listendevice is not documented
(http://www.packetfence.org/mantis/view.php?id=387)
arp.listendevice is not defined in pf.conf!
(http://www.packetfence.org/mantis/view.php?id=405)
replace Net::Telnet::Cisco by Net::Appliance::Session
(http://www.packetfence.org/mantis/view.php?id=379)
support for SSH CLI Session on Cisco switchess
(http://www.packetfence.org/mantis/view.php?id=388)
use log subcategories in pfsetvlan
(http://www.packetfence.org/mantis/view.php?id=340)
use logdie instead of die
(http://www.packetfence.org/mantis/view.php?id=136)
Removed db connection parameters from switches.conf
(http://www.packetfence.org/mantis/view.php?id=391)
Removed DBI connect in pfsetvlan
(http://www.packetfence.org/mantis/view.php?id=393)
Isolation of unregistered computers
(http://www.packetfence.org/mantis/view.php?id=395)
Net::Pcap instead of Net::RawIP in pfmon
(http://www.packetfence.org/mantis/view.php?id=396)
remved mail_xxx parameters from switches.conf
(http://www.packetfence.org/mantis/view.php?id=394)
removed obsolete pfsetvlan startup script
(http://www.packetfence.org/mantis/view.php?id=400)
validation of switches.conf
(http://www.packetfence.org/mantis/view.php?id=386)
removed 'registration complete' violation
(http://www.packetfence.org/mantis/view.php?id=402)
removed 'AUP' violation
(http://www.packetfence.org/mantis/view.php?id=360)
add registration.nbregpages configuration parameter
(http://www.packetfence.org/mantis/view.php?id=403)
getMacAddr (Cisco.pm) does not work with port-security
(http://www.packetfence.org/mantis/view.php?id=407)
create traplog database table
(http://www.packetfence.org/mantis/view.php?id=425)
traplog expiration
(http://www.packetfence.org/mantis/view.php?id=426)
traplog integration in web admin interface
(http://www.packetfence.org/mantis/view.php?id=362)
removed isolation and registration interface types
(http://www.packetfence.org/mantis/view.php?id=429)
removed sysctl manipulations
(http://www.packetfence.org/mantis/view.php?id=432)
removed minOSVersion parameters from switches.conf
(http://www.packetfence.org/mantis/view.php?id=428)
removed trapping.redirlocal parameter
(http://www.packetfence.org/mantis/view.php?id=434)
removed inline deployment mode
(http://www.packetfence.org/mantis/view.php?id=436)
network.vlan becomes network.mode=vlan
(http://www.packetfence.org/mantis/view.php?id=437)
network.mode=passive becomes network.mode=arp
(http://www.packetfence.org/mantis/view.php?id=438)
remove iptables manipulations during VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=359)
renamed functions in iptables.pm
(http://www.packetfence.org/mantis/view.php?id=439)
removed gcc requirement
(http://www.packetfence.org/mantis/view.php?id=430)
re-organize PacketFence binaries
(http://www.packetfence.org/mantis/view.php?id=441)
flip.pl should not any more be declared as config
file in packetfence.spec
(http://www.packetfence.org/mantis/view.php?id=442)
removed PF daemon paths from [services] in conf file
(http://www.packetfence.org/mantis/view.php?id=461)
make PF portable
(http://www.packetfence.org/mantis/view.php?id=75)
removed ports.open
(http://www.packetfence.org/mantis/view.php?id=464)
removed services.nessusd
(http://www.packetfence.org/mantis/view.php?id=473)
removed status/rss.php
(http://www.packetfence.org/mantis/view.php?id=479)
removed harvard references
(http://www.packetfence.org/mantis/view.php?id=478)
removed ports.allowed
(http://www.packetfence.org/mantis/view.php?id=475)
removed network.named and services.named
(http://www.packetfence.org/mantis/view.php?id=472)
trapping.passthrough during VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=435)
enhance log messages regarding skip_mode
(http://www.packetfence.org/mantis/view.php?id=484)
trapping.testing sets switches into testing mode
(http://www.packetfence.org/mantis/view.php?id=488)
trapping.registration=disabled and VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=486)
warn when scan.registration=enabled and
trapping.registration=disabled
(http://www.packetfence.org/mantis/view.php?id=489)
replaced Net::RawIP
(http://www.packetfence.org/mantis/view.php?id=508)
violation edit and MAC
(http://www.packetfence.org/mantis/view.php?id=510)
replaced IPTables::IPv4 with IPTables::ChainMgr
(http://www.packetfence.org/mantis/view.php?id=509)
os.pm and compatibility with Config::IniFiles v2.45
(http://www.packetfence.org/mantis/view.php?id=512)
node edit and dhcp_fingerprint
(http://www.packetfence.org/mantis/view.php?id=514)
conf/pfsetvlan.pm should become pf::vlan::custom.pm
(http://www.packetfence.org/mantis/view.php?id=515)
pfsetvlan PID file
(http://www.packetfence.org/mantis/view.php?id=513)
web admin interface debug mode
(http://www.packetfence.org/mantis/view.php?id=481)
edit pages were missing standard HTML tags
(http://www.packetfence.org/mantis/view.php?id=516)
readline() on closed filehandle in schedule.pm
(http://www.packetfence.org/mantis/view.php?id=517)
lookup_person.pl => unquoted string
(http://www.packetfence.org/mantis/view.php?id=519)
lookup_node.pl => argument isn't numeric
(http://www.packetfence.org/mantis/view.php?id=521)
optimization in person/lookup.php
(http://www.packetfence.org/mantis/view.php?id=520)
fixed grammar issue for scan scheduling
(http://www.packetfence.org/mantis/view.php?id=522)
fixed modifying scheduled scan in web admin GUI
(http://www.packetfence.org/mantis/view.php?id=518)
id should not be shown in schedule/edit.php
(http://www.packetfence.org/mantis/view.php?id=523)
usability enhancements to administration/services.php
(http://www.packetfence.org/mantis/view.php?id=524)
violation_trigger in pfdhcplistener
(http://www.packetfence.org/mantis/view.php?id=502)
pfsetvlan optimization
(http://www.packetfence.org/mantis/view.php?id=525)
fixed issues with pfcmd traplog
(http://www.packetfence.org/mantis/view.php?id=526)
added security checks to pfcmd violation add
(http://www.packetfence.org/mantis/view.php?id=527)
removed possibility to edit violation ID in
violation/edit.php
(http://www.packetfence.org/mantis/view.php?id=528)
show violation type dropdown in violation/edit.php
(http://www.packetfence.org/mantis/view.php?id=529)
unified web admin GUI HTML page titles
(http://www.packetfence.org/mantis/view.php?id=530)
fixed default status/reports page
(http://www.packetfence.org/mantis/view.php?id=532)
prefixed SNMP config variables in switches.conf with
SNMP
(http://www.packetfence.org/mantis/view.php?id=537)
added example SNMP v3 switch config to switches.conf
(http://www.packetfence.org/mantis/view.php?id=536)
created new SNMP::PacketFence module
(http://www.packetfence.org/mantis/view.php?id=539)
snmptrapd and SNMP v3
(http://www.packetfence.org/mantis/view.php?id=534)
new admin GUI look and organization
major performance increase in pfcmd
fixed issue in web admin gui with person lookup
Restarting services through web interface does now work
(http://www.packetfence.org/mantis/view.php?id=540)
Stopping pfsetvlan through web admin GUI does now work
(http://www.packetfence.org/mantis/view.php?id=542)
Added trace log level to test/connect_and_read
Cisco Catalyst 2950 and getRegExpFromList
(http://www.packetfence.org/mantis/view.php?id=544)
Added SNMPVersion and SNMPVersionTrap checks
(http://www.packetfence.org/mantis/view.php?id=543)
Added view on switches.conf to web admin GUI
fixed configuration/instructions.php error handling
(http://www.packetfence.org/mantis/view.php?id=546)
fixed configuration/violation.php links to instructions
(http://www.packetfence.org/mantis/view.php?id=545)
Added switch deletion to CLI and GUI
don't allow empty filter submit in web admin gui
(http://www.packetfence.org/mantis/view.php?id=547)
fixed behavior when no node categories are defined
(http://www.packetfence.org/mantis/view.php?id=548)
1.7.6
violations created through bin/pfdetect do not lead to
VLAN change
(http://www.packetfence.org/mantis/view.php?id=496)
issues with MAC addresses in capital
(http://www.packetfence.org/mantis/view.php?id=498)
add error checks to flip.pl
(http://www.packetfence.org/mantis/view.php?id=497)
Cisco wireless controller deauthentication
(http://www.packetfence.org/mantis/view.php?id=499)
show computername in Violation - View
(http://www.packetfence.org/mantis/view.php?id=500)
show open violations in Node - View
(http://www.packetfence.org/mantis/view.php?id=501)
added node categories
extended node view filters from categories to pid
added node view limit clause
added node view order by clause
added node count
pfcmd grammar allowed trailing, unmatched characters
(http://packetfence.org/mantis/view.php?id=504)
change filter in web admin gui from POST to GET
(http://packetfence.org/mantis/view.php?id=505)
adapted web admin GUI to take advantage of new node
SQL filters, order by and limit clauses
pfcmd report and grammar issues
(http://packetfence.org/mantis/view.php?id=506)
ui dashboard grammar is not precise
(http://packetfence.org/mantis/view.php?id=507)
major cleanup in pfcmd grammar
1.7.5
pfsetvlan should check that MAC field is filled before
calling custom_isClientAlive
(http://www.packetfence.org/mantis/view.php?id=444)
add executables used in installer.pl to dependencies
in packetfence.spec
(http://www.packetfence.org/mantis/view.php?id=445)
CGI session should contain authentication type used
(http://www.packetfence.org/mantis/view.php?id=447)
support for stacked Nortel BayStack5520
(http://www.packetfence.org/mantis/view.php?id=448)
support for Enterasys::SecureStack C2
moved DHCP fingerprint update from configurator.pl
to installer.pl
added oui update to installer.pl
(http://www.packetfence.org/mantis/view.php?id=446)
unified _setVlan code between different modules
(http://www.packetfence.org/mantis/view.php?id=449)
missing return false in templates/register.html
(http://www.packetfence.org/mantis/view.php?id=450)
closelocationlogonstop default value should be disabled
(http://www.packetfence.org/mantis/view.php?id=452)
auth-aliases are not needed any more
(http://www.packetfence.org/mantis/view.php?id=451)
removed external2 from reg-detect-vlan.conf
(http://www.packetfence.org/mantis/view.php?id=453)
removed reference to local.conf from installer.pl
(http://www.packetfence.org/mantis/view.php?id=455)
fixed OUI and fingerprint updates in installer.pl
(http://www.packetfence.org/mantis/view.php?id=454)
removed reboot.php
(http://www.packetfence.org/mantis/view.php?id=463)
Unknown modifier 'r' in common.php on line 340
(http://www.packetfence.org/mantis/view.php?id=466)
Adjust ports.redirect default value
(http://www.packetfence.org/mantis/view.php?id=470)
configurator.pl: simplify question for ports.listeners
(http://www.packetfence.org/mantis/view.php?id=468)
Net::Pcap::lookupnet issues
(http://www.packetfence.org/mantis/view.php?id=476)
support for Cisco Controller 4400
fixed dashboard customization
(http://www.packetfence.org/mantis/view.php?id=480)
fixed issue in get_db_creds
(http://www.packetfence.org/mantis/view.php?id=465)
disable skip_mode in reg-detect-vlan config template
(http://www.packetfence.org/mantis/view.php?id=483)
added reg-vlan configurator template
(http://www.packetfence.org/mantis/view.php?id=482)
better way to set domain and host names
(http://www.packetfence.org/mantis/view.php?id=487)
added VLAN specific warnings to sanity_check
(http://www.packetfence.org/mantis/view.php?id=491)
added support for 3COM SS4500 switch
person_delete and associated nodes
(http://www.packetfence.org/mantis/view.php?id=493)
email after HUB violation
(http://www.packetfence.org/mantis/view.php?id=494)
added missing snort rule IDs
violation delete and MAC
(http://www.packetfence.org/mantis/view.php?id=495)
1.7.4
undef operator in SNMP.pm
(http://www.packetfence.org/mantis/view.php?id=382)
replace javascript popup on relase page
(http://www.packetfence.org/mantis/view.php?id=380)
Bareword "Net::SNMP::OCTET_STRING" not allowed
(http://www.packetfence.org/mantis/view.php?id=383)
added script to check for duplication of secure MACs
Cisco::Catalyst_3560 inheritance
(http://www.packetfence.org/mantis/view.php?id=390)
Support for Cisco Aironet 1250
(http://www.packetfence.org/mantis/view.php?id=397)
Removed unused loglevel from switches.conf
(http://www.packetfence.org/mantis/view.php?id=392)
documented alerting.wins_server in pf.conf.defaults
(http://www.packetfence.org/mantis/view.php?id=398)
configuration parameters for action_winpopup
(http://www.packetfence.org/mantis/view.php?id=399)
disabled service entry for snmptrapd
(http://www.packetfence.org/mantis/view.php?id=401)
removed deprecated generate_snort_rules sub
redir.cgi trapping.registration cannot be onviolation
(http://www.packetfence.org/mantis/view.php?id=404)
skip registration
(http://www.packetfence.org/mantis/view.php?id=408)
reg scan and VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=409)
recovery.pl in single thread mode
(http://www.packetfence.org/mantis/view.php?id=411)
recovery.pl should also validate locationlog entries
(http://www.packetfence.org/mantis/view.php?id=412)
log messages in testSecureMACs.pl
(http://www.packetfence.org/mantis/view.php?id=413)
testSecureMACs should be part of recovery.pl
(http://www.packetfence.org/mantis/view.php?id=414)
violation_delete should be part of default
adjustswitchportvlan reasons
(http://www.packetfence.org/mantis/view.php?id=371)
node status can be 'grace'
(http://www.packetfence.org/mantis/view.php?id=415)
specify exact Net::Pcap version
(http://www.packetfence.org/mantis/view.php?id=416)
add 'on update cascade' to iplog table
(http://www.packetfence.org/mantis/view.php?id=417)
default registration.expire_mode=disabled
(http://www.packetfence.org/mantis/view.php?id=418)
network.rogueinterval default value
(http://www.packetfence.org/mantis/view.php?id=419)
passthrough list should be empty by default
(http://www.packetfence.org/mantis/view.php?id=420)
by default expiration should be disabled
(http://www.packetfence.org/mantis/view.php?id=421)
_cleanup functions should log number of deleted items
(http://www.packetfence.org/mantis/view.php?id=422)
node expire function should log number of expired
nodes
(http://www.packetfence.org/mantis/view.php?id=423)
missing EOT in conf/documentation.conf
(http://www.packetfence.org/mantis/view.php?id=431)
allow ifType=117 in pfsetvlan.pm
(http://www.packetfence.org/mantis/view.php?id=440)
1.7.3
not all port security traps are handled
(http://www.packetfence.org/mantis/view.php?id=363)
require at least version 0.16 of Net::Pcap in SPEC
web.pm still refers to parse_auth_conf
(http://www.packetfence.org/mantis/view.php?id=365)
reg scans and issues in trigger.pm
(http://www.packetfence.org/mantis/view.php?id=367)
reg scans and issues in release.cgi
(http://www.packetfence.org/mantis/view.php?id=366)
add trap community configuration parameter
(http://www.packetfence.org/mantis/view.php?id=368)
login error messages
(http://www.packetfence.org/mantis/view.php?id=364)
destination_url parameter lost during registration
(http://www.packetfence.org/mantis/view.php?id=369)
violation_add should be part of default
adjustswitchportvlan reasons
(http://www.packetfence.org/mantis/view.php?id=370)
recovery.pl uses obsolete getPhonesAtIfIndex
(http://www.packetfence.org/mantis/view.php?id=372)
recovery.pl and port security
(http://www.packetfence.org/mantis/view.php?id=373)
node_pid and registration status
(http://www.packetfence.org/mantis/view.php?id=374)
added support for Dlink::DES_3526
(contributed by Treker Chen)
automatically hide scan section if necessary
(http://www.packetfence.org/mantis/view.php?id=376)
added support for HP::Procurve_2500
correct getMacBridgePortHash for HP switches
(http://www.packetfence.org/mantis/view.php?id=375)
added support for HP::Procurve_4100
pfcmd service watch and restart of services
(http://www.packetfence.org/mantis/view.php?id=377)
When instantiating a switch, pfsetvlan does not read
macSearchesMaxNb and macSearchesSleepInterval for
the switch
(http://www.packetfence.org/mantis/view.php?id=378)
1.7.2
added RHEL5 to supported operating systems
stopped to distribute jpgraph with PF; the installer
will now download jpgraph
`pfcmd service pf status` now indicates
- if service should be started according to
configuration file
- all pids (in case several processus are running)
clean PID files in /usr/local/pf/var when necessary
after service stop
unified pfcmd service and pfcmd control
replaced bin/pfwatcher with pfcmd service pf watch
added trapping.redirlocal parameter which is used by
bin/ip2interface.pl
removed conf/ssl/server.crt and conf/ssl/server.key from
distribution and added code to generate them to installer.pl
added DHCP fingerprint update to configurator.pl
configurator.pl reference to registration.authentication
(http://www.packetfence.org/mantis/view.php?id=342)
port 162 is opened on internal interface instead of management
interface
(http://www.packetfence.org/mantis/view.php?id=344)
removed configurator.pl reference to arp.listendevice
perl-IPTables-IPv4 conflicts with PacketFence RPM
(http://www.packetfence.org/mantis/view.php?id=348)
added authorizedips variable to each interface to customize
IPTables rules
(http://www.packetfence.org/mantis/view.php?id=345)
representation of adjustswitchportvlan reasons in web admin GUI
(http://www.packetfence.org/mantis/view.php?id=343)
default values for multi config options are correctly shown in
web admin GUI
(http://www.packetfence.org/mantis/view.php?id=350)
added functionality to reset switch ports in case of desaster
(http://www.packetfence.org/mantis/view.php?id=349)
parse for local trap OID instead of only 127.0.0.1
(http://www.packetfence.org/mantis/view.php?id=341)
iptables FORWARD ACCEPT chains in passive mode
(http://www.packetfence.org/mantis/view.php?id=314)
wrong comparison in iplog_cleanup_sql
(http://www.packetfence.org/mantis/view.php?id=352)
VLAN isolation should verify violation action parameter
(http://www.packetfence.org/mantis/view.php?id=353)
support for linkup/linkdown traps on HP switches
administration/adduser.php - alignment of version information
(http://www.packetfence.org/mantis/view.php?id=354)
1.7.1
fixed various issues with service_watcher
(http://www.packetfence.org/mantis/view.php?id=319)
added VLAN isolation template
(http://www.packetfence.org/mantis/view.php?id=318)
encourage usage of Net::RawIP version 0.2
(http://www.packetfence.org/mantis/view.php?id=320)
prohibit node deletion of connected nodes in VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=321)
show 'reg/unreg' choices in node/add.php
(http://www.packetfence.org/mantis/view.php?id=322)
more precise trap parsing
(http://www.packetfence.org/mantis/view.php?id=323)
fixed iptables issue with iptables.post file
(http://www.packetfence.org/mantis/view.php?id=325)
added better log messages on violation close
(http://www.packetfence.org/mantis/view.php?id=326)
tests look in the wrong directory for pid files
(http://www.packetfence.org/mantis/view.php?id=329)
issues stopping processes
(http://www.packetfence.org/mantis/view.php?id=324
http://www.packetfence.org/mantis/view.php?id=327)
iptables save/restore
(http://www.packetfence.org/mantis/view.php?id=328)
authentication module error messages
(http://www.packetfence.org/mantis/view.php?id=330)
Net::Pcap instead of Net::RawIP in dhcplistener
(http://www.packetfence.org/mantis/view.php?id=267)
new RADIUS authentication template
database optimizations
(http://www.packetfence.org/mantis/view.php?id=287,
http://www.packetfence.org/mantis/view.php?id=316)
SQL queries and active/inactive nodes
(http://www.packetfence.org/mantis/view.php?id=333)
optimized oui_to_vendor
(http://www.packetfence.org/mantis/view.php?id=335)
don't automatically daemonize pfsetvlan
(http://www.packetfence.org/mantis/view.php?id=336)
pfsetvlan should clean its PID file
(http://www.packetfence.org/mantis/view.php?id=337)
pfsetvlan: A thread exited while 26 threads were running
(http://www.packetfence.org/mantis/view.php?id=338)
start pfsetvlan when network.vlan=enabled
(http://www.packetfence.org/mantis/view.php?id=252)
start snmptrapd when network.vlan=enabled
automatically open UDP port 162 during VLAN isolation
1.7.0
pid with spaces causes issues in web admin GUI
(http://www.packetfence.org/mantis/view.php?id=315)
replaced packetfence.gif with new packetfence.png logo
be sure to update general.logo to /common/packetfence.png
1.7.0 RC4
usage of gettext and template-toolkit in web pages
pfcmd_vlan -reAssignVlan
(https://support.inverse.ca/mantis/view.php?id=2341)
replaced HTTP auth with form based authentication
setVlan on Linksys switches
(http://www.packetfence.org/mantis/view.php?id=307)
added autodiscover script
added sample iptables.pre configuration file to allow
reception of SNMP traps
show database and scan passwords in password fields in
web admin GUI
fixed issue in node_cleanup SQL query
added missing test/connect_and_read.pl script
support for Cisco::WLC_2106
1.7.0 RC3
setting configuration parameters back to default values
(http://www.packetfence.org/mantis/view.php?id=313)
= sign in configuration values
(https://support.inverse.ca/mantis/view.php?id=2265)
1.7.0 RC2
Some reports (Active/InActive) do not have DHCP fingerprint
information (http://www.packetfence.org/mantis/view.php?id=4)
pfcmd always connects to MySQL
(http://www.packetfence.org/mantis/view.php?id=101)
can't close blocks in administration/configuration.php
(http://www.packetfence.org/mantis/view.php?id=122)
admin/screenshots
(http://www.packetfence.org/mantis/view.php?id=125)
in UI if var/session doesn't exist or is not writable - user
can not login and no error is given
(http://www.packetfence.org/mantis/view.php?id=140)
class/violation.php
(http://www.packetfence.org/mantis/view.php?id=169)
make packetfence.init LSB compliant
(http://www.packetfence.org/mantis/view.php?id=170)
allow to configure alert email through pf.conf
(http://www.packetfence.org/mantis/view.php?id=174)
admin/common.php : pager might be too big
(http://www.packetfence.org/mantis/view.php?id=205)
add group access right to web admin interface
(http://www.packetfence.org/mantis/view.php?id=211)
make rogue DHCP detect a "real" violation
(http://www.packetfence.org/mantis/view.php?id=220)
flip.pl calls pfcmd_contrib
(http://www.packetfence.org/mantis/view.php?id=228)
problems with File::Tail in setVlanOnTrapd
(http://www.packetfence.org/mantis/view.php?id=229)
added remote DHCP listener to SPEC file
status::reports:: history (IP/MAC) column names are not
correctly shown
(http://www.packetfence.org/mantis/view.php?id=231)
Web link http://www.packetfence.org/install.html does
not exist
(http://www.packetfence.org/mantis/view.php?id=230)
status::reports:: location history (IP/MAC) column
names are not correctly shown
(http://www.packetfence.org/mantis/view.php?id=232)
up2date no longer available under RHEL5/CentOS5
(http://www.packetfence.org/mantis/view.php?id=234)
installer can't find pfschema.mysql
(http://www.packetfence.org/mantis/view.php?id=235)
installer trying to install snort binary
(http://www.packetfence.org/mantis/view.php?id=236)
web admin gui history sort
(http://www.packetfence.org/mantis/view.php?id=237)
configuration value alerting.fromaddr
(http://www.packetfence.org/mantis/view.php?id=238)
templates/httpd.conf symlink
(http://www.packetfence.org/mantis/view.php?id=239)
several DNS servers and network.named=enabled
(http://www.packetfence.org/mantis/view.php?id=242)
iptables-restore
(http://www.packetfence.org/mantis/view.php?id=240)
'[warn] Useless use of AllowOverride' on RHEL5/CentOS5
(http://www.packetfence.org/mantis/view.php?id=243)
ifOctets throughput calculation and ifOctets discontinuities
(http://www.packetfence.org/mantis/view.php?id=244)
ifOctets accounting and throughput rounding
(http://www.packetfence.org/mantis/view.php?id=245)
pf1.7 database schema md5sum
(http://www.packetfence.org/mantis/view.php?id=250)
cleanup of services documentation
(http://www.packetfence.org/mantis/view.php?id=253)
renamed setVlanOnTrapd to pfsetvlan
(http://www.packetfence.org/mantis/view.php?id=255)
subroutine isTestingMode defined twice
(http://www.packetfence.org/mantis/view.php?id=257)
MAC security and Cisco Catalyst 2950
(http://www.packetfence.org/mantis/view.php?id=258)
new VLAN reassignment option in recovery.pl
(http://www.packetfence.org/mantis/view.php?id=259)
Undefined subroutine &main::locationlog_view_open_mac
(http://www.packetfence.org/mantis/view.php?id=260)
MAC security and registration
(http://www.packetfence.org/mantis/view.php?id=262)
pflogger STDERR
(http://www.packetfence.org/mantis/view.php?id=268)
can't locate object method via package mac
(http://www.packetfence.org/mantis/view.php?id=269)
custom_isClientAlive returns true if MAC-IP cannot be
found
(http://www.packetfence.org/mantis/view.php?id=271)
Hub violation
(http://www.packetfence.org/mantis/view.php?id=270)
pfdhcplistener garbage
(http://www.packetfence.org/mantis/view.php?id=266)
AuthAuthoritative and apache2.2
(http://www.packetfence.org/mantis/view.php?id=272)
userlog table definition
(http://www.packetfence.org/mantis/view.php?id=273)
pfcmd control and iptables
(http://www.packetfence.org/mantis/view.php?id=274)
locationlog table indexes
(http://www.packetfence.org/mantis/view.php?id=275)
pfcmd_vlan -getType
(http://www.packetfence.org/mantis/view.php?id=276)
Catalyst 2950 min OS version
(http://www.packetfence.org/mantis/view.php?id=277)
Catalyst 2950 and port security
(http://www.packetfence.org/mantis/view.php?id=278)
handling of (duplicated) port security traps
(http://www.packetfence.org/mantis/view.php?id=279)
IOS version comparison
(http://www.packetfence.org/mantis/view.php?id=281)
MAC/port security
(http://www.packetfence.org/mantis/view.php?id=280)
getAllIfOctets and MAC/port security
(http://www.packetfence.org/mantis/view.php?id=282)
release page and VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=283)
syntax error in nat.php
(http://www.packetfence.org/mantis/view.php?id=284)
rlm_perl_packetfence.pl uses wrong pfcmd
(http://www.packetfence.org/mantis/view.php?id=286)
release.html and <font face>
(http://www.packetfence.org/mantis/view.php?id=289)
pfcmd_ap.pl retuns wrong registration LAN
(http://www.packetfence.org/mantis/view.php?id=288)
optimize handleTrap order and comparison types
(http://www.packetfence.org/mantis/view.php?id=291)
monitorpfsetvlan.pl script
(http://www.packetfence.org/mantis/view.php?id=290)
added support for 3COM NJ220 switch
allow port security to work with VoIP phones
(http://www.packetfence.org/mantis/view.php?id=285)
templates/local.conf and apache version
(http://www.packetfence.org/mantis/view.php?id=298)
register.cgi: icmp ping requires root privilege
(http://www.packetfence.org/mantis/view.php?id=297)
arp.cleanshutdown issue
(http://www.packetfence.org/mantis/view.php?id=299)
SNMP warn messages are duplicated in log file
(http://www.packetfence.org/mantis/view.php?id=300)
Undefined subroutine &pf::SNMP::Nortel::getIfIndex
(http://www.packetfence.org/mantis/view.php?id=301)
Nortel switches and VoIP phones
(http://www.packetfence.org/mantis/view.php?id=302)
$pid != 1
(http://www.packetfence.org/mantis/view.php?id=303)
allow date-time range queries for MAC/IP history
(http://www.packetfence.org/mantis/view.php?id=304)
ip2mac uses invalid iplog_history_ip call
(http://www.packetfence.org/mantis/view.php?id=305)
mac2ip uses invalid iplog_history_ip call
(http://www.packetfence.org/mantis/view.php?id=306)
insertion of VLAN in registration data
(http://www.packetfence.org/mantis/view.php?id=308)
RewriteRule prevents a user from being directed to an
https site
(http://www.packetfence.org/mantis/view.php?id=309)
add notes field to node table
(http://www.packetfence.org/mantis/view.php?id=310)
add email alert when PC behind VoIP phone has been
isolated
(http://www.packetfence.org/mantis/view.php?id=311)
issues in hasPhoneAtIfIndex
(https://support.inverse.ca/mantis/view.php?id=2257)
pfsetvlan, local reassign trap and VoIP phones
(https://support.inverse.ca/mantis/view.php?id=2259)
test if VLAN is defined in setVlan
(https://support.inverse.ca/mantis/view.php?id=2248)
ui_options homepage list
(https://support.inverse.ca/mantis/view.php?id=2260)
1.7.0 RC1
several bugfixes / 1.6.2
integration of VLAN isolation
(http://www.packetfence.org/mantis/view.php?id=9)
ability to execute Snort on separate machine
(http://www.packetfence.org/mantis/view.php?id=100)
pfmon does not record DHCPRELEASE requests
(http://www.packetfence.org/mantis/view.php?id=103)
unregdate in node table
(http://www.packetfence.org/mantis/view.php?id=112)
allow DHCP listener to work on a SPAN interface
(http://www.packetfence.org/mantis/view.php?id=190)
separate dhcp listener from pfmon
(http://www.packetfence.org/mantis/view.php?id=193)
LDAP authentication for Web admin interface
(http://www.packetfence.org/mantis/view.php?id=208)
1.6.2
removed bogus sanity_checks from pfcmd
added spam violation
renamed iptables.preload to iptables.pre
added iptables.post
expire_mode=session is now a valid configuration
updated stinger URL
added passthrough for symantec scanner
added threadid to pflogger output
added interface to rogue DHCP messages
properly escaped references to trigger table for mysql5 users
changed "Schedule" tab to "Scan"
fixed issue with pretty print column headers in class tabs
fixed init script status function
replaced PopCalendarXP with a GPLed alternative
updated the GUI dashbaord so you can remove all elements
fixed dhcp fingerprint submission through the 'class' page
fixed searching within 'status/reports'
added optimization for ip2mac (086)
added snort to startup list in services.pm (121)
many changes to the pfmon threads & db_connection process to be able to reconnect on dead db handle and avoid timeout issues...
pfdetect handles sigpipe that db_connect dbh->ping() throws now
pfdetect calls db_connect with function list to support reconnect
pfdetect now uses perl signal handlers insead of POSIX
updated snort rule locations in violations.conf
included example oinkmaster.conf file in contrib
added passthroughs to local.rules for chat services that use non-standard IRC ports
changed default node expire from 180d to 90d
please add the following to /etc/my.cnf:
[mysqld]
# don't close session
wait_timeout = 86400
# default 28800
1.6.1
fixed admin->remediation page (0000087)
gateway no longer shows up in the Probable Static report
added additional DHCP fingerprints (thanks to Eric Kollmann)
fixed x-axis of monthly graphs
added additional sanity_check warning for large internal IP space
added backticks to "trigger" table to allow for proper import
set default action for IRC violation to "trap,email,log"
corrected redirect "looping" bug
registration of PIDs with spaces should now work
added "session" as an registration.expire_mode
added session_expire parameter
added sessionauth configuration template
added Snort 2.6 warning to installer.pl
fixed double count of statics in os/osclass report totals
moved cleanup thread in pfmon after listen_arp
added GUI bug reporting
fixed unknownprint submission
1.6.0 (Butterball)
register.cgi reg exp change on user agent
added DHCP fingerprints
register.cgi bug fix for freemac
lots of misc bug fixes
1.6.0 rc3 (Franklin)
schedule ui fixes
ui user login file check
ui admin tab updates
index.cgi bug fix (058)
named bug fix (056)
registration.window = registration.skip_window (057)
violation_view sql bug fix
addition of ticket_ref column in violation
bug fix to user_agent string during registration
valid_ip bug fix
index.php addition
1.6.0 rc2 (gizzard)
clean up to registeration.html template
bug fix to dhcp_listener
cleanup in conf/users (043)
register.cgi uses trigger fix (042)
IE bug fix (044)
added code to pfmon cleanup() to preform consistency check against DB (045)
cgi debugging code removal (049 & 050)
config.pm normalize time fix (048)
pfcmd cgi bug fix (051)
fixed /32 bug in trapping range
1.6.0 rc1 (dinde)
bug fix to pfcmd violation add (028)
clean up to violations.conf (024 & 030)
action.pm netbiosname change (029)
documentation links added to config files (031)
max_enables bug fix (026)
snort restart bug fix (023)
web.pm bug fix (033)
pfcmd help additions
edit.php bug fix (035)
results.php bug fix (036)
pfcmd schedule bug fix (038)
pfcmd schedule add bug fix (034)
1.6.0 beta4 (poult)
pfdetect db_connect move
many many many bug fixes to account for the new method of using chained use statments
1.6.0 beta3 (Tryptophan)
updated unknownprints report to resolve vendor from OUI
fixed bug in get_internal_ips() and strobe
trigger support for disabled violations
fixed NAT (router, NATed AP) TTL-based detection
cleaned up thread variables in pfmon
added support for ARP & DHCP listening on multiple interfaces
changes to arp_listen to support new @listen_devs
fixed bugs with timer to 3rdparty move
changed trigger code and table to support tid ranges (tid_start-tid_end)
reformatted dhcp_fingerprints.conf to allow for integration with triggers
support for banning operating systems (see violations.conf)
"pfcmd reload <fingerprints|violations>" allows reload of DB tables w/o restart
"pfcmd update <fingerprints|oui>" allows update of lookup tables from canonical source
added inactive and openviolations report types
lib/pf reshuffle: moved pfcmd-specific components into subdir, renamed dhcp_fingerprint.pm to os.pm
renamed report types to be more consistent - see pfcmd usage for new names
fixed vendor parsing in oui.txt
added graphs aggregated on day/month/year intervals - see pfcmd usage for graph types (typically only used by GUI)
added mrtg_wrapper.pl to contrib directory for plug-and-play MRTG integration
pfcmd freemac/register/deregister added to eliminate SUID bit from CGI scripts
fixed optional date field to IP history report
updated help for pfcmd to make things more readable
network numbers are now excluded from the trappable_ip preload hash
updated packetfence.init script
added additional help support to pfcmd
modules exports/etc are now done properly
updated sanity_check to validate toggle pf.conf values against documentation.conf
normalize time values and allow second,minute,hour,day,week (s,m,h,d,w) modifiers
dashboard is now customizable with "nuggets" of information and graphs
trigger module updated for schedule ui tab
added indexes to OS tables
1.6.0 beta2 (Gobble Gobble)
added Kazaa and Gnutella violations
added additional IRC trojan triggers
parse_web_conf reg exp bug fix
iptables NAT bugfix
iptables MASQ to SNAT
dnsservers addition to dhcpd.conf
dhcpd.conf default lease time changes
update_hashes bug fix new_node
added update_3rd_party_confs to update bleeding snort and oui files
DHCP ranges can now be of 192.168.0.100-200 form
fixed bogus reference to "authentication=" in documentation.conf and templates/pf.conf
configurator upgrade registration.authentication to registration.auth
NAT & external interface santity check
removal of httpd.conf release.cgi comment
new option registration.button text will display on registration page
trigger_scan bug fixes due to new 1.6.0 code changes
fixed new node add in update_hashes
added support for individual ips in preload_network_range
updated documentation.conf with new options
configurable DHCP lease times for reg/unreg/iso scopes
better reporting of typos in pf.conf
1.6.0 beta1 (Turkey Day)
scan table has been replaced with trigger table.
rewrote update_hashes to support DHCP mode
bug fixes to nodecache module
bug fix to util::inrange() function when /32 is used
option registration ip range (pf.conf registration.range) added
changes to preload.pm, util.pm, pfmon to support reg range.
bug fix to get_interface_macs() to support down interfaces
change to trappable_ip to use more efficient grep then foreach enumeration
network/broadcast addresses no longer considered trappable
fixed configurator.pl bug with dnsservers
added additional sanity checks into pfcmd
pflogger() bug fix to openlog (Peter Bates)
cleanup to node.pm to remove unused node_violator(),nodes_violators()
Cleanup up violations.conf - gave proper credit to the Bleeding Snort folks
created pf.defaults.conf, deleted redundant data from pf.conf
mac2ip bug fix to order results (Robert Kerr)
inrange_ip bug fix (Rober Kerr)
inrange_ip additions for /32, and individual IPs
violations.conf format has now changed.
configurator.pl admin port bug fix
snortrule & scanids have been replaced with trigger.
trigger=detect::2000032,scan::11808
where 2000032 is the snort id and 11808 is the nussus plugin number
New 1.6 features:
Registration Ranges
DHCP mode
Triggers
Config Defaults
Multiple Authentication Registration
please update your existing database with upgrade-1.6.0
mysql -p pf < db/upgrade-1.6.0.sql
1.5.1
configuration.php more_info path change
additional reports active os, unknown fingerprints
report.pm code cleanup
fixed the CHANGES (Robert Kerr)
rnamed node_unmark to unmark_node in register_node
unmark_node bug fix
added new DHCP prints
templates configurator default changes (Dominik Gehl)
1.5.0 release (Animal House)
small schema changes (Dominik Gehl):
alter table action add primary key(vid,action);
alter table violation add key status (status);
alter table dhcp_fingerprint add primary key dhcp_fingerprint(dhcp_fingerprint);
added dhcp fingerprints (Mike Cochrane)
1.5.1
configuration.php more_info path change
additional reports active os, unknown fingerprints
report.pm code cleanup
fixed the CHANGES (Robert Kerr)
rnamed node_unmark to unmark_node in register_node
unmark_node bug fix
added new DHCP prints
templates configurator default changes (Dominik Gehl)
1.5.0 release (Animal House)
small schema changes (Dominik Gehl):
alter table action add primary key(vid,action);
alter table violation add key status (status);
alter table dhcp_fingerprint add primary key dhcp_fingerprint(dhcp_fingerprint);
added dhcp fingerprints (Mike Cochrane)
bug fix to nodecache delete_node()
deleted debugging statement from trappable_ip
removed time filter option in reporting
removed old template options arp.probe_interval and arp.mode
change the default values for arp.timeout,arp.gw_timeout,arp.dhcp_timeout
updates and bug fixes to scan.pm
pfcmd schedule now IP will now output all scan results to /html/admin/schdule/depot/dump-IP-DATE
removed scan_results tab in ui and graphs tab in reports
renamed depot to results
configurator.pl changes to default monitor,net
getlocalmac() bug fix
header.php changes to accommodate spaces in key values
addition tab class->fingerprint added
node view dhcp_fingerprint is now linked to class->fingerprint
all UI calls to pfcmd are now done through env vars
listeners are now allowed through iptables INPUT
administrative GUI now separated from user content
fixed small bug with arp stuffing using old trapping.blackholemac
fixed small bug with arp isolation
violation array is now unique
fixed violation_add() to now force_close portscan if known sid is added
various updates to documentation.conf
index.cgi fix to initial class_db
remove unmark_node() from violation_force_close().
dhcp listener now uses chaddr instead of source mac for reporting
reg report was actually showing regactive
references to expiry are now expire in pf.conf
pfcmd now takes commands via ARGS query string param
pfmailer bug fix
exporter.php bug fix
index.cgi path fix
additions to violations.conf
scan key(sid,vid) is now scan primary key(sid,vid) (Dominik Gehl)
bug fix to hello() to arp non trappable IPs also
many update to documentation.conf (Dominik Gehl)
cleanup of scan.php (Dominik Gehl)
isolation bug fix on gratuitous arps
grace_period bug fix to template/index.cgi
cleanup to os.php and class.php (Dominik Gehl)
bug fix to installer.pl mysql user create
MAJOR cleanup to rearp() code
optimized rearp() to now handle chatty router(s) much better
customizable port (ports.admin)
common images/elements moved to /common - existing violations may need to be manually updated
be sure to update general.logo to /common/packetfence.gif
1.5 rc2 (big willie style)
fqdn hostname and hello from outbound mail (Robert Kerr)
scan to schedule name changes (Mike Cochrane)
scan.php updates (Mike Cochrane)
pfcmd person edit vid changes (Mike Cochrane)
passive-span is now monitor_int
added rxbot bleeding edge sig
changed NAT sigs to TTL 2-63,65-127,129-254
added sanity_check function to check for common problems
additional dhcp sigs added
person_modify/person_add bug fix
UI.conf person view/edit/delete update
arp_time updated on all host arps now
left join on dhcp_fingerprints for reports
changed "pfcmd pidlookup" to "pfcmd lookup person"
added "pfcmd lookup node" - lists useful info about node (os, browser, owner, oui vendor resolution, etc)
added x.x.x.x-y.y.y.y to trappable_ip (Robert Kerr)
deleted from $ENV variables in pfcmd
some login updates (Dominik Gehl)
minor changes to admin code to work under PHP5
new report - "pfcmd report os_class"
1.5 rc1 (big willie)
logging changes to violation_add
uncomment rawip in action.pm (Thanks to Mike Cochrane)
nessusd definition in services.pm (Thanks to Mike Cochrane)
./restart fix to to service.pm
small installer bug fixes
addition of ndp.cgi to cgi-bin. in 1.6 this will support remote violation additions.
pfcmd help now matches up with schema (Thanks to Robert Kerr)
move of nessus.pm to scan.pm
various bug fixes in configurator (Thanks to Dominik Gehl)
modified spec file to include configurator templates (Dominik Gehl)
added some missing help files (Dominik Gehl)
updated ldap.conf to 0.26 compatible syntax (Dominik Gehl)
added CentOS 4.1 support (Dominik Gehl)
fixes to configuration.php to correct bad options behavior (Dominik Gehl)
changes to violations.conf, all violations now set to enabled action=email,log
added defaults to violation_add to set start_time=now, status=open when not defined
Added unique row to violations for better edit/delete control.
DB Schema change, beta users please do the following:
echo 'alter table violation add id int NOT NULL AUTO_INCREMENT Primary Key first;
drop table nessusid;
drop table nessus;
CREATE TABLE scan (
sid int(11) NOT NULL,
vid int(11) default NULL,
Key (sid,vid),
CONSTRAINT `0_62` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE
) TYPE=InnoDB;' | mysql -p pf
nessus.x is now called scan.x for later support of general scanning devices
scanning on registration has been tested in 1.5 tree.
total rewrite of interface code - it now actually makes sense
*lots* of PHP tweaks (Dominik Gehl), running on E_ALL is no longer so noisy
added some more DHCP fingerprints (Robert Kerr)
changed scan to schedule in the UI and pfcmd
node auto registration (think TiVo or Xbox) is now working
fixed registration "skip" bug
fixed violation add small bug from pfcmd
1.5 beta 3 (willie)
added index on iplog for (mac,ip,end_time)
added expire functionality for iplog and node iplog_timeframe=60 node_timefram=60 (days)
pfmon cleanup() changes to run intensive functions every 10*arp_timeout
node.pm cleanup
violation_modify rewrite
pfcmd ui/class/nessus changes
moved iplog-last_seen to node-last_arp for beta 2 users please do the following:
alter table node add last_arp datetime NOT NULL default "0000-00-00 00:00:00" after computername;
alter table iplog drop last_seen;
for 1.4.4 users just run the ./installer which will upgrade your schema
changed table nessusid to nessus
added nessus.pm module
redir cgi bug fixes
httpd.conf redir bug fix
configurator.pl now has support for template configs
unreg and isolated interfaces were removed. they will be renamed in 1.6
1.5 beta 2 (small willie)
violation.pm bug fixes
support for snort spp_portscan2
changed default violation actions to email/log
UI violation bug fixes
UI report bug fixes
action_add() bug fix on non trap actions
ip2mac bug fixes and cleanup
class_modify bug fixes
cgi interface to pfcmd, httpd.conf changes also
bug fix on httpd.conf mod_write rules
pflogger now can figure out calling function
fixed content index.cgi permissions issue
1.5 beta1 (tiny willie)
Rewrite of the PacketFence modules
bug fixes and code clean up to content pass through and proxing
CLI cleanup and bugfixes
installer is more flexible with OS types
Additional Features:
additional OS support (RHEL 3/4, FC3/4, basic Gentoo & SuSe)
basic NAT device detection
dhcp fingerprints
dhcp netbios computername information
os reporting
Detection via Darknet or reserved netblocks
CLI reporting additions
dhcp option 82
static ip/arp detection (beta)
basic arp poisoning detection
conf files are cleaner do to a move from Config::Simple to Config:InI
much cleaner code :)
1.4.4
Clean up of the pf modules directory
UI nessus addition
The packetfence.spec file has been tweaked alot make sure uninstall is clean.
documentation.conf is now included
regex bug in violations.conf fixed
new logic to install correct snort (fixes old FC3 library error)
upgraded mysql to 4.1 (fixes another FC3 bug)
changed installer/spec file package deps and installer doc.
misc installer cleanup.
added nessus modules and dependencies to installer
Apache/PHP was bombing on FC3 - changed PHP handler and enabled
pf/session dir for session handling.
fixed bug where apache auth config was appended even if registration
was disabled.
changed default value of named to "disabled".
changed stuffing to disabled.
deleted default expiry_window and window values.
added msdownload SSL proxy crap.
changed iptables log messages to clarify passthrough.
fixed problem where *all* violations were adding iptables rules,
not just those with trap actions.
pf.conf defaults to using a non-root account (user will need to edit
account/password - I didn't bother doing that) and installer creates
one. installer creates admin GUI account (ships with no admin.conf)
Download Latest Version
PacketFence-ISO-v12.2.0.iso (466.4 MB)
