| 2,8 → 2,8 |
|---|
| |
| ************ CHANGELOG *********** |
| ---- svn ---- |
| ---- 2.5 ---- |
| Bug |
| ---------------------- 2.5 -------------------- |
| Bugs |
| - watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses |
| - reading of alcasar.conf file parameters more securely |
| - don't download RPMs twice |
| 17,53 → 17,65 |
|---|
| - import users via text file with or without password |
| Improve security |
| - The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side |
| - ANSSI code review (sql escape string) |
| - ANSSI code review (sql escape string in PHP) |
| - remove the apache unused modules |
| - the blacklist is no more update automaticly |
| Improve installation |
| - control eth0 config on startup (no dhcp) |
| - don't dowload the last BL version |
| - remove unused RPM before update the system |
| Improve Alcasar Control Center (ACC) |
| - |
| ---- 2.4 ---- |
| - Bug : some minor bugs (log rotate, intercept page, squid, ...) |
| - Bug : ACC - correction of the Internet connectivity test flag |
| - Bug : ACC - correction of the network filtering flag |
| - Bug : core : ip filtering exception changes doesn't active protocols exception filter |
| - Bug : core : remove dual log archive |
| - Bug : correction of "bypass" mode |
| - Bug : correction of squid cache |
| - Core : The blacklist is automaticly updated once a month |
| - Core : The distribution is automaticly updated every day |
| News |
| - allow/deny access to the LAN located between ALCASAR and the Internet gateway (box) |
| |
| ---- 2.3 ---- |
| - Bug : group properties are now written on the voucher |
| - Bug : hold the state of network filter when update |
| - ACC : group member is added in user list |
| - Core : simplify official certificate import process |
| - Core : update with the last version of Coova (1.2.8) |
| - Core : End of implementation of ANSSI rules for netfilter |
| - Core : allow exception of IP addresses (or network addresses) in the authentication process |
| ---------------------- 2.4 -------------------- |
| Bugs |
| - some minor bugs (log rotate, intercept page, squid, ...) |
| - ACC : correction of the Internet connectivity test flag |
| - correction of the network filtering flag |
| - ip filtering exception changes doesn't active protocols exception filter |
| - remove dual log archive |
| - correction in "bypass" mode |
| - correction with squid cache |
| - The blacklist is automaticly updated once a month |
| - The distribution is automaticly updated every day |
| |
| ---- 2.2 ---- |
| - blacklist category "ip" is added for url that contains only an ip address (no FQDN) |
| - IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply" |
| - 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf) |
| - allow LDAP/AD connections both on WAN and LAN servers |
| - Add a LDAP connectivity test |
| - possibility to redirect users on a specific URL after login process |
| - A bug with "sudo" is bypassed |
| - close all accounting session when the system goes down or up |
| - if activate, sshd listen both on LAN and on WAN |
| - add a central conf file (/usr/local/etc/alcasar.conf) |
| - add the equipment name in the activity window when MAC authenticate |
| - improve the script which display and close users open sessions |
| - allow change of alcasar IP private address during install stage |
| - improve the script which managed the trusted sites and urls |
| - no more question, when upgrating |
| - some minor bugs |
| ---------------------- 2.3 -------------------- |
| Bugs |
| - group properties are now written on the voucher |
| - hold the state of network filter when update |
| Improve core |
| - simplify official certificate import process |
| - update with the last version of Coova (1.2.8) |
| Improve security |
| - end of implementation of ANSSI rules for netfilter |
| News |
| - allow exception of IP addresses (or network addresses) in the authentication process |
| - ACC : group member is added in user list |
| |
| ---- 2.1 ---- |
| ---------------------- 2.2 -------------------- |
| Bugs |
| - A bug with "sudo" is bypassed |
| - improve the script which display and close users open sessions |
| - some minor bugs |
| Improve core |
| - add a central conf file (/usr/local/etc/alcasar.conf) |
| - IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply" |
| - 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf) |
| - improve the script which managed the trusted sites and urls |
| Improve security |
| - close all accounting session when the system goes down or up |
| Improve install process |
| - allow change of alcasar IP private address during install stage |
| - no more question, when upgrating |
| News |
| - blacklist category "ip" is added for url that contains only an ip address (no FQDN) |
| - allow LDAP/AD connections both on WAN and LAN |
| - Add a LDAP connectivity test |
| - possibility to redirect users on a specific URL after login process |
| - if activate, sshd listen both on LAN and on WAN |
| - ACC : add the equipment name in the activity window when MAC authenticate |
| |
| ---------------------- 2.2 -------------------- |
| - mise en conformité du parefeu avec les préco ANSSI (politiques à DROP + sysctrl) |
| - amélioration de la fonction bastion en limitant la charge sur l'interface externe (thanks to CPN) |
| - amélioration de la gestion des RPM 'wget' au lieu de 'curl' et changement de repository en 'live' |