WebSVN – ALCASAR – Diff – /CHANGELOG

-# $Id: CHANGELOG 790 2012-01-12 23:23:59Z richard $
+# $Id: CHANGELOG 791 2012-01-13 21:31:36Z richard $
 ************  CHANGELOG ***********
 ---- svn ----
----- 2.5 ----
+----------------------   2.5   --------------------
-Bug
+Bugs
 	- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses
 	- reading of alcasar.conf file parameters more securely
 	- don't download RPMs twice
 	- allow connexion to an LDAP server on WAN side
 	- control that watchdog can't execute if already running
 	- update phpsysinfo page ("Internet access flag" nom show the right status)
 	- Authenticate user on Mysql when LDAP server is down
 	- import users via text file with or without password
 Improve security
 	- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
-	- ANSSI code review (sql escape string)
+	- ANSSI code review (sql escape string in PHP)
 	- remove the apache unused modules
+	- the blacklist is no more update automaticly
 Improve installation
 	- control eth0 config on startup (no dhcp)
 	- don't dowload the last BL version
 	- remove unused RPM before update the system
-Improve Alcasar Control Center (ACC)
-	-
+News
----- 2.4 ----
-- Bug : some minor bugs (log rotate, intercept page, squid, ...)
-- Bug : ACC - correction of the Internet connectivity test flag
-- Bug : ACC - correction of the network filtering flag
-- Bug : core : ip filtering exception changes doesn't active protocols exception filter
+	- allow/deny access to the LAN located between ALCASAR and the Internet gateway (box)
-- Bug : core : remove dual log archive
-- Bug : correction of "bypass" mode
-- Bug : correction of squid cache
-- Core : The blacklist is automaticly updated once a month
-- Core : The distribution is automaticly updated every day
----- 2.3 ----
+----------------------   2.4   --------------------
+Bugs
+	- some minor bugs (log rotate, intercept page, squid, ...)
-- Bug : group properties are now written on the voucher
+	- ACC : correction of the Internet connectivity test flag
-- Bug : hold the state of network filter when update
+	- correction of the network filtering flag
+	- ip filtering exception changes doesn't active protocols exception filter
-- ACC : group member is added in user list
+	- remove dual log archive
-- Core : simplify official certificate import process
+	- correction in "bypass" mode
-- Core : update with the last version of Coova (1.2.8)
+	- correction with squid cache
-- Core : End of implementation of ANSSI rules for netfilter
+	- The blacklist is automaticly updated once a month
-- Core : allow exception of IP addresses (or network addresses) in the authentication process
+	- The distribution is automaticly updated every day
+----------------------   2.3   --------------------
+Bugs
+	- group properties are now written on the voucher
+	- hold the state of network filter when update
----- 2.2 ----
+Improve core
-- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
+	- simplify official certificate import process
-- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
+	- update with the last version of Coova (1.2.8)
+Improve security
-- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
+	- end of implementation of ANSSI rules for netfilter
+News
-- allow LDAP/AD connections both on WAN and LAN servers
+	- allow exception of IP addresses (or network addresses) in the authentication process
-- Add a LDAP connectivity test
+	- ACC : group member is added in user list
-- possibility to redirect users on a specific URL after login process
+----------------------   2.2   --------------------
+Bugs
-- A bug with "sudo" is bypassed
+	- A bug with "sudo" is bypassed
-- close all accounting session when the system goes down or up
+	- improve the script which display and close users open sessions
-- if activate, sshd listen both on LAN and on WAN
+	- some minor bugs
+Improve core
-- add a central conf file (/usr/local/etc/alcasar.conf)
+	- add a central conf file (/usr/local/etc/alcasar.conf)
-- add the equipment name in the activity window when MAC authenticate
+	- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
+	- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
-- improve the script which display and close users open sessions
+	- improve the script which managed the trusted sites and urls
+Improve security
+	- close all accounting session when the system goes down or up
+Improve install process
-- allow change of alcasar IP private address during install stage
+	- allow change of alcasar IP private address during install stage
-- improve the script which managed the trusted sites and urls
-- no more question, when upgrating
+	- no more question, when upgrating
+News
+	- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
+	- allow LDAP/AD connections both on WAN and LAN
-- some minor bugs
+	- Add a LDAP connectivity test
+	- possibility to redirect users on a specific URL after login process
+	- if activate, sshd listen both on LAN and on WAN
+	- ACC : add the equipment name in the activity window when MAC authenticate
----- 2.1  ----
+----------------------   2.2   --------------------
 - mise en conformité du parefeu avec les préco ANSSI (politiques à DROP + sysctrl)
 - amélioration de la fonction bastion en limitant la charge sur l'interface externe (thanks to CPN)
 - amélioration de la gestion des RPM 'wget' au lieu de 'curl' et changement de repository en 'live'
 - exception au filtrage réseau et DNS (double instance de dnsmasq)
 - ajout d'un commentaire pour les exceptions à l'authentification

Subversion Repositories ALCASAR

(root)/CHANGELOG @ 2881 – Rev 790 → 791