2,8 → 2,8 |
|
************ CHANGELOG *********** |
---- svn ---- |
---- 2.5 ---- |
Bug |
---------------------- 2.5 -------------------- |
Bugs |
- watchdog (and script alcasar-logout.sh) doesn't logout the macallowed addresses |
- reading of alcasar.conf file parameters more securely |
- don't download RPMs twice |
17,53 → 17,65 |
- import users via text file with or without password |
Improve security |
- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side |
- ANSSI code review (sql escape string) |
- ANSSI code review (sql escape string in PHP) |
- remove the apache unused modules |
- the blacklist is no more update automaticly |
Improve installation |
- control eth0 config on startup (no dhcp) |
- don't dowload the last BL version |
- remove unused RPM before update the system |
Improve Alcasar Control Center (ACC) |
- |
---- 2.4 ---- |
- Bug : some minor bugs (log rotate, intercept page, squid, ...) |
- Bug : ACC - correction of the Internet connectivity test flag |
- Bug : ACC - correction of the network filtering flag |
- Bug : core : ip filtering exception changes doesn't active protocols exception filter |
- Bug : core : remove dual log archive |
- Bug : correction of "bypass" mode |
- Bug : correction of squid cache |
- Core : The blacklist is automaticly updated once a month |
- Core : The distribution is automaticly updated every day |
News |
- allow/deny access to the LAN located between ALCASAR and the Internet gateway (box) |
|
---- 2.3 ---- |
- Bug : group properties are now written on the voucher |
- Bug : hold the state of network filter when update |
- ACC : group member is added in user list |
- Core : simplify official certificate import process |
- Core : update with the last version of Coova (1.2.8) |
- Core : End of implementation of ANSSI rules for netfilter |
- Core : allow exception of IP addresses (or network addresses) in the authentication process |
---------------------- 2.4 -------------------- |
Bugs |
- some minor bugs (log rotate, intercept page, squid, ...) |
- ACC : correction of the Internet connectivity test flag |
- correction of the network filtering flag |
- ip filtering exception changes doesn't active protocols exception filter |
- remove dual log archive |
- correction in "bypass" mode |
- correction with squid cache |
- The blacklist is automaticly updated once a month |
- The distribution is automaticly updated every day |
|
---- 2.2 ---- |
- blacklist category "ip" is added for url that contains only an ip address (no FQDN) |
- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply" |
- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf) |
- allow LDAP/AD connections both on WAN and LAN servers |
- Add a LDAP connectivity test |
- possibility to redirect users on a specific URL after login process |
- A bug with "sudo" is bypassed |
- close all accounting session when the system goes down or up |
- if activate, sshd listen both on LAN and on WAN |
- add a central conf file (/usr/local/etc/alcasar.conf) |
- add the equipment name in the activity window when MAC authenticate |
- improve the script which display and close users open sessions |
- allow change of alcasar IP private address during install stage |
- improve the script which managed the trusted sites and urls |
- no more question, when upgrating |
- some minor bugs |
---------------------- 2.3 -------------------- |
Bugs |
- group properties are now written on the voucher |
- hold the state of network filter when update |
Improve core |
- simplify official certificate import process |
- update with the last version of Coova (1.2.8) |
Improve security |
- end of implementation of ANSSI rules for netfilter |
News |
- allow exception of IP addresses (or network addresses) in the authentication process |
- ACC : group member is added in user list |
|
---- 2.1 ---- |
---------------------- 2.2 -------------------- |
Bugs |
- A bug with "sudo" is bypassed |
- improve the script which display and close users open sessions |
- some minor bugs |
Improve core |
- add a central conf file (/usr/local/etc/alcasar.conf) |
- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply" |
- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf) |
- improve the script which managed the trusted sites and urls |
Improve security |
- close all accounting session when the system goes down or up |
Improve install process |
- allow change of alcasar IP private address during install stage |
- no more question, when upgrating |
News |
- blacklist category "ip" is added for url that contains only an ip address (no FQDN) |
- allow LDAP/AD connections both on WAN and LAN |
- Add a LDAP connectivity test |
- possibility to redirect users on a specific URL after login process |
- if activate, sshd listen both on LAN and on WAN |
- ACC : add the equipment name in the activity window when MAC authenticate |
|
---------------------- 2.2 -------------------- |
- mise en conformité du parefeu avec les préco ANSSI (politiques à DROP + sysctrl) |
- amélioration de la fonction bastion en limitant la charge sur l'interface externe (thanks to CPN) |
- amélioration de la gestion des RPM 'wget' au lieu de 'curl' et changement de repository en 'live' |