-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
185 lines (128 loc) · 6.31 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# PENDING release
### 2017-07-06
* IntelMQ
** Cherry-Picked ea48fa113bcf596a3a8912d48417e7f7fecf4d7d in order to fix /~https://github.com/certtools/intelmq/issues/1022
### 2017-06-29
* IntelMQ
** Cherry-Picked e30b9ca3b91083e0515624226359b488f11f5719 in order to fix certtools/intelmq#967
This Hot-Fixes the NUL-Byte Problem in Shadowserver-Feeds
** Cherry-Picked 48e01041353dfc570d970bb9c3a071a0b9239d05 in order to add a parser configuration
for shadowservers accessible smb feed
/~https://github.com/certtools/intelmq/issues/1027
### New
* certbund-contact, contactdb: Webinterface
Fody offers an interface to query, create and edit ContactDB entries.
Since mailgen:42fb0592e382fc2ef2329b18641e40340fd2ca3c (20170301)
since fody:c587c136e5b0b42063e937fe9a8e47279a4c84a5 (20170301)
* IntelMQ:
22.03.17: with /~https://github.com/certtools/intelmq/pull/885 the
column `malware.hash` was dropped. The column `malware.hash.sha256`
was added. Upstream does not seem to provide the migration-instructions.
In short: `drop column "malware.hash"` `add column "malware.hash.sha256"`
* New Requirement: Cron
* New Run-Modes for bots: `stream` and `scheduled` (`stream` is default)
* Test for Disk-Space in Redis: /~https://github.com/certtools/intelmq/pull/860/files
* Argument-Parsing Changed: /~https://github.com/certtools/intelmq/pull/873/files
This Requires an Upgrade of the manager to a version including
/~https://github.com/certtools/intelmq-manager/commit/88f276bfc1f7efbf9050e41bb873f415130a6f3c
(Most recent manager will do fine)
### Improved
* minor, better Performance:
Since mailgen:90fbd467770d65d9cb903500ff63f2cdb64a32d5 (20170217)
changes to the event and contact data will take an faster effect.
Technical: Because some database transactions are ended earlier than before,
when using the api that Fody also uses.
### Upgrade
* certbund-contact, api, fody, technical:
The contactdb_api module must be installed to it can be imported
by checkticket.py. checkticket.py must also serve `index.html` when asked
for fody subpages. The webserver must use single-thread processes
to serve the api, to avoid write conflicts. A postgresql user must be
created that has write access to the "manual" tables.
Since mailgen:42fb0592e382fc2ef2329b18641e40340fd2ca3c (20170301)
since fody:c587c136e5b0b42063e937fe9a8e47279a4c84a5 (20170301)
* certbund-contact, contactdb, technical:
since intelmq:642a4836758c3f97cb21fc46d900bf900d636ff5 (20170216):
the contactdb schema needs a small update, see
[db-updates-sql.md](intelmq/bots/experts/certbund_contact/db-updates-sql.md)
* intelmq-mailgen:
Template names changed.
* intelmq:
The events db needs an upgrade:
UPDATE events
SET "classification.taxonomy" = lower("classification.taxonomy")
WHERE "classification.taxonomy" IS NOT NULL;
========================================================================
RELEASE 01 2017-01-31
========================================================================
intelmq 1.0.0~dev6+intevation.1.2
---------------------------------
BUG FIXES
* Bots:
- Parser - ShadowServer
For the Open-LDAP feed `dns_host_name' is now mapped to
`source.local_hostname' instead of `destination.local_hostname'.
NEW FEATURES
* Bots:
- Collector - Generic Mail URL Fetcher
Collector - Generic URL Fetcher
Bots do no longer hang, if the download connection does not terminate.
- Parser - ShadowServer
Improved Logging: non DHO fields are only reported on log level
"DEBUG" (no longer on "INFO") and warnings are generated if the
shadow server format changes.
- Expert - Modify
Evaluation order of the Rules is now deterministic
UPGRADE
* from 1.0.0~dev4+intevation.1.2~beta4testbuild20160930133128
(upgrade from older Versions is untested)
For generic upgrade instructions see below.
Dependencies:
If you are using intelmq-mailgen, note that you will need at least
version 0.95~beta3 or later.
Configuration:
The startup.conf was deprecated in this release, it is substituted
by integrating the information into runtime.conf. To migrate to the
unified runtime.conf:
# Run intelmqctl once, this will automatically generate a file
# runtime.conf.new:
su - intelmq -c 'intelmqctl status'
# Move the old configuration out of the way and use the new file:
mv /opt/intelmq/etc/runtime.conf /opt/intelmq/etc/runtime.conf.OLD_WITH_STARTUP_CONF
mv /opt/intelmq/etc/startup.conf /opt/intelmq/etc/startup.conf.OLD
mv /opt/intelmq/etc/runtime.conf.new /opt/intelmq/etc/runtime.conf
The system.conf is deprecated. The information is now stored in
defaults.conf. Merge your settings from
`/opt/intelmq/etc/system.conf' into `/opt/intelmq/etc/defaults.conf',
then delete `/opt/intelmq/etc/system.conf'.
Bot Specific:
- Collector - Generic Mail URL Fetcher
Collector - Generic URL Fetcher
The configuration parameter `http_ssl_proxy' was renamed to
`https_proxy', you can update your existing configuration bu a
simple search and replace:
sed -i 's/http_ssl_proxy/https_proxy/' /opt/intelmq/etc/runtime.conf
- Parser - ShadowServer
`override' is deprecated, it is now called `overwrite':
sed -i 's/override/overwrite/' /opt/intelmq/etc/runtime.conf
If you are using the OpenLDAP feed in combination with a db output
you might want to fix your existing data to reflect the new
mapping of `dns_host_name' (see BUG FIXES above). To do so, you
can use the following SQL statement on you events-database:
UPDATE events
SET "source.local_hostname"="destination.local_hostname",
"destination.local_hostname"=DEFAULT
WHERE "feed.name"='Open-LDAP' AND "source.local_hostname" IS NULL;
- Expert - Modify
The semantics of the configuration have slightly changed, see:
/~https://github.com/certtools/intelmq/pull/745
the configuration is supposed to be backwards compatible, never
the less you should verify, that the results are still like
expected.
- Outputs - PostgreSQL
A new field was added to the events description. To reflect this
in an existing database, add the field as db admin on the database
server:
su - postgres
psql intelmq-events -c 'ALTER TABLE events ADD "feed.provider" text;'
exit