forked from ARGOeu-Metrics/secmon-probes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
427 lines (299 loc) · 17.3 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
* Tue Apr 02 2024 Jakub Havrila <[email protected]> - 2.1.22-0
- Added a check for CVE-2019-12528.
* Wed Feb 14 2024 Jakub Havrila <[email protected]> - 2.1.21-0
- Added fix for permissions probe for functions in env.
* Tue Dec 05 2023 Jakub Havrila <[email protected]> - 2.1.20-0
- Added mitigation checks for CVE-2022-40674 and CVE-2023-32233
* Mon Nov 20 2023 Jakub Havrila <[email protected]> - 2.1.19-0
- Pakiti: Use new pakiti-client version from cvmfs or use default client.
* Wed Jan 04 2023 Kyriakos Gkinis <[email protected]> - 2.1.18-0
- check_pakiti_vuln: search for short hostnames in info from pakiti server.
* Wed Dec 21 2022 Kyriakos Gkinis <[email protected]> - 2.1.17-0
- Added node architecture and OS to the output of check_pakiti_vuln probe.
* Thu Dec 01 2022 Jakub Havrila <[email protected]> - 2.1.16-0
- Added mitigation check for CVE-2022-2588.
* Tue Jul 19 2022 Baptiste Grenier <[email protected]> - 2.1.15-0
- Fixed typos in Permissions probe.
* Wed May 4 2022 Daniel Kouril <[email protected]> - 2.1.14-0
- Fixed small code irregularities in Permissions probe.
* Wed Apr 27 2022 Jakub Havrila <[email protected]> - 2.1.13-0
- Added a check for CVE-2022-25236.
* Mon Apr 25 2022 Jakub Havrila <[email protected]> - 2.1.12-0
- Added a check for CVE-2022-25235.
* Fri Feb 11 2022 Jakub Havrila <[email protected]> - 2.1.11-0
- check_pakiti_vuln: Changed reader of pakiti API because of new format.
* Thu Feb 03 2022 Daniel Kouril <[email protected]> - 2.1.10-0
- Added mitigation check for CVE-2021-4034
* Tue Oct 26 2021 Daniel Kouril <[email protected]> - 2.1.9-0
- Make the Torque probe really exit when qmgr isn't found.
* Mon Oct 25 2021 Daniel Kouril <[email protected]> - 2.1.8-0
- Updated pakiti server hostname.
* Mon Sep 13 2021 Jakub Havrila <[email protected]> - 2.1.7-0
- Removed old and not working pakiti servers.
* Mon Aug 16 2021 Jakub Havrila <[email protected]> - 2.1.6-0
- Replaced pakiti server pakiti.metacentrum.cz with pakiti.egi.eu.
* Fri Jul 16 2021 Jakub Havrila <[email protected]> - 2.1.5-0
- Added new instance of pakiti server pakiti.metacentrum.cz
* Mon Apr 26 2021 Kyriakos Gkinis <[email protected]> - 2.1.4-0
- Added python-suds requirement in SPEC file.
- Argus-ban ssl context fix.
- Setup a basic $PATH environment variable for ARC tests.
* Tue Mar 9 2021 Daniel Kouril <[email protected]> and Kyriakos Gkinis <[email protected]> - 2.1.3-0
- check_CVE-2015-3245: Mitigation checks are skipped when the vulnerability isn't present.
- HTCondor-CE etf_run.sh script:
* Set $SITE_NAME environment variable.
* Escape backslashes in the output of WN probes.
* Tue Mar 9 2021 Kyriakos Gkinis <[email protected]> - 2.1.2-0
- Setup a basic $PATH environment variable before executing probes on CREAM and HTCondor-CE.
* Mon Mar 8 2021 Daniel Kouril <[email protected]> - 2.1.1-0
- check_CVE-2018-12021: Check singularity is available before it's checked.
- CRL: Don't check CRLs if there's no certificate on the system.
- check_CVE-2013-2094,check_CVE-2016-5195,check_CVE-2018-1111,check_CVE-2018-12021,check_CVE-2018-14634,check_CVE-2021-3156,check_EGI-SVG-2016-5195,check_EGI-SVG-2018-14213: Mitigation checks are skipped when the vulnerability isn't present.
* Mon Mar 8 2021 Kyriakos Gkinis <[email protected]> - 2.1.0-0
- Added support for HTCondor-CE, using the jess grid job submission library.
* Sat Mar 6 2021 Daniel Kouril <[email protected]> - 2.0.0-13
- pakiti-client: Simplify the processing of Pakiti output.
* Tue Mar 2 2021 Daniel Kouril <[email protected]> - 2.0.0-12
- check_CVE-2018-1111: Check properly Pakiti results.
* Wed Feb 24 2021 Daniel Kouril <[email protected]> - 2.0.0-11
- check_CVE-2018-1111: Fix the test of exit status.
* Mon Feb 22 2021 Daniel Kouril <[email protected]> - 2.0.0-10
- pakiti-client: Fix Pakiti reporting using openssl and review processing results from Pakiti
- check_CVE-2018-1111: Check Pakiti results before checking for mitigations
* Sun Feb 14 2021 Daniel Kouril <[email protected]> - 2.0.0-9
- check_CVE-2021-3156: Check if mitigation for CVE-2021-3156 has been applied
* Thu Oct 24 2019 Daniel Kouril <[email protected]> - 2.0.0-8
- check_pakiti_vuln: Only ask for recent machines from Pakiti [ggus #143718]
* Wed Oct 09 2019 Kyriakos Gkinis <[email protected]> - 2.0.0-7
- check_pakiti_vuln: fix typos
- CREAM: Retrieve also std.out and std.err for debugging purposes
* Fri Sep 27 2019 Daniel Kouril <[email protected]> - 2.0.0-6
- check_pakiti_vuln: update query URL to Pakiti3 server
* Mon Sep 23 2019 Daniel Kouril <[email protected]> - 2.0.0-5
- Update Pakiti servers
* Wed Mar 6 2019 Kyriakos Gkinis <[email protected]> - 2.0.0-4
- Fix bug in Permissions test
- Include CRL and dcache-perms in ARC tests
* Tue Feb 19 2019 Kyriakos Gkinis <[email protected]> - 2.0.0-3
- Add requirement for perl-Text-CSV in SPEC file.
- Create /var/spool/cream.
* Tue Feb 5 2019 Kyriakos Gkinis <[email protected]> - 2.0.0-2
- Fix CREAM probes packaging bug in SPEC file.
- Use Net::SSL in check_pakiti_vuln, otherwise authentication with Pakiti server fails.
* Tue Nov 27 2018 Kyriakos Gkinis <[email protected]> - 2.0.0-1
- New version, for use with ARGO and Centos 6 or 7.
The security probes remain the same, but the submission to the sites
is done using:
* NorduGrid ARC Nagios Plugins
* Modified CREAM-CE direct job submission metrics
* Mon Oct 29 2018 Daniel Kouril <[email protected]> - 1.0.11-51
- Use the right operator in check_CVE-2018-14634
* Mon Oct 22 2018 Daniel Kouril <[email protected]> - 1.0.11-50
- check_CVE-2018-14634: add a mitigation check for CVE-2018-14634
* Mon Aug 06 2018 Daniel Kouril <[email protected]> - 1.0.11-49
- check_CVE-2018-12021: add a mitigation test for CVE-2018-12021
* Tue Jun 12 2018 Daniel Kouril <[email protected]> - 1.0.11-48
- check_CVE-2018-1111 : add a mitigation check for CVE-2018-1111
* Thu May 3 2018 Daniel Kouril <[email protected]> - 1.0.11-47
- check_EGI-SVG-2018-14213 : disabling overlay doesn't actually prevent
from the vulnerability
* Wed May 2 2018 Daniel Kouril <[email protected]> - 1.0.11-46
- check_EGI-SVG-2018-14213 : check all suid commands used by Singularity
* Fri Apr 6 2018 Daniel Kouril <[email protected]> - 1.0.11-45
- Add a check of mitigations for EGI-SVG-2018-14213
* Mon Feb 5 2018 Vincent Brillault - 1.0.11-44
- Argus-ban: don't fail for authorization when listing PAPs
* Tue May 30 2017 Daniel Kouril <[email protected]> - 1.0.11-43
- Added configuration for a new Pakiti server
* Mon Dec 05 2016 Kyriakos Gkinis <[email protected]> - 1.0.11-42
- Added ARGUS probe
* Tue Nov 22 2016 Kyriakos Gkinis <[email protected]> - 1.0.11-41
- CVE-2016-5195, EGI-SVG-2016-5195: Added detection of a generic stap module
* Mon Oct 24 2016 Kyriakos Gkinis <[email protected]> - 1.0.11-40
- Removed probe eu.egi.sec.WN-check_EGI-SVG-2013-5890-ops from ARC and CREAM tests
- Added probes for CVE-2016-5195, EGI-SVG-2016-5195
* Tue Jul 05 2016 Pavlos Daoglou <[email protected]> - 1.0.11-39
- ARC wrapper: Remove dependencies to org.ndgf
* Fri Jun 10 2016 Pavlos Daoglou <[email protected]> - 1.0.11-38
- ARC wrapper: handle finished state as terminal
- ARC wrapper: added job ids in output messages
- ARC wrapper: added job log in output messages
* Fri Jun 10 2016 Pavlos Daoglou <[email protected]> - 1.0.11-37
- ARC wrapper: More changes to output handling in ARC script
- ARC wrapper: Reduce time limit for jobs in Q state
* Wed Jun 08 2016 Pavlos Daoglou <[email protected]> - 1.0.11-36
- More changes to output handling in ARC script
* Wed Jun 08 2016 Pavlos Daoglou <[email protected]> - 1.0.11-35
- Some more fixes in ARC submit script
* Wed Jun 08 2016 Pavlos Daoglou <[email protected]> - 1.0.11-34
- Remove redundant line
* Wed Jun 08 2016 Pavlos Daoglou <[email protected]> - 1.0.11-33
- Improve output messages in case of ARC submission errors
* Wed Jun 01 2016 Pavlos Daoglou <[email protected]> - 1.0.11-32
- Modified ARC-CE submission script to exit in case of job failure
* Wed Jun 01 2016 Pavlos Daoglou <[email protected]> - 1.0.11-31
- Removed unused commands from ARC-CE submission script
* Thu Mar 10 2016 Pavlos Daoglou <[email protected]> - 1.0.11-30
- Update ARC-CE submission script to use the new arc client commands
* Mon Nov 02 2015 Pavlos Daoglou <[email protected]> - 1.0.11-29
- Add "hostname" of the node on the output of check_pakiti_vuln probe
* Tue Oct 27 2015 Pavlos Daoglou <[email protected]> - 1.0.11-28
- Fixes false positives with Pakiti for ARC CEs [ggus #115901]
* Tue Sep 22 2015 Pavlos Daoglou <[email protected]> - 1.0.11-27
- Fixes false positives with Pakiti [ggus #115901]
* Tue Aug 04 2015 Pavlos Daoglou <[email protected]> - 1.0.11-26
- Added check for CVE-2015-3245
* Mon May 18 2015 Pavlos Daoglou <[email protected]> - 1.0.11-25
- Fixed bug in Pakiti-check vulnerabilities probe
* Mon Oct 06 2014 Pavlos Daoglou <[email protected]> - 1.0.11-24
- Updated pakiti servers in pakiti-client
* Tue Sep 16 2014 Pavlos Daoglou <[email protected]> - 1.0.11-23
- Added quotes into if statements (check_CVE-2013-2094)
* Tue Sep 16 2014 Pavlos Daoglou <[email protected]> - 1.0.11-22
- Modified probe check_CVE-2013-2094 to ensure that it not returns faulse positives
* Mon Aug 04 2014 Pavlos Daoglou <[email protected]> - 1.0.11-20
- Modified probe check_CVE-2013-2094 to only check for mitigations
* Thu Jun 26 2014 Pavlos Daoglou <[email protected]> - 1.0.11-19
- Modified Pakiti-Check to not use nagios epn
* Thu Jun 26 2014 Pavlos Daoglou <[email protected]> - 1.0.11-18
- Added Pakiti-Check probe as active check
* Thu Jun 26 2014 Pavlos Daoglou <[email protected]> - 1.0.11-17
- Added Pakiti-Check probe
* Wed Sep 25 2013 George Fergadis <[email protected]> - 1.0.11-16
- Fixed Torque probe
* Wed Sep 25 2013 George Fergadis <[email protected]> - 1.0.11-15
- Fixed ARC testjob script to report the probe return code
* Tue Sep 24 2013 Pavlos Daoglou <[email protected]> - 1.0.11-14
- Modified the ARC testjob script to return the hostname of the tested node
* Fri Sep 13 2013 Pavlos Daoglou <[email protected]> - 1.0.11-13
- check_CVE-2013-2094 version 0.6.
* Fri Aug 30 2013 George Fergadis <[email protected]> - 1.0.11-12
- check_EGI-SVG-2013-5890 version 1.5.
* Fri Aug 30 2013 George Fergadis <[email protected]> - 1.0.11-11
- check_EGI-SVG-2013-5890 version 1.4.
* Fri Aug 30 2013 George Fergadis <[email protected]> - 1.0.11-10
- check_EGI-SVG-2013-5890 version 1.3.
* Fri Aug 30 2013 George Fergadis <[email protected]> - 1.0.11-9
- check_EGI-SVG-2013-5890 version 1.2.
* Fri Aug 30 2013 Pavlos Daoglou <[email protected]> - 1.0.11-8
- check_EGI-SVG-2013-5890 version 1.1.
* Fri Aug 30 2013 Pavlos Daoglou <[email protected]> - 1.0.11-7
- check_EGI-SVG-2013-5890 version 1.0. Several code improvements.
* Thu Aug 29 2013 Pavlos Daoglou <[email protected]> - 1.0.11-6
- check_EGI-SVG-2013-5890 version 0.7
* Thu Aug 29 2013 Pavlos Daoglou <[email protected]> - 1.0.11-5
- check_EGI-SVG-2013-5890 version 0.6
* Thu Aug 29 2013 Pavlos Daoglou <[email protected]> - 1.0.11-4
- check_EGI-SVG-2013-5890 version 0.5 . Display the hostname too when result is critical.
* Wed Aug 28 2013 Pavlos Daoglou <[email protected]> - 1.0.11-3
- check_EGI-SVG-2013-5890 version 0.4 .
* Tue Aug 27 2013 Pavlos Daoglou <[email protected]> - 1.0.11-2
- check_EGI-SVG-2013-5890 version 0.2 . Also some fixes in changelog.
* Tue Aug 27 2013 Pavlos Daoglou <[email protected]> - 1.0.11-1
- check_EGI-SVG-2013-5890 added
* Fri Jul 05 2013 Pavlos Daoglou <[email protected]> - 1.0.10-8
- increased memory limit for ARC probes
* Thu Jun 06 2013 Pavlos Daoglou <[email protected]> - 1.0.10-7
- check_CVE-2013-2094 probe was not added into the ARC testjob
* Thu Jun 06 2013 Pavlos Daoglou <[email protected]> - 1.0.10-6
- Added support for ARC sites for check_CVE-2013-2094 probe
* Thu May 30 2013 Pavlos Daoglou <[email protected]> - 1.0.10-5
- Small improvement in WN-CVE-2013-2094 probe at kernel check condition in order to correctly identify xen kernels too
* Tue May 28 2013 Pavlos Daoglou <[email protected]> - 1.0.10-4
- This is a test build
* Mon May 27 2013 Pavlos Daoglou <[email protected]> - 1.0.10-3
- Small correction on critical message output in WN-CVE-2013-2094 probe
* Wed May 22 2013 Pavlos Daoglou <[email protected]> - 1.0.10-2
- Added WN-CVE-2013-2094 probe in gLite services.cfg
* Wed May 22 2013 Pavlos Daoglou <[email protected]> - 1.0.10-1
- Added WN-CVE-2013-2094 probe
* Tue Feb 26 2013 Pavlos Daoglou <[email protected]> - 1.0.9-4
- Fixed changelog date.
* Tue Feb 26 2013 Pavlos Daoglou <[email protected]> - 1.0.9-3
- Defined service libkeyutils in gLite services.cfg
* Mon Feb 25 2013 Pavlos Daoglou <[email protected]> - 1.0.9-2
- Added the code..
* Mon Feb 25 2013 Pavlos Daoglou <[email protected]> - 1.0.9-1
- Added libkeyutils probe
* Thu Feb 14 2013 Anastasis Andronidis <[email protected]> - 1.0.8-2
- Added dependency on emi-cream-nagios
* Fri Nov 23 2012 Paschalis Korosoglou <[email protected]> - 1.0.8-1
- Removed dependency on org.sam
* Mon Nov 19 2012 Pavlos Daoglou <[email protected]> - 1.0.7-1
- Fixed issue about dcache-perms failing to be scheduled.
- Fixed, wrong version number.
* Wed Nov 14 2012 Pavlos Daoglou <[email protected]> - 1.0.6-4
- Added dcache-perm probe
* Tue Mar 13 2012 Christos Triantafyllidis <[email protected]> - 1.0.6-1
- Fixed Permission blacklisting issues
* Wed Mar 7 2012 Christos Triantafyllidis <[email protected]> - 1.0.5-1
- Add .snapshot to blacklisted directories for Permissions probe (SAM-2465)
- Updated pakiti-client
* Tue Mar 6 2012 Christos Triantafyllidis <[email protected]> - 1.0.4-1
- Added ability to ignore expired CRLs on CRL check (SAM-2463)
* Tue Mar 6 2012 Christos Triantafyllidis <[email protected]> - 1.0.3-1
- Added ability to ignore expired CRLs on CRL check (SAM-2463)
* Tue Oct 25 2011 Christos Triantafyllidis <[email protected]> - 1.0.2-1
- Fixed typos in Pakiti probe wrapper (SAM-2106)
* Tue Oct 25 2011 Christos Triantafyllidis <[email protected]> - 1.0.1-1
- Added blacklisting of files/directories in Permissions probe (SAM-2104)
- Fixed torque probe that was failing to execute qmgr (SAM-2105)
* Tue Sep 13 2011 Christos Triantafyllidis <[email protected]> - 1.0.0-1
- Renamed package to grid-monitoring-probes-eu.egi.sec (SAM-1801)
- Added support for ARC sites (SAM-1895)
- Added CAs to use for pakiti client/server connections (SAM-1910)
* Wed Aug 17 2011 Christos Triantafyllidis <[email protected]> - 0.3.6-1
- Applied patch from Daniel Kouril ([email protected]) for Torque probe (SAM-1796)
* Tue Aug 9 2011 Christos Triantafyllidis <[email protected]> - 0.3.5-1
- Applied patch from Ulf Tigersted ([email protected]) for CRL probe (SAM-1727)
- Minor additional fixes/cleanups on the CRL probe
* Tue Aug 9 2011 Christos Triantafyllidis <[email protected]> - 0.3.4-1
- Typo in the second pakiti server URL (SAM-1760)
* Tue Aug 9 2011 Christos Triantafyllidis <[email protected]> - 0.3.3-1
- Fixed date substitution issue in CRL probe (SAM-1727)
* Tue Aug 9 2011 Christos Triantafyllidis <[email protected]> - 0.3.2-1
- Updated pakiti client to version 3 (SAM-1760)
* Wed Feb 9 2011 Emir Imamagic <[email protected]> - 0.3.1-1
- Probe not compatible with the new CA distribution (SAM-1257)
* Tue Feb 1 2011 Christos Triantafyllidis <[email protected]> - 0.3.0-1
- Added WN-Torque check (SAM-1220)
* Mon Dec 13 2010 Christos Triantafyllidis <[email protected]> - 0.2.1-1
- Added the missing definitions in services config
* Fri Oct 22 2010 Christos Triantafyllidis <[email protected]> - 0.2.0-1
- Added WN-RDSModuleCheck (SAM-879)
* Mon Aug 16 2010 Christos Triantafyllidis <[email protected]> - 0.1.7-1
- Synced pakiti2-client with SourceForge current version
* Thu Jul 29 2010 Christos Triantafyllidis <[email protected]> - 0.1.6-1
- Reports SITE_NAME to pakiti server (pakiti probe) (SAM-675)
- Pakiti probe is now a wrapper to the latest pakiti2-client from SourceForge (SAM-679)
* Wed Jul 28 2010 Christos Triantafyllidis <[email protected]> - 0.1.5-2
- Changed pakiti server
Deprecating pakiti.cern.ch.
Using pakiti.egi.eu.
* Tue Apr 27 2010 Christos Triantafyllidis <[email protected]> - 0.1.5-1
- Added 2 new probes:
WN-Permissions:
Checks the permissions of folders exported in environment variables for world writable files/folders.
WN-FilePermVulns:
Checks the permissions of files/folders related to known vulnerabilities.
- Fixes SAM-564
* Tue Apr 27 2010 Christos Triantafyllidis <[email protected]> - 0.1.4-1
- Changed the encryption method
- Added org.sam.sec.WN-CRL probe
* Tue Apr 20 2010 Christos Triantafyllidis <[email protected]> - 0.1.3-1
- Added ARCH reporting for pakiti
* Mon Jan 25 2010 C. Triantafyllidis <[email protected]> - 0.1.2-3
- Fixed the _encrypted definition
* Mon Jan 25 2010 C. Triantafyllidis <[email protected]> - 0.1.2-2
- Added the missing jdl template
* Thu Jan 21 2010 C. Triantafyllidis <[email protected]> - 0.1.2-1
- Added a fake "OK" to the returned result of check_and_encrypt command
* Wed Jan 20 2010 C. Triantafyllidis <[email protected]> - 0.1.1-1
- Added the check_and_encrypt command
- Added a detail line to pakiti probe (no useful data yet here, just for testing)
- pakiti probe results are sent encrypted back to the server
* Mon Jul 6 2009 C. Triantafyllidis <[email protected]> - 0.1.0-1
- Initial build
- Based on CE-probe WN tarball assembly
- Contains probes:
* WN-Pakiti