stealth (4.03.03)
* Published Stealth 4.03.02 too early. Use 4.03.03 instead
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 12 Sep 2022 15:44:15 +0200
stealth (4.03.02)
* Ready for libbobcat6
* Added 'c++std' defining the c++ standard to use for
compilation. Compilation commands also use -Werror
* The 'build' script defines the command 'build manual', replacing 'build
uguide'
* Removed the unused '\usepackage[...]{hyperref}' from
'./documentation/manual/stealth.sty'
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 12 Sep 2022 15:19:28 +0200
stealth (4.03.01)
* Removed overlooked comment in main() causing stealth to only look at
its command line arguments, without performing other actions.
* Updated the affiliation in the man-page and manual.
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 06 Oct 2021 22:12:06 +0200
stealth (4.03.00)
* Removed -q from the build script
* Repaired the icmake/findall function
* Documentation is stored under
(usr/share/doc/){stealth,stealth/scripts,stealth-doc}
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 30 Jun 2021 12:05:05 +0200
stealth (4.02.00)
* Requires bobcat >= 5.00.00
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 24 Apr 2019 12:35:54 +0200
stealth (4.01.11)
* Migrated from Github to Gitlab.
-- Frank B. Brokken <f.b.brokken@rug.nl> Tue, 19 Jun 2018 17:57:30 +0530
stealth (4.01.10)
* Added texlive-latex-extra to 'required'
* Specified c++17 as the C++ standard to use in INSTALL.im
-- Frank B. Brokken <f.b.brokken@rug.nl> Thu, 18 Jan 2018 11:06:51 +0100
stealth (4.01.09)
* New compilation needed for bobcat 4.08.02
* Cosmetics on the icmconf configuration file (e.g., std=c++14 not specified
anymore since that's currently the default)
-- Frank B. Brokken <f.b.brokken@rug.nl> Fri, 22 Sep 2017 08:57:53 +0200
stealth (4.01.08)
* New compiler releases required #include <cstring> in integrityscanner.ih.
No further implementation changes or changes in Stealth's behavior.
-- Frank B. Brokken <f.b.brokken@rug.nl> Thu, 31 Aug 2017 16:27:52 +0200
stealth (4.01.07)
* Replaced no longer supported Yodl tags startit() ... endit() by
itemization( ... )
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 07 Aug 2017 15:27:20 +0200
stealth (4.01.06)
* Implemented Svante Signell's (via Tony Mancill) patch to return the
current working directory (options/getcwd.cc).
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 19 Apr 2017 11:57:44 +0200
stealth (4.01.05)
* Fixed typos reported by Lintian
* Updated the overview of required software in 'required'
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 14 May 2016 14:16:00 +0530
stealth (4.01.04)
* Streamlined the `build install' actions
* Requiring icmake 8.00.05
-- Frank B. Brokken <f.b.brokken@rug.nl> Thu, 24 Dec 2015 12:51:21 +0100
stealth (4.01.03)
* Adapted build scripts to icmake 8.00.04
-- Frank B. Brokken <f.b.brokken@rug.nl> Sun, 20 Dec 2015 11:56:40 +0100
stealth (4.01.02)
* Kevin Brodsky observed that the installation scripts used 'chdir' rather
than 'cd'. Fixed in this release.
* Kevin Brodsky also observed that the combined size of all precompiled
headers might exceed some disks capacities. The option -P was added to the
./build script to prevent the use of precompiled headers.
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 05 Oct 2015 21:18:02 +0200
stealth (4.01.01)
* Standardized the (de)installation procedures
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 03 Oct 2015 18:26:05 +0200
stealth (4.01.00)
* Added option --ping, verifying whether a stealth daemon is still
available. See the man-page for details.
* Updated the /usr/bin/stealthcron script, e.g., calling logger when stealth
was restarted.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 07 Mar 2015 14:49:08 +0100
stealth (4.00.00)
* Stealth 4.00.00 uses Unix Domain Sockets instead of signals to
communicatie with the stealth monitor running as a daemon.
* Previously required absolute file paths are no longer required. When
relative file paths are used with the Stealth daemon or with Stealth doing
an integrity scan as foreground process they are interpreted relatively to
the current working directory, or (when specified in the policy file)
relative to the USE BASE location. With Stealth running in IPC mode
relative file paths are interpreted relative to the directory in which
Stealth running in IPC mode was started.
* A README.flow file is provided with several separately provided
illustrative images in the directory documentation/images. Similarly:
README.messages describes the organization of log/mail message handling.
* Specifications for the logrotate specifications should use 'copytruncate'
and 'sharedscripts' (see the man-page for an example).
* share/usr/bin/stealthcron now specifies a Unix Domain Socket (usage not
changed).
* Fixed compilation errors that emerged with g++-5, reported by Matthias
Klose.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 07 Feb 2015 21:14:30 +0100
stealth (3.00.00)
* Version 3.00.00 completely reorganizes and refactors Stealth's
components. Long functions were split into shorter ones and several new
classes were defined, resulting in better compartmentalization of
tasks.
* At the program's logical flow level continuation and related flow control
was re-implemented, using, e.g., Bobcat's FBB::Signal class to handle
signals. Also, wait facilities based on sleep(3) selector(3bobcat) were
replaced by C++11 facilities using mutexes and condition variables.
* Stealth's cross-refeence information is added to the source archive,
installed by default in EXTRA/stealth.xref.gz (cf. INSTALL.im for the
actual EXTRA location.
* The manual and man-pages received a complete overhaul.
* See the manual's `What's new' section for an overview of changes that are
immediatly relevant at the user-level. E.g., the option --keep-alive is no
longer supported.
* The manual's .pdf version now offers clickable hyperlinks.
* Several README.* files were added. In particular: README.3.00.00 summarizes
the changes from stealth 2.12.00 to stealth 3.00.00
-- Frank B. Brokken <f.b.brokken@rug.nl> Fri, 29 Aug 2014 12:52:15 +0200
stealth (2.12.00)
* Fixed a bug preventing stealth runs to end when a command returns a
non-zero exit value
* Replaced obsolete Errno calls by Exception calls
stealth (2.11.04)
* Fixed a compilation error with clang, reported by Nicolas
Sevelin-Radiguet.
* Removed superfluous patch-files 01_include_errno.patch and
clang_FTBFS_ambiguous-declaration.patch
-- Frank B. Brokken <f.b.brokken@rug.nl> Thu, 24 Apr 2014 16:20:24 +0200
stealth (2.11.03)
* In Stealth's man-page and manual -perm -xxxx was replaced by -perm /xxxx,
as per the POSIX standard.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 15 Jun 2013 14:34:42 +0200
stealth (2.11.02)
* Stealth returns 0 for options --help and --version
* Catching Errno exceptions is replaced by catching std::exception
exceptions
-- Frank B. Brokken <f.b.brokken@rug.nl> Fri, 25 Jan 2013 11:15:36 +0100
stealth (2.11.01)
* Construction of ps and pdf versions of the stealth manual was accidenally
dropped in releases after 2.10.00. The ps and pdf versions are now
available again.
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 23 Jan 2013 10:20:20 +0100
stealth (2.11.00)
* The policy file may contain a USE DIFFPREFIX specification specifying the
number of characters the diff command adds to lines produced by, e.g.,
CHECK commands.
* Path locations in the output of program are by default recognized by the
first forward-slash found in output lines. CHECK commands now also support
a column offset specifying the offset where path locations start. This
allows commands to write slashes before path specifications.
* Filenames may contain blanks. A path specification in output of programs
begins at the first forward slash or at the line offset defines with a
CHECK command, and continues until the last non-blank character on lines.
* Stealth now returns 0 when options --version and/or --help are specified.
* Some icmake specific changes: CLASSES defines the class dependencies; and
icmconf specifies #define USE_ALL "a"
-- Frank B. Brokken <f.b.brokken@rug.nl> Sun, 20 Jan 2013 16:40:53 +0100
stealth (2.10.01)
* The following #defines in INSTALL.im can be overruled by defining
identically named environment variables:
CXX defines the name of the compiler to use. By default `g++'
CXXFLAGS the options passed to the compiler.
By default `-Wall --std=c++0x -O2 -g'
LDFLAGS the options passed to the linker. By default no options are
passed to the linker.
* Documentation files are now under ./documentation
-- Frank B. Brokken <f.b.brokken@rug.nl> Tue, 17 Jul 2012 16:22:02 +0200
stealth (2.10.00)
* --reload pidfile reloads the configuration files
* When specifying a directory with --skipfiles all entries below that
directory are skipped.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 16 Jun 2012 15:03:36 +0200
stealth (2.04.00)
* Added detection of invalid child process command texts: commands not
resulting in an exit value are considered invalid and terminate Stealth.
(scanner/testexitvalue.cc)
* Added cross reference listing to the standard documentation (stealth.xref)
-- Frank B. Brokken <f.b.brokken@rug.nl> Sun, 03 Jun 2012 15:11:30 +0200
stealth (2.03.00)
* Spurious [Fatal] message when starting stealth are prevented
* This version expects Bobcat >= 3.00.00
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 05 May 2012 10:47:41 +0200
stealth (2.02.02)
* Recompilation and minor modifications to prepare for g++ 4.7
* YEARS updated
-- Frank B. Brokken <f.b.brokken@rug.nl> Sun, 08 Jan 2012 14:42:34 +0100
stealth (2.02.01)
* Removed FnWrap* calls from Stealth's sources
* `build' script now recognizes CXXFLAGS and LDFLAGS for, resp. g++ and ld
flags. Default values are set in INSTALL.im, as before.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sun, 26 Jun 2011 14:24:10 +0200
stealth (2.02.00)
* The file specifying the names of files whose integrity should not be
checked may contain empty lines and lines whose 1st non-blank characters
start with #. Such lines are ignored.
* The 'build' script now uses the -g option by default (set in
INSTALL.im). To modify the g++ compilation options change the #define
CPPOPT in INSTALL.im. By default it is set to "-O2 -g". To modify the
flags `on the fly' set the environment variable CPPFLAGS, overruling
CPPOPT. The option "-Wall" is always used and should not be altered.
-- Frank B. Brokken <f.b.brokken@rug.nl> Tue, 07 Jun 2011 13:06:18 +0200
stealth (2.01.00)
* Stealthcleanup now has a -v flag, showing its actions
* Following an upgrade to bobcat 2.11.00 stealth should be recompiled
* Identifiers in #defines in configuration files may now also contain
hyphens and underscores.
* The message about 'can't read Mstream...' when stealth started with
--keep-alive is now prevented
* Stealth's timestamp now is according to the rfc 2822 format, using UTC
* Inclusion and exclusion diff-output are again part of the report. Due to
an omitted else in scanner/nodifferences only the > (old) parts were
shown.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 05 Feb 2011 12:38:23 +0100
stealth (2.00.1)
* Documentation requires >= Yodl 3.00.0
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 10 Nov 2010 10:38:49 +0100
stealth (2.00.0)
* Changed Errno::what() call to Errno::why()
* Repaired handling of the -o flag (wasn't working: checked for option "o"
rather than 'o'.
* Implemented option -s (--skip-files) to skip the integrity-test of
specified files. When appearing in the logs so far the initial appearance
of a path in the file containing the files to skip results in a
log-message "SKIPPING"
* A full overhaul of Stealth's sources warrants an upgrade of the major
version to 2.
* replacing Msg by Mstream and Errno facilities
* NOTE: requires bobcat 2.09.00 or later
stealth (1.47.4)
* Added g++ option --std=c++0x to match the latest Bobcat library
* Stealth is now by default installed in /usr/bin (instead of /usr/sbin) as
non-root users are also able to use stealth, e.g., to monitor the
integrity of their own files. Stealth support scripts (stealthcleanup,
stealthcron, stealthmail) are found by default in in
/usr/share/doc/stealth/scripts/usr/bin and you might want to install them
in /usr/bin rather than /usr/sbin, as suggested previously.
**MAKE SURE** that `/sbin/' is changed to `/bin/' in any scripts you may
use to activate stealth (e.g. /etc/cron.d/stealth, calling stealthcron)
-- Frank B. Brokken <f.b.brokken@rug.nl> Thu, 03 Sep 2009 13:52:38 +0200
stealth (1.47.3)
* Build script's `manual-tmp' removed, reactivated `manual'. Build now
allows separate installation of program, man-page and manual
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 30 Mar 2009 09:53:39 +0200
stealth (1.47.2)
* Minor changes wrt Process object definitions to prevent `obsolete'
warnings from by now (since bobcat 1.21.1) obsolete Process
constructors. Also, the Process mail constructor no longer needs to call
the mail program as a command to /bin/sh.
-- Frank B. Brokken <f.b.brokken@rug.nl> Fri, 24 Oct 2008 14:37:19 +0200
stealth (1.47.1)
* Defined the --max-get-size option to restrict the size of files
that can be received from a target system. By default 10M.
* As the MD5 hash is no longer considered to be cryptographically
secure, stealth users should now use an alternative way to compute
hash-values. It is suggested to switch to SHA1 hash computations. All
stealth documentation was updated accordingly.
stealth (1.46.1)
* Introduced sub-sub-version numbers for minor changes
* The `build' script no longer automatically strips the binary
stealth (1.46)
* Stealth's icmake scripts adapted to work with icmake > V 7.00 as well.
* Random interval based activation time clarified and implementation
slightly changed. Man-page and manual changed accordingly
Examples now have `find' options (like -xdev) at their proper places.
* Provded the stealthmail script with a sorting filter, filtering only the
ADDED, MODIFIED and DELETED messages from mail generated by stealth.
* Version distribution changed. Latest version now expected in VERSION
stealth (1.45)
* The previously used scripts below make/ are obsolete and were removed from
this and future distributions. Icmake should be used instead, for which a
top-level script (build) and support scripts in the ./icmake/ directory
are available. Icmake is available on a great many architectures. See the
file INSTALL (and INSTALL.im, replacing the previously used INSTALL.cf)
for further details.
* All plain `unsigned' variables were changed to `size_t'
stealth (1.44) unstable; urgency=low
* License changed to the GNU GENERAL PUBLIC LICENSE. See the file
`copyright'.
* Introduced George Danchev <danchev@spnet.net> as uploader
* From now on this file will contain the `upstream' changes. The Debian
related changes are in changelog.Debian.gz
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 19 Jul 2006 12:57:17 +0200
stealth (1.43) unstable; urgency=low
* Following suggestions made by George Danchev, this version was compiled by
the unstable's g++ compiler (version >= 4.1), which unveiled several flaws
in the library's class header files. These flaws were removed (i.e.,
repaired).
* In order to facilitate compiler selection, the compiler to use is defined
in the INSTALL.cf file.
* The debian control-files (i.e., all files under the debian subdirectory)
were removed from the source distribution, which is now also named in
accordance with the Debian policy. A diff.gz file was added.
-- Frank B. Brokken <f.b.brokken@rug.nl> Thu, 6 Jul 2006 12:24:58 +0200
stealth (1.42) unstable; urgency=low
* When a (remote) CHECK command failed to return 0, Stealth didn't properly
terminate. This was repaired by changing the return value of
Reporter::relax() to type bool, returning d_continue. This return value is
now checked in Monitor::control(). If not true, the Monitor::control()
loop terminates, thus terminating the program with exit value 1.
* make/install script now defines PREFIX=/ if called without argument.
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 26 Jun 2006 09:27:34 +0200
stealth (1.41c) unstable; urgency=low
* Stealth was `lintianized' and `lindanized'. The info in debian's control
file was adapted. As the bobcat libraries are now in libbobcat1 *packages,
stealth's dependencies were adapted accordingly.
-- Frank B. Brokken <f.b.broken@rug.nl> Sun, 28 May 2006 12:39:15 +0200
stealth (1.41b) unstable; urgency=low
* Recompilation because of changes in the bobcat library.
This version of Stealth depends on bobcat 1.7.0.
No changes to Stealth itself. The compilation dependency for the
g++ compiler has been restored.
-- Frank B. Brokken <f.b.brokken@rug.nl> Tue, 2 May 2006 21:37:31 +0200
stealth (1.41a) unstable; urgency=low
* Minor changes to the make/library script, adapted the program's release
years. Dependency check in debian/control for g++ removed since it fails
for unkown reasons. The version should be >= 4.0.2
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 1 Feb 2006 12:46:01 +0100
stealth (1.41) unstable; urgency=low
* Library requirement up-to-date: bobcat 1.6.0
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 26 Dec 2005 19:17:24 +0100
stealth (1.40) unstable; urgency=low
* all local Pattern objects are now static data members
* removed: superfluous stealth.doc-base; debugmacro;
classes arg, configfile, errno fdout fork ifdnbuf pattern pipe selector
(now in bobcat)
* Renamed all .h2 headers to my standard .ih names:
util, configsorter, reporter scanner
* Reporter::reset() now calls Reporter::rewind()
* Reporter uses d_hasMail data member instead of d_sizeBeyondHeader:
d_hasMail can simply be set to false following the writing of the header,
and then to true at each sync() command.
* added: Reporter::exit(), first inserting the message into the reporter,
then to cerr, and exiting.
* fatal error messages are no longer suppressed with -q
* man(ual) pages adapted accordingly.
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 26 Dec 2005 18:23:25 +0100
stealth (1.35) unstable; urgency=low
* Recompilation using g++-4.0. Requires bobcat >= 1.4.0
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 19 Nov 2005 16:47:28 +0100
stealth (1.34) unstable; urgency=low
* Removed dependencies on `icmake'. See the file `INSTALL' for details about
compiling and installing `stealth' from the source package, rather than
from the binary (.deb) package.
Stealth's functionality has not been altered.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sun, 4 Sep 2005 15:11:46 +0200
stealth (1.33) unstable; urgency=low
* With the advent of the bobcat library (Brokken's Own Base Classes And
Templates) various classes were removed from stealth's distribution: Arg,
Configfile, Errno, Fork, Hashclasses, Ifdstreambuf, Ofdbuf, Pattern, and
Pipe. Also, the manual pages were adapted to reflect the fact that I'm
distributing Debian (source and binary) packages, rather than pure source
packages. No further change in functionality was implemented. To compile
stealth bobcat-dev is required, to run the binary bobcat itself. See
http://bobcat.sourceforge.net and http://sourceforge.net/projects/bobcat
for further information about bobcat.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 20 Aug 2005 15:35:32 +0200
stealth (1.32) unstable; urgency=low
* Version 1.31 was not distributed. Version 1.32 offers identical user
options as V 1.31, but has some minor internal improvements in its code
over 1.31. In particular, a running stealth process will signal its
suppressor that it's ready. This simplifies the construction of, e.g.,
logrotate scripts.
* Note btw that the date and timestamps in this file are CET (+ DST when
active)
-- Frank B. Brokken <f.b.brokken@rug.nl> Mon, 1 Aug 2005 10:49:36 +0200
stealth (1.31) unstable; urgency=low
* Added --suspend and --resume options allowing logfile rotations on a
keepalive running stealth process. Changed the manual page using standard
manpage*() macros instead of SUBST()s
* Internally, a Monitor class was added, exercising and taking over much of
the control functionality of the Scanner class
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 30 Jul 2005 00:13:14 +0200
stealth (1.30-2a) unstable; urgency=low
* Stupid: forgot to update the program's version itself :-(
Now it's 1.30-2a
-- Frank B. Brokken <f.b.brokken@rug.nl> Tue, 27 Apr 2004 17:56:54 +0200
stealth (1.30-2) unstable; urgency=low
* Repaired bug in Scanner::Scanner():
The process-id's of the SH and SSH programs were assigned before
IOFORK::fork() was executed, so they received undefined values. This was
repaired by assigning the d_shPid and d_sshPid assignments to the
Scanner::preamble() function.
* Also, the call to killChildren() at the end of stealth's main() function
(in stealth.cc) was superfluous, as the atexit() call in preamble already
ensures that the childprocesses are called.
* Finally, the Yodl manual files are adapted to Yodl V. >= 2.00. The
/usr/local/share/yodl/macros.yo file isn't required anymore, and the
XXsloppyhfuzz undefinition was changed into a call of nosloppyhfuzz().
-- Frank B. Brokken <f.b.brokken@rug.nl> Tue, 27 Apr 2004 17:39:17 +0200
stealth (1.30-1) unstable; urgency=low
* --keep-alive, --terminate and --rerun require the name of a file in which
the process id of the running stealth process is stored. This file will be
writen when the --keep-alive flag is used, read by the other two and
removed by the corresponding stealth process when it terminates. Manpages
and docs updated accordingly.
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 17 Dec 2003 09:21:11 +0100
stealth (1.30) unstable; urgency=low
* --terminate, --rerun, --repeat and --keep-alive flags were added to allow
stealth to keep an existing connection for longer periods of
time. Manpages and docs updated accordingly
-- Frank B. Brokken <f.b.brokken@rug.nl> Fri, 12 Dec 2003 12:45:45 +0100
stealth (1.22-0) unstable; urgency=low
* Added GET and PUT. Put allows stealth to put files to the client using
the existing ssh connection.
-- Frank B. Brokken <f.b.brokken@rug.nl> Wed, 26 Nov 2003 21:25:02 +0100
stealth (1.21-0) unstable; urgency=low
* Added the GET command, allowing stealth to retrieve files from the client
for, e.g., local inspection, without requiring an additional ssh
connection.
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 22 Nov 2003 13:55:40 +0100
stealth (1.20-2) unstable; urgency=low
* New buildscripts added for man(ual) pages. This file will take over from
CHANGELOG which logged the original, non-Debian distribution.
-- Frank B. Brokken <f.b.brokken@rc.rug.nl> Fri, 20 Jun 2003 17:21:42 +0200
stealth (1.20-1) unstable; urgency=low
* Initial Release.
-- Frank B. Brokken <f.b.brokken@rc.rug.nl> Wed, 18 Jun 2003 12:13:41 +0200