News
- Feburary 13, 2016 - New Ipaudit Version 1.1
After 13 years (wow, that's a long time), there's a new version of the ipaudit binary tarball. It includes several bug fixes that improves ipaudit as a daemon. It's available here.
- December 7, 2003 - New Beta Version 1.0BETA8
There's a new beta version tarball available, IPAudit-Web-1.0BETA8. Compared to the stable version 0.96b7, it includes improvements in portability, installation ease, robustness, appearance, and bug fixes. The main fix relative to the previous BETA release was making SearchIPAuditData work with Perl's taint checking under Red Hat 9.0.
- November 19, 2003 - BugFix II
NOTE: This bugfix supercedes that of October 6, 2003. If you downloaded the corrected SearchIPAuditData previously, please replace it with this. If you've installed IPAudit-Web under Red Hat 9.0, or recently upgraded Perl, you may have seen the script SearchIPAuditData show no connection records in it's display. The problem was apparently caused by a change in Perl's taint checking.
Here is a fixed version
- October 20, 2002 - Security Alert
Several CGI Scripts have security holes in previous versions of IPAudit-Web (before September 20, 2002).
All previous versions contain cgi scripts which allow a remote user to run system commands as the web server user (typically the user apache or nobody). (The latest version 0.96b7 posted February 23, 2003 is patched.).
If you are running any of the previous versions (0.93b3, 0.96b or 0.96b2),
Please do one of the following:
- Install the latest version tarball available on the Downloads Page
- or follow these instructions to patch your current installation
- or install the CVS version
- October 19, 2002 - SearchIpauditData cgi-script
A small mis-configuration in the IPAudit-Web security upgrades ipaudit-web-0.96b5 and ipaudit-cgi-patch-0.96b5 caused the SearchIPAuditData cgi-script to fail. You can fix this in one of three ways:
- In the SearchIpauditData cgi-script (in the ~ipaudit/public_html/cgi-bin/ directory) change the line
$ZGREP = '/bin/zgrep' if (!$ZGREP);
to
$ZGREP = '/usr/bin/zgrep' if (!ZGREP);
- In the ipaudit-web.conf file (in the ~ipaudit/ directory) add the line:
ZGREP=/usr/bin/zgrep
- Upgrade to ipaudit-web-0.96b7 or ipaudit-cgi-patch-0.96b6.
- In the SearchIpauditData cgi-script (in the ~ipaudit/public_html/cgi-bin/ directory) change the line
- April 11, 2002 - The current version of ipaudit-web contains a bug in the script reports/30min/graphic/ReportLog. This bug causes ReportLog to drop half-hour data for the first two periods of the day after the onset of Daylight Savings Time in the spring.
To fix this problem please do the following:
- Download this corrected version of the ReportLog script and place it at reports/30min/graphic/ReportLog.
- Edit the log files:
- ReportTraffic.log
- ReportExternal.log
- ReportLocalHost.log
- ReportRemoteHost.log
- ReportLocalBusy.log
- ReportRemoteBusy.log
in the same directory (reports/30min/graphic). The last two files in the list are only preset in the most recent ipaudit-web versions. In these log files delete all the lines which start with the dates 2002-04-08 and later. These will be the lines at the bottom of the file. - Wait until the next 30 minute cycle for the cron daemon to fire runcron in that directory, this will update the log files with the corrected version of ReportLog. Or, for the impatient, you can issue the command from inside the directory ./runcron /home/ipaudit 2002-04-11-09:12 substituting the correct date/time string (and the correct home directory).
- December 5, 2001 - Newer beta version of ipaudit-web, ipaudit-web-0.96b2.tgz (NOTE: do not use this version, see NEWS item of September 20, 2002). Fixes BSD, Solaris problem with 'ps -ef'. Default installation does not collect raw packets.
- December 3, 2001 - New beta version of ipaudit-web. Faster, more portable, easier installation and includes more reports.
- November 8, 2001 - Latest working installation available from CVS. Complete installation instructions are included in the CVS tree.