Hawk-ChangeLog

From Wiki

Contents 1 2011 May 5 2 2011 Apr 27 3 2011 Apr 21 4 2011 Apr 4 5 2011 Mar 30 6 2011 Mar 29 7 2011 Mar 10 8 2011 Mar 7 9 2011 Mar 2 10 2011 Feb 28 11 2011 Feb 18 12 2011 Feb 15 13 2011 Feb 3 14 2011 Jan 28 15 2011 Jan 20 16 2011 Jan 18 17 2011 Jan 12 18 2011 Jan 12 19 2011 Jan 6

2011 May 5

• Fixed bug http://bugs.1h.com/show_bug.cgi?id=1156 - Uninstall breaks Guardian services config

2011 Apr 27

• web-local/hawk.pl: validate_ip function must be used with scalar(param('ip')) to prevent issues in the future
• Enhancement http://bugs.1h.com/show_bug.cgi?id=1013 - Bruteforce and Failed login pop-up windows too big

2011 Apr 21

• Enhancement http://bugs.1h.com/show_bug.cgi?id=1013 - Bruteforce and Failed login pop-up windows too big
• Fixed bug http://bugs.1h.com/show_bug.cgi?id=1014 - Interface stalls if bruteforce/failed logins pop-up windows are empty

2011 Apr 4

• Added README file

2011 Mar 30

• hawk.pl - Skip dovecot broots if the line says "Internal login failure". This should NOT be considered as attack.

2011 Mar 29

• hawk_install.sh - Do not call dns_setup.sh anymore. Let the user manage his DNS records on his own.

2011 Mar 10

• hawk.pl (web api) - File version changed to 0.2.0
  • Fixed bug while obtaining %srvhash (split on multiple occurencies of spaces and :s)
  • If the monitoring for a particular service is NOT enabled in the hawk conf the data in the returned json store for that service should be always -1. This means that this service is not enabled for monitoring. Based on that -1 value for service X we hide the bruteforce column for service X
• hawk.js - Code indentation
  • Added data index for all columns in the bruteforce grid
  • Hide the column for the particular service if the json store returned by the backend api for that service say -1 (disabled)
• hawk.conf - Watch cPanel should be off by default.

2011 Mar 7

• hawk_config.sh
  • Mail server is courier if /etc/init.d/courier-imap exists. We do not check for authlib anymore.
  • If we find direct admin watch_da is turned on in /home/1h/etc/hawk.conf
  • File version changed to 0.1.2
• hawk.conf - Added watch_da=0 variable
• hawk.pl
  • File version changed to 5.2.1
  • Code indentation
  • New use cases for courier_broot for plesk courier
  • Better parsers of courier failed lines in courier_broot
  • In dovecot_broot and proftpd_broot call logger only in debug mode
  • In cpanel_webmail_broot added debugging and fixed bug with incorrect array position for getting failed username
  • 1_sw.patch patch to add watch_da variable and da service id to the config.

2011 Mar 2

• hawk.js - Added column for DirectAdmin hacking attempts.
• hawk_config.sh
  • Version changed to 0.1.1
  • If the server is direct admin add /usr/local/directadmin/data/admin/login.hist to the monitoring list as well
• hawk.conf - New service id 6 for direct admin
• hawk.pl
  • File version changed to 5.2.0
  • Code indentation
  • New function da_broot to handle direct admin bruteforce attempts
  • Fixed possible bugs. Make sure that each conf var is defined before we try to use it
  • New case for direct admin type bruteforces. If we hit this case da_broot gets called.
  • Removed TODO from the file which was actually already implemented.
  • Added new service for the json response (da - Direct admin)

2011 Feb 28

• bin/hawk_install.sh - Make sure to always connect to template1 database whilte testing psql connections.

2011 Feb 18

• Modified blocked IPs list window size - IE issues

2011 Feb 15

• hawk.pl
  • Version increased to 5.1.7
  • Fixed bug: http://bugs.1h.com/show_bug.cgi?id=953

2011 Feb 3

• hawk.pl - Added TODO in the hawk.pl head
• bin/hawk_install.sh - Added 'no cPanel' install

2011 Jan 28

• Updated license to GPLv2
• LICENSE: License changed to GPLv2

2011 Jan 20

• hawk_install.sh
  • File version changed to 0.1.2
  • Operate with files (/var/spool/cron/root, /etc/init.d/crond) only after we are sure they exists.

2011 Jan 18

• LINCESE: updated the license year

2011 Jan 12

• hawk_install.sh
  • Make sure to use certain files only if they exists.
  • Restart cron during hawk install only hawk-unblock.sh was not found in it and we just added it
  • Execute /usr/local/cpanel/etc/init/stopcphulkd only if exists and only then we should try to remove /var/cpanel/cphulk_enable
  • Removed commented obsolete code
  • Make sure to exit cleanly at the end
• uninstall_hawk.sh
  • Code indentation
  • Removed commented code

2011 Jan 12

• hawk_config.sh
  • Make sure to use certain files only if they exit.
  • If this is not a cPanel server try to guess the running services based on init scripts

2011 Jan 6

• Added new patch that should be executed during the RPM install. Fix the master interface link once and for all this time.
• index.html - Make sure to load the new config.js file with masterLink in it prior loading the core hawk.js
• config.js - This file will store masterLink. The file itself will be defined as config with noreplace option inside the spec files.
• hawk.js - window.location for goToMaster function has been replaced with variable which is taken from the config.js file.