StrongBox v1.0.b-14 1) removed opensp 2) moved libxml2 and cracklib to the util bundle 3) added rpm, elfutils, gnupg to util bundle 4) added gcc bundle, which has compilers, yacc, bunutils, libraries and include files 5) added qemu bundle (not available yet for public distribution) 6) updated to gentoo stable for July 05 7) added a makedebian script, for creating a debian-based dynamic bundle - changed debootstrap to use ubuntu instead of debian build 8) a number of bugfixes to mount-lib -> bad return codes, unremoved lock files 9) removed old code from man wrapper script 10) moved all wireless utilities to /util bundle 11) increased ramdisk size: 40MB 12) added nochbind-service startup script for finicky network services 13) bugfixes to bundle startup script to allow more flexibility with links 14) fixes to packaging scripts to make sure that option bundles are used correctly 15) fixed system-auth pam script: stray "use_firstpass" keyword 16) Added rpmstrap, and a makerpm script to make centos4 and fedora vservers 17) preliminary upgradebundle script for upgrading bundles 18) Added bind to util bundle 19) Added unionfs support to the kernel 20) Bugfix to makemenu for dealing with invalid TTYs 21) Bugfix for knocker to make DOS attack prevention more robust using hashlimits 22) Hashlimits subsystem, works with shorewall 23) Shorewall made more modular for easier upgrades 24) Fixes for preliminary dmraid support 25) Vrenice script for renicing vserver processes 26) Added gencert and genallcerts scripts for quick certificate generation - certs are created during the first login 27) Minor change to sudoset to support chroots better 28) Recompiled kernel for 4GB RAM StrongBox v1.0.b-13 1) WARNING: USB key authentication format is changed! Uses pam_usb instead!!! - activate password authentication while upgrading to this bundle - you will need a new DSA key to use USB authentication in the new bundle 2) WARNING: the opt bundles in this version will not work with older kernels! - upgrade your kernel before upgrading to this version of StrongBox 3) Added a "print" bundle (cups, ghostscript, fonts, foomatic) 4) Added a ruby language bundle with rmagick 5) Added imagemagick(gfx), ethereal(monitor) and iscsi to image 6) Changed freecert format to use DSA keys for compatibility with pam_usb 7) Bugfix to vserver-log to properly detect existing /vservers/.devs partition 8) Changed /var/state dir to 2MB 9) Added tcm and libtcm to image (hardware-based key security) 10) New kernel: 2.6.10-sbl1, -ac12 patchset, vserver 1.9.4, reiser4, fbsplash, squashfs, hostap 11) New versions of snort/snort_inline 12) General software upgrade to new gentoo (see packages.list) 13) Increased ramdisk size: 38MB 14) Much new software in various addons 15) Various bugfixes to console utilities 16) util bundle now includes full cdrtools, minicom, lighttpd, hostap, wpa_supplicant, debootstrap 17) /etc/strongbox-key.pem now supported as a default key in strongbox scripts 18) moved libidn to main image (for curl support) 19) removed openssl 0.9.6 20) recompiled a number of binaries for ssl support 21) Asterisk addon includes PRI, BRI, and mysql support 22) /var/log/messages default log (not /var/log/messages.DAYOFWEEK) StrongBox v1.0.b-12 1) Rewrote testsha1 function - added size checking to signatures - improved handling of out-of-date certs - faster failure detection: - cert resolution takes place before sha1sum checking - format checks happen early to prevent unnecessary attempts - added hooks for later use with block devices 2) Added a simple alert subsystem, and a system to constantly update the administrator on the admin status of bundles/strongbox 3) Bug fix to StrongBox console: some variables not being properly included from boot config 4) Added bootcheck and service check scripts, to give alerts to admins when unusual events happen during boot/bundle startup 5) Added "alerts" script to view alerts 6) Added basic port knocking functionality to getcert function library 7) Added a link so that a user can run ". getcert" to grab a certificate when necessary 8) Fixed signfile to detect and use an in-memory certificate if it exists 9) Decreased ramdisk to 34.5 MB RAM 10) Added whois, snort (regular version) and hping to the monitor bundle 11) Added minicom to a new util bundle 12) Fixed the "finddoc" script 13) Fixed the behaviour of getcert in strongbox bundle mode 14) Changed all instances of setadm off to setadm default to prevent unwanted locking of the ramdisk 15) Fixed qtparted to work again 16) Added a sbmotd file, to fix motd behaviour 17) Removed the use of the docs bundle, now only the opt:docs addon is used 18) Fixed handling of changing boot vmount 19) Removed error messages in get_backport function 20) Made setadm default work sanely when /etc is not a mountpoint 21) Fixed boot splash behaviour to work correctly 22) Fixed raid initialization in initrd -> moved raid back into kernel 23) Fixed vserver-tc startup (wasn't creating it's lock directory) 24) Fixed vg creation in strongbox console StrongBox v1.0.b-11 1) fixed some edge case problems in strongbox runmenu 2) bug fixes to signfile 3) whois and libidn in monitor option 4) resolveip included in main image 5) vserver-log fixes: - handles admin dirs properly - handles untagged vservers properly with mysql 6) querylog function tweaks 7) corrected use of setadm rw,ro,default throughout scripts 8) initrd corrections: - corrected initrd behaviour with raid: raid is now included as modules in the initrd, and raid is loaded after any modules= options are run in preprobe - re-included modprobe and insmod after bundleizing snafu - fixed noswap setting to work. Changed the initrd to not autodetect swap if there is more than 200000KB RAM, and added a swap option as an override for this - changed initrd versioning scheme for better portability 9) made lufsmnt suid root 10) made certificate/key password error more user-friendly 11) added ssh option to the getcert function library - . getcert ssh - can specify a full url for a key like ssh://user@host:port/path - url (just ssh, or ssh://ask, or full url) can be in .strongbox.key for automatic retrieval 12) Fixed bugs in keymount: - now runs as a user, not as root, removed from sudoers - doesn't run with sudo, you can give a user specific permissions to run certain mounts if needed with vmount - fixed port entry in "ask" script 13) BOOT_IMAGE is now properly entered into /imageinfo/bootinfo 14) getchanges now works correctly with new boot variables 15) minor bug fixes all round 16) fixed lilo to give fewer errors 17) cleaned up many useless error messages in various scripts StrongBox v1.0.b-10 1) bugfixes to hotplug and addkeys - now allows ext2 key again if: 1) the user who's logging in owns the key 2) the key is chattr +i this allows ext2 keys to work securely 2) bugfixes to adminmode: - fixed a tonne of little bugs - stopped vservers with LOCK_CONFIG unset from showing up in the list - made sure that other scripts use it correctly, including bundle startup and webmin 3) webmin: bugfixes and ssl autodetection 4) mysql and logging: - included user and database creation in syslog-ng mysql template - fixed mysql-logpipes to work correctly - changed linklog to only support the new style (per verserver log socket) for new vservers - querylog works a little more predictably 5) bundles: - added BUNDLE_ADMINDIRS variable - added dyamic bundle support and DYNAMIC_BUNDLE variable - made to work correctly with adminmode - reduced some gratuitous error messages - in-memory certificate support for bundle saves 6) reboot: - fixed the adminmode /etc unmount bug - fixed some gratuitous errors 7) kernel downgrade: 2.6.9 kernel had issues, back to 2.6.8-sbl3 StrongBox v1.0.b-9 1) Added "crypt" script to setup a user crypt dir (encfs based) 2) Added rssh program 3) changed fusermount to an suid program to allow private user mounts (not readeable by root!) for encfs 4) Changed StrongBox to preload certificate into RAM if one is already specified. This allows certificates that can only be seen by the user (not root) to be useable by that user. It also allows removal of the certificate media when not in use much more easily. 5) Added support for certificates from standard input (i.e. you can paste them into the terminal window as they're needed) 6) added a USER_ONLY mode to mount-lib for getting access to functions as a non-root user 7) Changed the lock and unlock program to mount/unmount crypt files 8) User can run . unlock and . lock to lock and unlock their session These commands can actually preload their certificate/key into memory so that they can remove their physical key at this point. This is accessed through the function "_cert" 9) opt bundles added - docs, qtparted, perl, python are all opt bundles now - added opt bundles for openldap, samba, etc - a number of features are now available in opt bundles - further reduction in size of base ramdisk (35MB) - links, man, info no longer require root - graphics, heartbeat, now in opt bundles - new functionality: asterisk, etc 10) setadm and adminmodes - full admin mode for main StrongBox OS - ability to mark certiain files as dynamic in admin directories - change cache for easier undo (precursor to full undo feature) - splitrd function allows a ramdisk split into 2 parts to allow admin mode - /etc/mtab linked to /proc/mounts for this 11) mysql logging - should work fairly easily out of the box 12) kernel 2.6.9-vserver 1.9.3 13) openswan downgrade to support XAUTH/PAM 14) improvements to locking, vmount, and dereferencing functions 15) fixed security bugs: - old vmount code excecution bugs - sudo exported bash function exploit fixed (reported upstream) - bundle unsigned script excecution bug - .ssh auth fixed -> had a bug where a user could effectively change the user's password without knowing the original password, which ruins sudo's authentication 16) proper locking for all directories that are mounted read-only or read-write depending on if they're in use: multilock function with manual override available 17) fixed an old bug in testsig's display of certificates in signatures 18) new commercial CA using new OIDs, old OIDs/ca still supported for non-commercial versions 19) Configuration saves now support file lists as well as regex expressions 20) halt.sh improvements + admin mode support 21) license script in ramdisk to describe licence of StrongBox/Gentoo/Linux 22) changed sudoers to not give so many capabilities to admins by default - more comments/ideas in sudoers file as to how to manage access 23) added p0f, a passive os fingerprinting tool 24) many bugfixes to allow for /opt bundles 25) fixed symlink for links from /bin, /sbin and /lib 26) bugfixes for adminmode. Plus, commented out all chattr for commands 27) fixed permissions on a large number of files, especially in /etc StrongBox v1.0.b-8 1) added schedutils 2) Graphics: sdl, smpeg, vga, sdl-ttf added to ramdisk 3) utilities: added mc, lsscsi, glib to ramdisk 4) pam_x509 and pam_usb support 5) removed some extraneous documenation and aclocal from ramdisk 6) custom mods to mc for star archives and StrongBox signatures 7) some cleanups in the Strongbox utilities 8) ramdisk remains at 37MB 9) fixed the docs bundle build script 10) added a siginfo script, and a --cert option to siginto in signfile-lib 11) removed multi-threaded boot for ramdisk (bundles still thread correctly) StrongBox v1.0.b-7 1) added a flushipv6 script (on by default) to remove all ipv6 addresses on network up (may need to be re-run manually) 2) Fixed some bugs in the installation walkthrough, added more safety checks 3) Changed runmenu to reflect the size of the running terminal by default 4) Added rollback support and basic patch analysis tools to StrongBox bundle configuration section 5) Added "strongbox install" shortcut to strongbox console 6) Fixed pam.d file for webmin 7) Fixed lilo.conf, should now automatically get the correct initrd and kernel information 8) Fixed some bugs in bundle detection in StrongBox-lib (now it looks much cleaner) 9) Added support for lvm on top of raid for config volumes to the initrd 10) Added INITRD_VERSION information to the bootinfo files 11) Added jfs-utils and poptop to strongbox OS 12) Added multi-threaded shutdown support for app-system, including shutdown timelimits 13) Fixed the shutdown wrapper script to work more predictably 14) Fixed docs bundle script to overwrite the hosts file on every "exec" 15) Removed some error messages from admuser and certpass 16) Changed "manual" and "quickstart" links to point to the strongbox website 17) Modified bundle config information for better useability. Added "edit port information" and "change bandwidth" options for easy access 18) Added quick access to bundle rollbacks in the Strongbox console 19) Added better defaults for useradd 20) Re-added the /etc/defaults/cdrecord.dfl file to the image 21) Fixed a /dev/null deletion snafu in the initrd, and fixed lvm support 22) Added "autobind" support to mount-lib, which automatically binds to the existing mounts of devices if they've been previously mounted. Added in exceptions for subfs, which doesn't like this (there may be others) 23) Fixed bind mount support to not allow "ro" or "rw" options unless ALLOW_RO_BIND is set 24) Added qtparted with the qt bundle (embedded-qt) 25) Added webmin support for bundles, with webmin takeover 26) Re-connected the gpm init script and the autoconfig gpm startup StrongBox v1.0.b-6 1) Further reduced ramdisk size: now 36MB (down from 41) - removed .a and .la static library files 2) Turned evms off by default: can cause too many problems if configured incorrectly (not totally autodetect safe) 3) directvnc server in docs bundle 4) upgraded kernel to 2.6.8-sbl3 - removed gfs support - added reiserfs4 support - removed vesafb-tng support (wasn't working correctly) 6) xfs and reiserfs4 tools added to image 7) perl and python support with respective add-on bundles 3) webmin configuration interface: - set up to use random high-numbered port on first use (using webmin bundle) - minor changes to "proc" module to support vserver processes - added support to install it to the ramdisk instead of running it off - of disk/cdrom 8) perl bundle, webmin, python, and python2.2 bundles added to the cdrom 9) heartbeat support 10) ldirectord support ( if perl bundle is loaded ) 11) quagga support (new version of zebra routing daemon) 13) turtle firewall (using webmin) - experimental 14) added quota utils and fake 15) openswan upgraded to 2.2.0 16) added better checks for a viable OS into the initrd 17) fixed a bug with saving the deleted state of links in patches 18) fixed a bug migrating to a new OS version when links are involved 19) fixed a bunch of ugliness when not in FrameBuffer mode 20) added a "google" script 21) sped up the shutdown sequence: removed a bunch of unnecessary checks, and forced sshd and net not to stop on shutdown. This reduces shutdown time, and prevents the system from becoming inaccessible in the case of a failed shutdown 22) sped up the startup sequence: streamlined some items, changed boot order so that alsasound is launched from autoconfig. also, made sure the "net" service starts after the autoconfig service, preventing duplication of effort (and potential unreliability) 23) altered the "net" script to have dhcp only try for 10 seconds to get a dhcp response on startup. If there is no response, net will use it's failover IP, if it exists, or fork dhcpcd into the background while everything else starts up 23) added fam and apachetop 24) added ssh support for strongbox certificates by default 25) modified strongbox and admuser scripts to share libraries 26) added zaptel hardware setup programs 27) Changed default boot on cdrom back to tmpfs 28) updated lilo.conf for new kernel 29) added some x.default files in /etc so users would have a reference for the new files if they, for e.g., changed their password file, or strongbox.conf StrongBox v1.0.b-5 1) Fixed bootup splash screen 2) Changed lilo.conf to reflect new information 3) Changed ramdisk support. Re-added a squashfs/tmpfs option. - changed tmpfs_modules to use a squashfs bundle by default - added more redundancy, should work better with low memory situations 4) Added a new option to the initrd: preboot config scripts: - put a signed script at configs/preboot and it will excecute prior to bootup. Can be used for exotics like getting configs off of NFS, etc 5) Added a "NO_COLOURS" option to strongbox.conf for better serial console support 5) Cleaned up a number of bugs, mostly cosmetic bugs, and bugs in the installation scripts. 6) Added support to runmenu for larger consoles StrongBox v1.0.b-4 1) curl, ppp, and pppoe support 2) bugfixes in strongbox console 3) added a new vserver-tc (traffic control) init script 4) changes to the traffic control subsystem: more robust 5) changes in default nat settings: bundles can now have private ips assinged to them dynamically on setup 6) automatic vserver hosts file generation 7) greatly simplified the hostname generation process for bundles 8) improved the support for copying existing bundles, and added in sane defaults 9) added "auto" flags for ip addressing and nat control 10) zaptel modules (asterisk hardware support) in kernel 11) vnetstat script 12) added some quick access links to strongbox: strongbox bundle 13) updated useage instructions to bundle and strongbox 14) added a "Legacy Interface" option to bundle configs, to support weird apps that use BSD style network calls (like bind 9.x) 15) added better support for detecting symlinks that are mounted to in vmount 16) updated iproute, nano and cdrtools (latest stable builds) 17) extended the functionality of the sudowrapper script: it will now add and remove symlinks for programs that users should have access to 18) edited the nanorc to change tab stops, and enable the nowrap option by default (to work better with sudoers) 19) added a visudo wrapper script 20) added some extra convenience features to the strongbox console 21) fixed a security flaw in the default root configuration: now the first login on a console will disable the root account, forcing the user to either add a password or another login method 22) fixed the initial motd message 23) fixed many bugs, including a long-standing bug in dealing with flat files referenced in the get_virtual_dir function StrongBox v1.0.b-3 1) dmraid support and autodetection: this should autodetect hard/soft raid controllers like the promise fasttrack, etc 2) evms support: another volume management system. Read the guide (run docs, and look under 02-guides, and try evmsn) 3) added a few guides from the Linux Documentation Project 4) added a few guides for shorewall from their site (run: man shorewall) 5) added a free certificate generation utility (freecert, and renewcert) 6) added vim to the ramdisk (without the 10MB of extra bells and whistles) 7) added the cryptsetup package for doing dm-crypt volumes (both old and new versions, cryptsetup, and cryptsetup.sh) 8) added an option to change the hostname in strongbox 9) added an automount options for modules if you're using them off of your boot device (modprobe wrapper script) 10) cleaned up some bugs in strongbox key management StrongBox v1.0.b-2 1) New kernel (2.6.8-sbl2 based on 2.6.8.1) - built in vga support - removed cloop support (this module is not longer being supported) - added fbsplash support - updated to vserver-1.9.2 - added gfs kernel support (no program support yet) - kernel bugfixes from gentoo devel tree - support for 16 boot params (instead of 8) - support for 64 loop devices (instead of 8) - support for fuse (encfs, lufis/lufs modules, etc) - read/write snapshot support (NOTE: don't use reiserfs with this) 2) New initrd with boot splash screen support (800x600 at 16bit only) 3) Splash screen support througout bootup based on fbsplash & splashutils 4) Graphical web browser support in links 5) Removed legacy use of PEA_RELEASE from initrd 6) New format for boot information, etc, in /imageinfo/bootinfo and /imageinfo/bootconfig 7) Removed "include file" support from configs for security reasons 8) Changes to the bootup sequence: - multi-threaded bootup with "bundles" wrapper script - faster bootup (fsck starts in the background before net comes up) 9) updated to latest upstream for rsync, openssh, stunnel, alsa, udev, lvm2, dev-mapper 10) updated to new gentoo init scripts 11) removed cryptoloop support 12) added pdftohtml, cups, ghostscript to docs bundle 13) Added a number of wrapper scripts for various root utilities to automatically call sudo 14) Added support for "edit" to remount volumes rw, and redo signatures on signed files 15) Added kerberos client support to the image (pam_krb, mit-krb5, and openssh-krb5) 16) removed some old files for aumixer and smixer, removed smixer from dev 17) bugfixes in all strongbox utilities to deal with format changes 18) hostname is now printed in strongbox console 19) cleaned up a lot of debug information that was being printed 20) read_config_file function to safely source information from config files 21) added proper locking to vfsck to prevent problems on bootup 22) added fbshot to image 23) alterations to modules.aliases to try and prevent x.25 and rose from loading 24) support for new conf.d/net format from gentoo 25) general speed and efficiency improvements 26) new options in strongbox.conf for screensaver and splash screen support 27) removed tmpfs support from cdrom 28) updated grup config 29) Added dmrd ramdisk type 30) Changed ramdisk to use more compressed files: /lib, /bin, and /sbin are now compressed 31) changed default ramdisk size to 42MB, with modules in a separate removeable tmpfs volume 32) added a "squashramdisk" script, activated by strongbox.conf, that unmounts modules after bootup, allowing them to be remounted using the run:modules vmount 33) changed mount-lib to have the KVERSION variable available StrongBox v1.0.a-8 1) screensaver, cmatrix 2) lighttpd 3) coreutils, sh-utils upgrade 4) fuse, rlog, encfs, lufis StrongBox v1.0.a-7 1) Fixed use of tempfiles in all strongbox scripts -> now uses a separate directory 2) added a docs bundle, built from the strongbox build environment includes kernel header files, strongbox docs and manuals. Includes: - links2 (lynx variant) - man, and info - minicom 3) added/changed some commands for using docs: finddoc, man, info, links, docs and manual 4) added a getchanges command, which gives you a quick list of changes since the last save 5) added a bundle mount type to mount-lib: a variation on an rbind. This provices a facility necessary for OS patching. Unmounts of bundles are now ensured: that way an older version of a bundle will never accidentally start because a shutdown of the bundle wasn't able to unmount. Also, a minor correction to mount-lib tempfiles 6) More fixes to migratepatch, especially WRT using links. Removed some of the gratuitous debug messages for star 7) Changed the package format slightly for all bundles: there was a mistake in the way links were being treated. Should result in slightly smaller bundles (less md5sums) 8) removed the deprecated /etc/lvmtab.d directory 9) added nfs-utils and portmap (prep for doing ssl/ssh/nfs services) 10) update to glibc (upstream security fix for LD_DEBUG vulnerability) 11) Recompiled glibc, openssl, openssl and bash with PIE (compiler hardening tool). New programs will use this by default now. 12) Update to sudoers to reflect new commands that users should have access to 13) Added lines to /etc/scripts/sudoset to remove LD_DEBUG and LD_PRELOAD from the environment before calling sudo 14) Cleaned up temp file useage in various scripts. Mktemp now creates an index of tempfiles used by processes (prep for a cron task that can look at the index and delete unused files) 15) Added doc bundle configuration to default OS bundle, so docs should work at first boot StrongBox v1.0.a-6 1) New version of glibc, gcc, openldap, bind, and a few other programs 2) All StrongBox programs changed to Artistic License 3) Modifications to mount-lib to support expanding vars in get_virtual_dirs 4) Minor bugfixes to strongbox 5) Fixes in config system to better support devices, links, and old patches 6) Fix banner on initrd and in StrongBox 7) Added pound 8) Migrated to Shorewall 2.0.6, including configuration migration Note: old config files remain fully compatible with the new version 9) Minor bug fix for trustedssh StrongBox v1.0.a-5 1) Knocker default config changed to off (no password) 2) vserver-log no longer depends on vmount 3) vshelper properly linked to in etc/scripts/ 4) sysctl variables for grsecurity removed StrongBox v1.0.a-4 1) knocker updated to version 0.9.1 - fixed shutdown issues - changed rotatelog to restart instead of reload syslog 2) added in /etc/admins directory by default 3) fixed strongbox to create config archive directory automatically 4) fixed generic-bundle to correctly create the first configuration file 5) fixed detection of cdroms (order was backwards) 6) Changed initial startup message 7) removed dummy modules from modules file: now scan modules is required before modules will mount StrongBox v1.0.a-3 1) Switchover to new format for ramdisk information and patches 2) Updates to migrate patch 3) Comments that are kept continuously between saves for bundles and os - Automatic comments are added detailing files that are modified or added 4) More robust security: - readonly functions and variables - commands function library redirects most of the shell commands to specific paths for security. In future, md5sums could be used as well - more consistent use of signatures - Securemode is now default. - knocker script is more robust - use of immutable files on the ramdisk - all binary directories and system directories and files are made immutable during boot-time by the initrd 5) Different handling of bootup configs. - Uses links to current, previous and default, instead of just default - looks for it's prefered file on all discs first, then the backup files this works better for multiple disc configuration where there's a mirror of boot information 6) Fixup of many bugs in the patch and migration system: - edge cases with links, or changed file types are handled - md5sums of all new/changed files are now included in patch - use of diffs is now optional, but not default: some edge cases don't handle it properly (files with +++ in them for e.g.) 7) more tmpfs mounts in the default filesystem - makes certain that files for vmount subsystem and vservers don't make the main ramdisk run out of space - better handling for saves, etc 8) Changes to enable user accounts for administrations: - useful defaults for sudo - a sudo library for strongbox - a system for mounting user keys over ssh - a system for securely using ssh-agent - user authentication using pam_ssh - strongbox looks for keys per user, and saves this information - /admins subdirectory for admin home directories 9) Mysql client in image 10) New syslog-ng instance now logs and tags all vserver logs in a separate log file (/var/log/vservers) 11) New version of knocker: better security, UDP support, more documentation, better source ip detection 12) admuser added for administering adminstrative users 13) keymount and keychain added for key administration 14) lock and unlock scripts for quickly locking ssh-agent 15) Better logging during bootup. Quieter start, with most of the app-system startup moved to tty9 16) new app-system startup procedure: all bundles are in /etc/bundles 17) better validation tools for vservers 18) corrected a number of bugs in edge cases with vserver-utils 19) alsamixer now saves mixer levels immediately for better cooperation with the config system 20) shutdown procedure refined, with better locking and dependancy checking 21) trustedssh to allow ssh connects back to the originating host if desired (uses robust of username to determine ports) 22) unlock key now asks for passwords repeatedly, and displays more useful error information 23) vfsck all is now quieter on bootup 24) new functions for killing virtual server contexts nicely 25) initrd changes - better error logging - quieter in default mode - faster - more information saved to debuglog - initial documentation added to the initrd 26) many cosmetic and convenience cleanups StrongBox v1.0-pre7 1) Mount subsystem now supports lufs, procs, sysfs 2) Major changes to bundle subsystem for new vserver tools 3) Conversion tool for vservers 4) New certificate authentication system, includes StrongBox OIDs 5) New initrd option: mdrd (linear raid ramdisk) 6) Initrd now uses same libraries as the OS for certificates 7) Initrd now supports new format patchfile (i.e. bundles) 8) OS now uses new patch subsystem, config file selection 9) "maint" runlevel for system maintenance 10) Bundle upgrade/migration/rollback system in place 11) Support for normal (non-strongbox) vservers under strongbox 12) More logic checks for initial fsck (speed improvement) 13) Strongbox now uses vmount to deal with mounting and unmounting volumes 14) Redesigned logging support (COLLECT_LOG), logs to /var/log/vservers 15) Support for on-the-fly vmounts with "dynmount" 16) Permissive and Paranoid security modes in the initrd - Permissive(default): certificate checks allow bad dates but not bad signatures - Paranoid: no certificate errors are allowed 17) Man and info support now use running vservers 18) New root certificate for strongbox 19) Major initrd code reduction 20) Moving back to using securemode as default on CDs StrongBox v1.0-pre6 1) 2.6 specific changes 2) updated gentoo packages 3) new vserver utilities 4) added lufstools, alsa tools 5) bugfixes in submount, vserver tools, etc 6) initrd looks for swap unless the noswap keyword is passed or tmpfs 7) kernel 2.4 and 2.6 support should both work for now 8) new version of vps and vkill, tweaked vserver-utils StrongBox v1.0-pre5 1) Kernel 2.6 release -> 2.6.6-sbl1 2) Switch from devfs to udev 3) Better partition detection (unified between initrd and strongbox console) 4) Converted to squashfs2 instead of cramfs for compressed filesystems 5) Gentoo base system updates for StrongBox OS 6) lvm2 support 7) Better usb device support 8) New "cdrom" flag for cd booting 9) Initrd size now 16384 by default 10) Pre-boot hardware detection in initrd using hwsetup 11) gentoo livecd support -> net-setup for network configuration 12) added: alsa-utils, sysfs-utils, netfilter-layer7, lufs, squashfs2 mdadm, openswan, submount, eject 13) updated: libc, dietlibc, gcc, binutils, ext2fsutils, aumix, openssh, wireless tools, raidtools, module-init-tools (modutils), iptables 14) removed: evfs, supermount, systrace, freeswan, sash DebMail v0.4.3 1) Added webalizer 2) Added analog and dmagic 3) Edited mount script for "link mount" scheme 4) Added proftpd 5) Added debian doc package StrongBox v0.9.8-2 1) Added libnss 2) Fixed cosmetic bugs in app-system script 3) Changed default debmail mount scheme to reflect "link mount" scheme 4) Added "edit mount info" option to strongbox bundle config Debmail v0.4.2 1) Recompiled iptables from source, added shorewall support 2) Extra perl support libraries for amavis-maia 3) New fashion of vmounts using link tag 4) Dist-update of all programs 5) Re-added postfix and webcyradm 6) Some added network and support utilities and libraries 7) Drac support StrongBox v0.9.8-1 1) Addlink link keyword to mount-lib 2) Added a testconfig script to test out upgrades before doing them 3) Suidchannel script -> use at your own risk 4) Bugfixes to better support debmail module StrongBox v0.9.7-4 1) updated strongbox to support bundles mounted from a different directory 2) updated firstrun to work correctly 3) removed the cracklib dictionary, and the reference to it in /etc/pam.d Debmail v0.3.2 1) Dist-upgrade to latest debian unstable 2) added apache2 3) added all apache and apache2 dev dependancies 4) updated linux & asm includes to point to StrongBox kernel source 5) compiled apache and apache2 from source, and installed 6) Some support file changes, vmounts etc 7) added ldap support to image: edit etc/nsswitch.conf to use ldap 8) changed default ldap database, schema and configuration StrongBox v0.9.7-3 1) Upgraded to syslog-ng 1.6.2 -> bugs in 1.6.0rc3 2) mount-lib: Added additional check before using a cloop device 3) strongbox: typo fixed so bundles with LOCK_CONFIG specified will lock after entry 4) generic-config: added a get_all_vsips function, precursor to more robust ip validation StrongBox v0.9.7-2 1) StrongBox updates and bugfixes - numerous bugfixes of the installation features - added initialize logs option - extra documentation and help - fixed saved states in strongbox - improved error messages 2) Changed cd to boot lvmrd by default -> this fixes a security issue with vserver debmail-v0.2.2 1) fixed the base-config package -> wasn't loading correctly 2) Added default blank passwords, and set up the module to use shadow correctly debmail-v0.2.1 1) First release of the debmail bundle. Includes the following: apache-1.3.x/php/ssl/perl postfix,cyrus-imap,mailman mysql,postgresql,sqlrelay mailman phpmyadmin,phppgadmin,phpqladmin, squirrelmail,phpgroupware,horde webmin,usermin python bind9,powerdns snort,acidlab ... in addition to the basic tools 2) dpkg -l to list packages exactly 3) dpkg-reconfigure will get you configuration for the package as usual 4) Some packages with large /etc/x files have had their files moved into /usr/etc. If you need to update these files, first copy them to /etc, or else add a tempshare vmount for /usr/etc in your vmounts. These packages are: mailman, snort and X11 (libs only) 5) Other than that, it should work basically as standard debian v0.9.7-1 The number of changes here are huge -> this is a major new feature release, which might be more appropriately labeled 1.0 alpha. Feature freeze for 1.0 will come in the next 2 releases, at which point it will be 1.0 alpha material. 1) Added locking to strongbox console, vmount, and generic-bundle - this is a major improvement for the safety of these programs it should be seamless, but let me know if it isn't 2) Major new features in strongbox console: - Full interactive bundle management (including new generic-bundle features) - Installation support - Installation walkthrough - Saving state between strongbox sessions - Security partitioning between bundles to prevent conflicts - better use of colour - re-ordering of lists for better ease of use - better display of some topical information for the user 3) Major generic-bundle (was generic-module) improvements: - Improved saveconfig - Hooks for booting to previous/other configurations - Hooks with strongbox console to improve management - Patch/config system changed to improve mobility - Cleaned up to use vmount for filesystem information - Support for ip management, including local NAT for vservers (much work was put in to making this safe to use in production) - Fixed a bug changing attributes on files with colons's in their names - Better support for non-gentoo bundles 4) Improvements in vmount: - cleaner support for loop and cloop devices - cleaner error messages, better use of colour - extended the maximum recursion limit to 7, from 5 -> was hitting it occasionally in some circumstances (mount -> failover -> dependancy -> dependancy -> failover would hit it for things like spool files) 5) Added mkisofs to the distribution 6) Added nmutil (a program used by bundle scripts to fine netmasks) 7) gcc/gcc-lib update to 3.3.2 8) removed "man" from image 9) added "man" and "info" scripts, that use the man pages from bundles seemlessly, if they're present 10) Added colour support to ls, and a customized "dircolors" scheme for strongbox 11) Added links to e3 for vi, emacs and wordstar users to feel more comfy 12) Relocated several function libraries for strongbox, cleaned some general cruft from the filesystem 13) New debian module -> this is now on the cd, instead of the gentoo webapp module (webapp is still available by request) 14) Fixed signfile-lib to support cert directories -> other changes to have more flexible CA-style signing/key management available also, testsig now returns the error code of the number of files that failed to check properly 15) Added logrotate to the image 16) Updated knocker to 0.4.0, using new, more efficient code for bin<->ip conversion 17) Firstrun script to give user a little extra feedback 18) Incongruously perhaps, I managed to make the image smaller by ~1 MB ;) 19) Fixed typos in default lilo.conf 20) Added logrotate script for knocker 21) Added hash link for cert on CD v0.9.6-2 1) Added proper cloop support to mount-lib 2) Changed generic-module script show different hostnames in vservers 3) New cloop module, updated module bundles 4) Changed module defaults to use .cloop not .squashfs 5) Strongbox console: Migrate-patch changes selected ramdisk during migration 6) Makeiso: added cloop support 7) Added mkisofs to image 8) Removed grub files from image 9) Changed app script to alow 01- 10- renaming for startup ordering 10) New grub files on CD WebApp v0.3.5 1) New format: cloop 2) Changed vmounts/data to include a usermin and home mount (commented out) 3) Added pam_mysql WebApp v0.3.4 1) Changed back to gentoo md5sum 2) New version of openssl (0.9.7d) 3) Added IMAP::Admin perl module 4) Added webmin::imap perl module 5) Added usermin webmin module 6) Changed default resolv.conf file to point to ns1.strongboxlinux.com and swivel v0.9.6-1 1) Recompiled hwsetup-knoppix and kudzu-knoppix 2) Removed /etc/init.d/mv and /etc/init.d/test (random cruft) 3) Changed generic-config to use it's own version of md5sum 4) Changed generic-module to use an altered hostname (vserver.short hostname) 5) Updated grub to version 0.94 6) Updated the lilo.conf file to a new version 7) Updated Grub files on the cd to new grub version 8) New openssl (0.9.7d) 9) Added search for config file "cdprev" Webapp v0.3.3 1) Switched from using the named vmounts to the generic data vmount 2) Switched to using "EXTRA_EXCLUDES" in default config 3) Turned on "COLLECT_LOG" in default config v0.9.5-4 1) Yet another config bug= changed EXTRA_INCLUDES to an array 2) Added a "data" vmount, cleaned up vmounts generally 3) Added a "keys" vmount, using supermount 4) Added supermount support to mount-lib v0.9.5-3 1) Bugfix of link support in mount-lib 2) Added a "COLLECT_LOG" option to bundle configs v0.9.5-2 1) More bugfixes on vfsck 2) Bugfixes to mount-lib -> now works with links 3) More bugfixes on generic-config library - more saveconfig bugs fixed - now checks signatures on PATCHFILE before reading in securemode - EXTRA_EXCLUDES and EXTRA_INCLUDES now work as expected 4) Fixed generic-module script so collectlog works reliably - creates a separate context (s_context + 10000) to run collectlog - checks signature on module config file before sourcing it in securemode WebApp v0.3.2 1) Added debootstrap to image 2) updated gcc 3) updated openldap with custom ebuild to work with bind-dev 4) misc software updates 5) updated some support files for strongbox - fixed vmounts to use tmpfs for /etc and /var/lib/init.d - changed the defaults and savedirs v0.9.5-1 1) Modified the vfsck script to work as advertized 2) Modified the app-system script -> vmounts moved to a separate subsystem, with the configuration for it in /etc/conf.d/vmount 3) Updated shorewall psutils ext2utils openssh libpcap pcmcia-cs to new versions 4) Added EXTRA_INCLUDES and EXTRA_EXCLUDES in a module's config file v0.9.4-2 1) Added a vkilleverything script to shut down any remaining vserver processes 2) changed the halt script to use vkilleverything 3) modified the bundle install process: bundles now save support files bundles can restore support files using "setup" v0.9.4-1 1) Pruned files from scripts directory 2) Pruned old files from /etc/directory (asterisk, snort) 3) New version of hotplug 4) New additions to the halt script -> vserver kill and full/force unmount WebApp-v0.3.1 1) scripts now use generic init script support 2) openldap permissions issue fix 3) asterisk startup/shutdown script fix v0.9.3-3 1) Updates to module scripts -> generic init script support for gentoo 2) Update to mount-lib -> no lazy unmounts unless "force" option supplied 3) vps bugfix for new file locations, added support for first arg to be vserver 4) changed named of "module" to "bundle", link left to module WebApp-v0.3.0 1) fixed md5sums in image 2) reverted to older openldap/apache v0.9.3-2 1) More updates to module scripts 2) Fixed generic-module, generic-config and makeiso bugs 3) removed dig and lib/portage from image 4) updated vserver script v0.9.3-1 1) Updates to the module scripts 2) Fixed generic-module configsave bugs 3) New hwsetup-knoppix hardware detection 4) New kudzu-knoppix library in dev environment 5) Version bump on webapp -> compiled iptables with new kernel for webmin support v0.9.2-1 1) Updates to the generic-module script for ease of use 2) Fixed a number of bugs in module scripts 3) Initrd changes -> cleaner reporting, quieter 4) Named fixups for vserver support 5) Star fixup -> patch for new kernel v0.9.1-2 First official StrongBox release (Based on PEA linux v0.9.0-1) 1) Major interim updates vs PEA: 1) New module subsystem (generic-module, generic-config) 2) Digital signature support throughout the OS 3) Module installation features 4) Defaults to allow use of with modules on CD-ROM 5) New versions of most packages 6) Recompiled packages with greater optimizaions -O2 for speed 7) New vserver version 8) Custom StrongBox kernel (2.4.25sbl1) 9) Support for patches on a usb drive 10) CD boot support greatly improved 11) Initrd messages greatly clarified, and reduced 12) Cleanups everywhere 13) app-system (formerly pea-system) now works and is called by "init c" in the local.start file 14) vmounts now used by default, and unmounted during a system shutdown/reboot