File ntopng.changes of Package ntopng
-------------------------------------------------------------------
Sun Aug 22 12:43:11 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 5.0
Breakthroughs
* Advanced alerts engine with security features, including the
detection of attackers and victims.
+ Integration of 30+ nDPI security risks.
+ Generation of the score indicator of compromise for hosts,
interfaces and other network elements.
* Ability to collect flows from hundredths of routers by means of
observation points.
* Anomaly detection based on Double Exponential Smoothing (DES)
to uncover possibly suspicious behaviors in the traffic and in
the score.
* Encrypted Traffic Analysis (ETA) with special emphasis on the
TLS to uncover self-signed, expired, invalid certificates and
other issues.
New features
* Ability to configure alert exclusions for individual hosts to
mitigate false positives.
* Ability to see the TX/RX traffic breakdown both for physical
interfaces and when receiving traffic from nProbe.
* Add support for ECS when exporting to Syslog.
* Improved TCP analysis, including analysis of TCP flows with
zero window and low goodput.
* Ability to send alerts to Slack.
* Implementation of a token-based REST API access.
Improvements
* Reworked the execution of hosts and flows checks (formerly user
scripts), yielding a reduced CPU load of about 50% .
* Improved 100Kfps+ NetFlow/sFlow collection performance.
* Drilldown of nIndex historical flows much more flexible.
* Migration to Bootstrap 5.
* Check malicious JA3 signatures against all TLS-based protocols.
* Reworked Doh/DoT handling.
Fixes
* Fixes SSRF and stored-XSS injected with malicious SSDP
responses.
* Fixes several leaks in NetworkInterface
Notes
* REST API v1/ is deprecated and will be dropped in the next
stable release in favor of REST API v2/ .
* The old alerts dashboard has been removed and replaced by an
advanced alerts drilldown page with integrated charts.
-------------------------------------------------------------------
Fri Apr 23 15:12:36 UTC 2021 - Mathias Homann <Mathias.Homann@opensuse.org>
- Update to ntopNG 4.2
* had to manually specify the mysql include dir - something weird is going
on.
-------------------------------------------------------------------
Sat May 2 11:19:10 UTC 2020 - Petr Cervinka <petr@cervinka.net>
- Add ntopng.target unit file
- Remove ntopctl script
- Obsolete old ntopng-data package
-------------------------------------------------------------------
Wed Apr 29 12:52:21 UTC 2020 - Petr Cervinka <petr@cervinka.net>
- Major package changes:
* Remove displaying setup information from post section, it duplicates
content of README.SUSE
* Add patch to avoid static linking against bundled ndpi library
001-Enable-building-against-the-dynamic-libndpi-library.patch
* Remove bundled ndpi library
* Remove GeoIP data, GeoIP has been discontinued by Maxmind
https://support.maxmind.com/geolite-legacy-discontinuation-notice/
https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md
* Add geoipupdate to recommends
* Add directory /var/lib/ntopng
* Add creation of ntopng user
* Use default ntopng.conf provided by upstream
* Update description in ntopng.service file
* Fix requires in ntopng.service file
* Remove sysconfig configuration file
* Add ntopng@.service file to have possibility of multiple configuration files
* Update SUSE.README about multiple configuration filesqq
- Update to version 4.0:
Breakthroughs
* Plugins engine to tap into flows, hosts and other network elements
* Migration to Bootstrap 4 and Font Awesome 5 for a renewed ntopng look-and-feel
with light and dark themes
* Processes and containers monitoring thanks to the eBPF integration via libebpfflow
https://github.com/ntop/libebpfflow
* Active monitoring of hosts ICMP/ICMPv6/HTTP/HTTPS Round Trip Times (RTT)
New features
* X.509 client certificate authentication
* ERSPAN transparent ethernet bridging
* Webhook export module for exporting alarms
* Identifications of the hosts in broadcast domain
* Category Lists editor to manage ip/domain lists
* Handling of PEN fields from nProbe
* Added anomalous flows to the looking glass
* Visibility of ICMP port-unreachable flows IPv4
* TCP states filtering (est., connecting, closed and rst)
* Ability to serialize local hosts in the broadcast domain via MAC address
* Japanese, portugese/brazilian localization
* Added process memory, cpu load, InfluxDB, Redis status pages and charts
* Implement ntopng Plugins, self contained modules to extend the ntopng functionalities
* Implement ZMQ/Suricata companion interface
* SSL traffic analysis and alerts via JA3 fingerprint, unsafe ciphers detection
* SSH traffic analysis and alerts via HASSH fingerprint
* Host traffic profile generation via the (MUD) Manufacturer Usage Descriptor
* Experimental Prometheus timeseries export
* Introduce the System interface to manage system wide settings and status
* Read events from Suricata and generate alerts
* SNMP network topology visualization
* Automatic ntopng update check and upgrade
* Calculate host anomaly score and trigger alerts when it exceeds a threshold
* Add ability to extract timeseries data with a click
* Initial Marketplace droplet using Fabric
* Alerts on duplex status change on SNMP interface
Improvements
* View interfaces are now optimized for big networks and use less memory
* Systemd macros are now used to start/restart the ntopng services
* Handles n2disk traffic extractions from recording processes non managed by ntopng
* Interface in/out now available also for non PF_RING interfaces (read from /proc)
* Automatic InfluxDB rollup support
* MDNS discovery improvements
* Rework of the alerts engine and api for efficient engaged alerts triggering
* Faster ZMQ communication to nProbe thanks to the implementation of a binary TLV format
* Stats update for ZMQ interfaces is now based on the idle/active flows timeout
* Timeseries export improvements via queues, detect if InfluxDB is down and stop the export
* Implemented reusable Lua engine to reduce the overhead of periodic scripts
* Improve Lua error handling
* Exclude certain categories from Elephant/Long lived flows alerts
nEdge
* Ability to set up port forwarding
* Support for Ubuntu 18.04
* Fix users and other prefs deleted during nEdge data reset
* Japanese localization
* Block unsupported L3 protocols (currently only ARP and IPv4 are supported)
* DNS mapping port to avoid conflicts with system programs
Fixes
* Fixed export to mysql on shutdown in case of Pcap file in community mode
* Fixed failing SYN-scan detection
* Fixed ZMQ decompression errors with large templates
* Fixed possible XSS in login.lua referer param and `runtime.lua`
* Update geolocation due to changes in the library usage policy
* Fixes to support browsers dark mode
* Option `--zmq-encryption-key <pub key>` can be used with `-I <endpoint>` to encrypt
data hi hierarchical mode
* Fixed nIndex missing data while performing some queries and throughput calculation
-------------------------------------------------------------------
Wed Feb 26 12:08:49 UTC 2020 - Petr Cervinka <petr@cervinka.net>
- Add README.SUSE to %doc and source section
- Apply spec-cleaner
-------------------------------------------------------------------
Wed Dec 25 21:08:42 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 3.8.1
* Make the stable version compatible to build with nDPI 3.0
- Update bundled nDPI to version 3.0
-------------------------------------------------------------------
Sat Feb 9 14:11:36 UTC 2019 - mardnh@gmx.de
- Update to version 3.8
* Lots of new features, improvements and bufixes
See /usr/share/doc/packages/ntopng/CHANGELOG.md for the full
changelog
- Specfile cleanup
- Run spec-cleaner
- Use pkg-config style dependencies
- Add conditional build for nEdge (disabled by default)
- Add conditional build for libndpi
* ntopng currently only supports building against a static
version of libndpi
-------------------------------------------------------------------
Tue Jun 6 07:55:40 UTC 2017 - petr@cervinka.net
- Spec file completely redesigned
- GeoIP data provided as a new subpackage
- Highlighted proper license for GeoIP data
- Init scripts migrated to systemd unit file
- Updated make compiler flags to build package on Tumbleweed
- Filter out rpmlint errors and warnings
- Added README.SUSE with steps how to configure redis
-------------------------------------------------------------------
Sun Dec 25 19:24:12 UTC 2016 - Mathias.Homann@opensuse.org
- Update to ntopng 2.4
-------------------------------------------------------------------
Thu Apr 17 07:03:58 UTC 2014 - stoppe@gmx.de
- Initial release
