v1.6.3 - release 6/12/2017
- Support for CoreOS:
- Agent has been qualified for CoreOS Stable v1353.8.0 and later
- We ship an installer script for customers to facilitate installing the agent and its dependencies, as well as a systemd service configuration
- README.md with additional information
- Improved handling of deployment scenarios where the agent is started by the OS before being properly configured and registered
- Improved handling of cases with large amounts of Docker container metadata
- Performance improvements for Docker container support
v.1.6.2 - release 3/30/2017
- Improved connection handling and detection of connection issues to Threat Stack platform
- Expanded the agent status check to allow customers to query whether the agent is sending data to the platform
- Resolved an issue where agent installation would create files in /mnt/jenkins
v.1.6.1 - release 3/9/2017
- Improved support for authentication failures on CentOS 6 - user and source IP are now sent as discrete data available for alerting and searching
v1.6.0 - release 2/21/2017
- Support for new Threat Stack Monitor and Investigate plans
- Support for Docker 1.13.0
- Resolved an issue where a Docker event could become unassociated with its originating container
v1.5.1 - release 1/23/2017
- Major upgrade to agent core engine optimizing CPU utilization, memory consumption and providing additional security and stability enhancements
v1.5.0 - not publicly released
v1.4.14 - release 12/20/2016
- Added support for Docker 1.12.4
v1.4.13 - release 10/18/2016
- Added support for Docker 1.12
v1.4.12 - release 9/20/2016
- Fixed an issue where using yum erase to remove the Threat Stack agent on a system without perl installed could cause issues with /etc/pam.d/sshd configuration
- Added additional configuration options to drop specific kernel audit messages from raw audit log
- Improved handling of group modification events for local accounts
v1.4.11 - release 7/28/2016
- Added support for capturing authentication failures for Google Authenticator
- Faster updating of File Integrity Monitoring (FIM) rules in the agent
v1.4.10 - release 7/12/2016
- Additional Docker integration enhancements
v1.4.9 - release 6/20/2016
- Updated Docker integration to reduce CPU load
- Upgraded internal components for performance, reliability and security
v1.4.8 - release 5/17/2016
- Resolved directory permissions issue on /opt/threatstack/etc
- Resolved an issue where the tscontainersd sensor for Docker events could crash under certain circumstances on Amazon Linux
- The agent now outputs its configuration parameters into a JSON-formatted file at /opt/threatstack/cloudsight/config/config.json. This lists all the variables that configured with the agent and can be used to inspect agent state
- Added a configuration option to output raw audit framework messages to a log file
v1.4.7 - not publicly released
v1.4.6 - release 4/28/2016
- Improved efficiency in calling Docker APIs, resulting in lower CPU utilization
- Better handling of Docker registry format changes to handle Docker 1.1x and greater
- Improved login failure tracking to catch failed public key authentication attempts
v1.4.5 - release 3/28/2016
- Stability and performance enhancements
- Reduced occurrences of encoded process names, from deleted processes, showing up in Threat Stack UI
v1.4.4 - release 2/24/2016
- Updated installed package scanning to better support Amazon Linux and Red Hat distributions
- Enhanced login failure tracking to provide more information on attempts by users
v1.4.3 - release 2/17/2016
- Resolved an issue where in certain circumstances FIM rule changes aren't pushed to the agent in a timely manner
v1.4.2 - release 2/16/2016
- Added support for an upcoming feature for scanning locally installed packages for vulnerabilities
- Additional improvements to our internal process control to reduce instances where we restart our sensors due to a system issue
v1.4.1 - release 1/11/2016
- Resolved an issue where, under certain load circumstances, the agent could consume more CPU than necessary
v1.4.0 - release 1/4/2016
- Improved upgrade performance
- Logging kernel, distro, and Threat Stack server data
- Ability for customers to redact process arguments
- Additional information for FIM events
v.1.3.5 - release 12/7/2015
Removed unused network features from the agent to reduce CPU and network load on the host system
Upgraded embedded node.js to v0.10.41
v.1.3.4 - release 10/30/2015
- Resolved an issue in v1.3.2 when starting the agent on Amazon Linux
v1.3.3 - not publicly released
v1.3.2 - release 10/29/2015
- Includes host system information in cloudsight.log when the agent starts
- Resolves an issue on Ubuntu 12.04 where the installer doesn’t properly configure login tracking
- Fix for handling large Docker containers
v.1.3.1 - release 10/5/2015
- Support for auditing events from Docker Containers
- Upgraded internal libraries
- Packaging improvements
- Agent will warn at runtime if we detect an incompatible kernel version and shutdown
- Stability and performance enhancements
v1.2.4 - released 9/14/2015
- Fixed another issue with process supervision
v1.2.3 - released 9/10/2015
- Fixed an issue where our process supervisor was too aggressive with restarting agent components
- Stability and performance improvements
v1.2.1 - released 7/22/2015
- Improved support for Stacked Ruleset feature
- File integrity rule exclusions no longer require a full path
- Improved performance for systems under heavy network load
v1.2.0 - released 6/30/2015
- Support for an upcoming feature release to support multiple policies per agent
- Added timestamps to log files
- This is the last version of the agent that will be provided for 32-bit systems and for Ubuntu 10.04
v1.1.11 - released 5/20/2015
- Fixed a bug related to an issue where a user could not register an agent using a configuration file and the --config= run time flag.
v1.1.10 - released 5/1/2015
- Set hard package conflict on linux-image-3.13.0-51-generic - disallow the ability for the TS agent and that kernel to run together. See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1450442 for more info
- Update the post-install files to ensure the audit rules get loaded correctly on install and upgrade.
v1.1.9 - released 4/28/2015
- Refactor and improve init script to include better pid file management
- Include basic support for Debian 7.x - official packages will be available soon.
v1.1.7 - released 3/11/2015
- Fix issue related to race condition where the tsfim process could start twice and the agent could fail to bind and cause the agent to fail startup
- Ignore FIM events from Cloudsight agent.
- Cache user lookups
- Ensure when threatstack system user is created we explicitly set a false login shell.
v1.1.6 - released 3/2/2015
- Add configuration option (cloudsight config disable_fim=1) to allow disabling file integrity monitoring on the agent.
- Disable DNS resolution queries by default. (To enable use cloudsight config disable_dns_lookups=0)
- Performance fixes related to reading tsaudit.log on restart.
- With additional tuning we no longer need larger logs on nodes - reduced the max tsauditd.log size to 50MB
v1.1.4 - released 2/9/2015
- Set tsaudit.log to roll at 100MB max log size.
- Add better restart logic when tsaudit is idle
- Fixed a few bugs related to DNS resolution that could contribute to high CPU and network usage.
v1.1.3 - released 1/19/2015
- Send up internal IP addresses so the UI can display on the agents page (vs just sending external IP address)
- Add a --hostname configuration flag, which at new agent registration allows user to define the friendly name the agent will display in the UI. This defaults to the systems hostname when not set.
v1.1.2 - released 1/19/2015
- Add memory stats to agent tracking for logging rss memory usage.
- Update local logging to not include superfluous heartbeat logging messages.
- Fix packaging to properly remove /opt/threatstack when uninstalling agent
- Add a check to fail when ts_fanotifyLL_new init fails
- Check for kernel version >= 2.6.37 to enable fanotify
v1.1.1 - released 1/15/2015
- Fix and update various Info log messages to Debug.
v1.1.0 - released 1/14/2015
- Updates to the agent to support Signed Apt and Yum repositories
- Threat Stack Agent package name is now "threatstack-agent"
- Updates to how the agent can be registered - now supports command line flags as well as path to a file with deploy key and policy name/ID.
- Add tunable for disabling DNS resolution for network connections.
- Removed sys_socket syscall as it's no longer required and can cause performance issues.
- Numerous performance updates and improvements around File Integrity Monitoring and audit improvemements
v1.0.24 - released 11/8/2014
- Resolves an issue where agents running on Amazon EC2 instances may not properly register their instance-id, resulting in agent status not displaying properly