RELEASE 1.1 March 27, 2002

This file lists significant file-by-file changes in the
Router Audit Tool and Benchmark.

2002-03-27  gmj <gmj@users.sourceforge.net>

	* etc/INSTALL.WIN32.txt [Joshua Wright]
	* etc/INSTALL.cygwin.txt [John Stewart]
	* etc/LOCALIZE.txt [George Jones]
	* etc/FAQ.txt [George Jones]
	* etc/ncat.conf.MASTER [George Jones]
	* bin/ncat_config.PL [George Jones]
	* winmake.PL [Joshua Wright]
	* install.bat [Joshua Wright]
	* Makefile-nosnarf.PL [George Jones]

	- NEW.

	* etc/INSTALL.txt, etc/GPL.txt, etc/LICENCING.txt, etc/CIS_TERMS.txt,
	  etc/RELEASE-NOTES.txt, etc/TODO.txt, etc/WISHLIST.txt,
	  etc/cisco-ios-benchmark.html [John Stewart]

	- Moved.

	* etc/INSTALL.unix.txt

	- Moved, renamed.
	- Note that it's for UNIX
	- Show how to install w/o snarf
	- use Test::Simple instead of the obsolete Test::More

	* ChangeLog.txt, etc/RELEASE-NOTES.txt, etc/LICENCING.txt, 

	- Renamed (added .txt)

	* Makefile.PL

	- Added "ncat_config" program
	- copy etc/ncat.config.MASTER to $PREFIX/etc

	* README

	- updated for 1.1
	- Now points to etc/INSTALL* and etc/README*
	- Reflect new organization (most text files in etc/)
	- Add etc/LOCALIZE.txt, README.WIN32.txt, etc/ncat.conf.MASTER
	  etc/INSTALL.cigwin.txt, etc/INSTALL.unix.txt, etc/INSTALL.txt

	* TODO.txt

	- Updated to reflect changes.

	* WISHLIST.txt

	- Major update to list projects and give hints about how
	  to implement.
	- Added "Top 5" lists in each area.

	* bin/ncat.PL

	- [Joshua Wright] ActiveState Perl changes
	- Make "-V" and "--version" synonymous.  No args/flags gives usage.
	- Added ConfigLineSkip directive, defaults to "^ shutdown" to skip
	  shut IOS interfaces.
	- Moved all documentation of ncat.conf[.MASTER] here
	- rule matchs are now space-insensitive and case-insensitive
	- All ncat.conf[.MASTER] parsing moved to NCAT.pm
	
	* bin/ncat_report.PL

	- [Joshua Wright] ActiveState Perl changes
	- Make "-V" and "--version" synonymous.  No args/flags gives usage.
	- Fix scoring problems.  Now just count # of rules checked (each 
	  instance counts for one check).  Much more intuitive.
	  Also fix bogus averaging calculation (scores are now 0-10, not 0.5-10.5)
	- Sort by rule names within category in rules.html (benchmark)
	- All ncat.conf[.MASTER] parsing moved to NCAT.pm
		
	* bin/rat.PL
	- [Joshua Wright] ActiveState Perl changes
	- Make "-V" and "--version" synonymous.  No args/flags gives usage.
        - Unlink configs before snarfing.
	- Pass --verbose down to all other programs
	- Hard code paths to other programs for better security.
	- [Joshua Wright] Changed --snarf short option to -a to avoid conflict with --noenable|-n
	- [Joshua Wright] added --noenable flag for snarf

	* bin/snarf.PL
	- Make "-V" and "--version" synonymous.  No args/flags gives usage.
	- Allow multiple commands seperated by ";"
	- do "sho ver" and "sho run" by default
	- Add caveat about cleartext passwords/configs using telnet.
	- [Joshua Wright] added --noenable flag.

	* etc/ncat.conf
	- Added note to "logging console" description about possiblity of
	  console logging making it impossible to manage the router.
	- Now autogenerated by ncat_config form etc/ncat.conf.MASTER.
	  Changes should happen there.
	- Updates to work with ncat_config
	- Added ConfigLocal:key=value syntax, subsitution
	- Set reasonable defaults for most ConfigLocal: key/value pairs.
	- Default etc/ncat.conf now uses default subsitutions
	  (e.g. "EternalInterface" replaced with "Ethernet0",
	  "ACL_Num_Ingress" replaced with "180", etc.   Most of the
	  "EDIT-BY-HAND" entries are gone.  Many of hte cases where
	  we wre matching any number (\d+) or address (\d+\.\d+\.\d+\.\d+)
	  are gone.
        - All ACLs now use numbers in the 180-189 range.
	- logging buffered now set to "16000" per NSA RSCG
	- Section on "Understand Technology, Risks and Your Organizational Goals"
          added to preface.
	- Section on "Localizing the Benchmark" added to preface.
	- Made Exec_Timeout a configuration option
	- Fixed IOS 11 problems with {tcp,udp}-small-servers
	- Fixed IOS 11 problem with finger (IOS is inconsistent)
	- Fixed problem that was causing "apply telnet ACL" rule to match all
	  the time.  IOSLine rules now match for any vty, not just
	  "vty 0 4".
	- Added descriptions/help messages to default settings
	- Changed ingress/egress rules from "default" to "border" class
	- Deleted "IOS - set syslog facility" rule
	- Renamed "aaa" ruleset "tacacs_aaa"
	- Renamed "border" ruleset "exterior_router" per Zwicky and Chapman.
	- Edited ConfigLocal: options for ingress/egress filtering so that
	- they only apply (and are prompted for) when exterior_router group
	- is selected.
	- Added ConfigClass: localtime
	- Added ConfigClass: GMT
	- Renamed INTERFACE_SOURCE to be LOCAL_SOURCE_INTERFACE
	- Added rule dependencies in conjunction with new code in ncat_config.PL#
	- Changed syntax of all "ConfigLocal.*" rules/fields to use new,
	  consistent syntax parsed by NCAT.pm
	- All local config values prefixed with "Local_"
	- Added rules to prompt user for names of primary and secondary
	  external interfaces (if class exterior_router is selected)
	- Added rules to prompt for 2nd and 3ed NTP hosts, dependant on
	  new rule class "use_multiple_ntp_servers"
	- Added rules to check for the existence of primary and secondary
	  external interfaces if specified.
	- Added rules to check for application of ingress/egress filter
	  on secondary external interface, if defined.
	- Added reference to SANS SCORE document for securing Cisco routers.
	- Renamed Local_2nd_External_Interface to Local_External_Interface_2
	  for consistency.
	- Local_Source_Interface renamed to Local_Looopback_Num.  Now just
	  ask for the loopback address and assume that a loopback will be
	  used as the source interface.
	- Added Check for existence of 2nd external interface
	- Added reference to ncat_config in localization section.
	- Changed version that "no ip bootp server" applies to (>=11.2) to
	  match cisco docs.
	- Changed default behavior of "no ip bootp server".  It is now
	  required to be disabled...this is because default IOS behavior
	  is to enable it.
	- Fixed typo in "no logging on" match pattern.
	- Fixed rules that forbid snmp communities public+private
	- Added access and tacacs_aaa to ruleclass for loopback device
	- removed "localtime" from GMT timestamp fix script.

	* lib/NCAT.pm

	- Updated VERSION to 1.1
	- All ncat.conf[.MASTER] parsing moved here.  Export
	  ParseRules subroutine and global hashes containing parsed
	  records/fields 
	

2002-02-05  gmj  <gmj@users.sourceforge.net>

	* INSTALL.txt

	- Added step to install Test::More
	- [Neal Ziring] Added instructions for getting/installing modules manually
	- Minor cleanup

	* Makefile.PL

	- [John Stewart] Install NCAT.pm in ($PREFIX)/lib
	- [John Stewart] Define PREFIX environment variable.

	* README

	- Added reference to WISHLIST.txt, removed wishlist items.
	- Added "MAJOR CONTRIBUTORS" section.

	* WISHLIST.txt

	- Initial version

	* bin/ncat.PL,bin/ncat_report.PL,bin/rat.PL,bin/snarf.PL

	- [John Stewart] updated to all non-root install of NCAT.pm
	- [John Stewart] look for ncat.conf in PREFIX/etc/
	- documentation cleanup
	- Report RCS version in --version
	
	
	* bin/ncat_report.PL

	- Updated HTML meta-tags to ensure pages are not cached
	- Fixed problems with output grouping
	- Don't include fix code in all.html
	- Minor wording changes in reports
	- Documentation cleanup
	- [John Stewart] look for ncat.conf in PREFIX/etc/
	- Don't put links to non-existent reports in index.html
	- Report RCS version in --version

	* bin/rat.PL
	- Report RCS version in --version	

	* bin/snarf.PL
	- Report RCS version in --version	

	* ChangeLog

	- This file.

	* cisco-ios-benchmark.html

	- Autogened from ncat.conf
	- Prevent caching of HTML (all HTML docs)

	* etc/ncat.conf

	- Added "IOS - " to IOS rule names
	- Added "IOS 11- " or "IOS 12 - " to version specific IOS rule names
        - Minor wording cleanup

	
2002-01-24  gmj  <gmj@users.sourceforge.net>

	* Chanced "split" character from ":" to ";" to allow IOS
	  sub-interfaces to work.  Suggested by Colm Ennis AT eircom 
	* rename sans-ios.conf to be ncat.conf

2001-12-21  gmj  <gmj@users.sourceforge.net>

	* Integrated benchmark and Router Security Configuration
	  Guide (rscg.pdf).  The benchmark now links into the guide.

	* Guide installed in PREFIX/doc/.  Symlinks created to version
	  in /doc

	* Program version number (NCAT::Version) now used for benchmark
	version instead of CVS version number of ncat.conf

	* Search likely list of /etc paths for ncat.conf

	* All modules set to 2.0, 2.0.2.* branch is CIS version.

	* CIS version placed under CIS Terms of Use.

2001-12-20  gmj  <gmj@users.sourceforge.net>

	* Major improvements to the rules.html file generated by ncat_report.
	  It is now the "benchmark" document.  rat0/cisco-ios-benchmark.html
	  is a copy of the generated rules.html file.

	  Improvements include: the use of cisecurity.org
	  benchmark terminology, added intro/benchmark and rat/feedback/
	  credits sections, standardized descriptions ("what"/"why"),
	  fixed spelling and grammer.

	* Added/changed references to mailing list addresses for feedback.
	  rat-{request,feedback,users}[-subscribe]@cisecurity.org

	* Updated README to refer to benchmark document.

	* Update $VERSION to 0.93 in NCAT.pm

	* Updated credits

	
2001-12-11  gmj  <gmj@users.sourceforge.net>

	* bin/ncat.PL, bin/ncat_report.PL, bin/rat.PL:
	
	Documented short (single character) versions of command line
	switches.

	Added --help.

2001-12-10  gmj  <gmj@users.sourceforge.net>

	* bin/snarf.PL:

	Added SNARFUER environment variable.

	* bin/ncat.PL:

	Changed default class form .* to "default".

	* bin/rat.PL:

	Changed default class from .* to "default".

	* etc/sans-ios.conf: Added non-default rules.

	Improved rule descriptions.
	
	Assigned importance values of 1-10 to all rules.

2001-11-26  gmj  <gmj@users.sourceforge.net>

	* etc/sans-ios.conf:

	Fix finger and bootp rules for 12.2

	* bin/ncat_report.PL, bin/rat.PL, bin/snarf.PL:

	Fix minor problems with option parsing.

2001-11-14  gmj  <gmj@users.sourceforge.net>

	* INSTALL.txt:

	default config file is ncat.conf, not sans-ios.conf

	* INSTALL.txt:

	Changed location of rules file in INSTALL.txt to match true
	default location.

	* doc/ncat.1, doc/ncat.html, doc/ncat.txt, doc/ncat_report.1,
	doc/ncat_report.html, doc/ncat_report.txt, doc/rat.1,
	doc/rat.html, doc/rat.txt, doc/snarf.1, doc/snarf.html,
	doc/snarf.txt, etc/sans-ios.conf, lib/NCAT.pm, t/placeholder.t:

	Initial CVS checkin.

	* doc/ncat.1, doc/ncat.html, doc/ncat.txt, doc/ncat_report.1,
	doc/ncat_report.html, doc/ncat_report.txt, doc/rat.1,
	doc/rat.html, doc/rat.txt, doc/snarf.1, doc/snarf.html,
	doc/snarf.txt, etc/sans-ios.conf, lib/NCAT.pm, t/placeholder.t:

	 New file.

	* INSTALL.txt, Makefile.PL, README, RELEASE-NOTES, bin/ncat.PL,
	bin/ncat_report.PL, bin/rat.PL, bin/snarf.PL:

  	Initial CVS checkin.

	* INSTALL.txt, Makefile.PL, README, RELEASE-NOTES, bin/ncat.PL,
	bin/ncat_report.PL, bin/rat.PL, bin/snarf.PL:

	New file.

