azure-security (2.9.1) stable; urgency=low
  * Fix bug in plugin log protocol.

 -- Azure Security Monitoring Team <asmteam@microsoft.com>  Mon, 29 Jul 2019 12:00:00 +0800 

azure-security (2.9.0) stable; urgency=low
  * Removed memorylimitpercentage and memorylimitminbytes cgroup config values
  * Added AssetIdentity and NodeType columns to azsecd and azsecmond events
  * Added kube-apiserver audits: 10000 to 10012
  * Added auoms service status to heartbeat
  * Added ProcessInvestigator scanner
  * CodeIntegrity scanner improvements
    - Fixed bugs in modInfo.IsTrusted and modInfo.IsTainted
    - Added tainted module load alert to azsecd
    - Added file hashes for PE files as it is required by alerting service.
    - Changed to infer trusted keyring id from environment
    - Updated errors and logs
    - Changed to collect constant hash of Kernel module files
    - Added scanning for PE signed Kernel, Grub and Shim
      - pefile: A package to parse and verify pe files.
      - pkcs7: A package to parse and verify signed pkcs7 data.
      - peinfo: A wrapper package to locate files of interest, get info from pefile and organize it as required.
      - sboot: A package to provide trusted root certs.
      - An update to ciscan to scan for Kernel, Grub and Shim during each run of scanner.
      - An update to cidata to generate reports from peinfo.
      - sbinfo: A cmdline tool to get info about Kernel, Grub and Shim
      - gopre: Added the updated debug/pe package for now.
  * Added docker inspect output to the container inventory report
  * Bug fixes
    - Fixed config so it points to the right mdsd protocol listener
    - Fixed monitor so it works with multi-row result files
    - Fixed panic in mdsdclient
    - Fixed azsecd not exiting after SIGTERM bug
  * Added kube scanner
  * Scanner result improvements
    - Enabled capturing scanner logs as a scan result
    - Enabled scanner to return results with a name other than scanner.Name()
  * Added mdsd config validation results to heartbeat
  * Changed to log plugin scanner failure errors along with code
  * Added correct ruleId for 'Ensure TLS authentication for Docker daemon is configured'
  
 -- Azure Security Monitoring Team <asmteam@microsoft.com>  Fri, 19 Jul 2019 12:00:00 +0800 

azure-security (2.8.1) stable; urgency=low
  * Fix plugin scanners so they don't hang
  
 -- Azure Security Monitoring Team <asmteam@microsoft.com>  Tue, 7 May 2019 19:00:00 +0800

azure-security (2.8.0) stable; urgency=low
  * Added VSA vulnerability scanner
  * Added CodeIntegrity scanner
  * Fixed Auditctl Canonicalization Issue
  * Added support for running the built-in scanners in separate process
  * Added Cgroup resource (cpu, memory and io) limits for azsecd and plugin scanners
  * Improved GoalState discovery logic  
  * Added MSID as primary key for baseline remediations
  * Added following baseline rules (by MSID)
    - PAM: 157.11, 157.12, 157.14, 157.15, 157.16, 157.17, 157.18
    - SSH: 106.5, 106.7, 106.11
    - Services: 179, 181, 182, 183, 185
  * Removed MSID 139.1 rule
  * Added docker audits from internal to external
  * Added following Docker baselines rules (by MSID)
    - 1.1, 2.08, 4.6, 5.5, 5.24, 5.26, 5.28, 5.31, 7.6, 2.11, 2.12
    - 5.01, 5.02, 5.03, 5.10, 5.13, 5.14, 5.19, 5.29, 7.03, 7.04
  
 -- Azure Security Monitoring Team <asmteam@microsoft.com>  Tue, 30 Apr 2019 12:00:00 +0800

azure-security (2.7.1) stable; urgency=low
  * Fix AzSecID persistence bug
 
 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Tue, 3 Dec 2018 12:00:00 +0800

azure-security (2.7.0) stable; urgency=low
  * Fix heartbeat so that ContainerId if fetched every time, not just at start-up
  * Added system reboot time to heartbeat
  * Fixed service status checking code for CentOS 7/RHEL 7
  * Added time sync source scanner
  * Fixed newlines are not removed from v2 reports
  * Added Docker security baseline scanner
 
 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Tue, 13 Nov 2018 12:00:00 +0800

azure-security (2.6.0) stable; urgency=low
  * Added certstore scanner.
  * Added containerinv scanner.
  * Added iptables scanner.
  * Added usergroup scanner.

 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Wed, 27 Jun 2018 12:00:00 +0800

azure-security (2.5.0) stable; urgency=low
  * Added swpkg scanner.

 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Thu, 26 May 2018 12:00:00 +0800

azure-security (2.4.1) stable; urgency=low
  * Re-added support for sending to mdsd TCP port.
  * Installer adds default mdsd_socket_path value in config if it is missing.

 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Wed, 28 Mar 2018 12:00:00 +0800

azure-security (2.4.0) stable; urgency=low
  * Added kernel version to heartbeat
  * Added scan options to heartbeat
  * Added ability to disable specific baseline checks
  * Added filescan scanner
  * Changed to write to mdsd unix domain socket instead of tcp port
  * Added new v2 report schema

 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Wed, 7 Feb 2018 12:00:00 +0800

azure-security (2.3.0) stable; urgency=low
  * Added azsec-monitor package tracking to heartbeat
  * Added additional /sys/class/dmi/id values to heartbeat
  * Reduced size of report chunking
  * Added AzSecID to heartbeat and all reports (via SourceHost column)

 -- Azure Security Monitoring Team <azsecmon@microsoft.com>  Mon, 27 Nov 2017 12:00:00 +0800

azure-security (2.2.5) stable; urgency=low
  * Change baseline scan find command args to include "-xdev"

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Fri, 30 Jun 2017 12:00:00 +0800

azure-security (2.2.4) stable; urgency=low
  * Version bump

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Mon, 3 Apr 2017 12:00:00 +0800

azure-security (2.2.3) stable; urgency=low
  * Added support for Ubuntu 17.04
  * Improved logging
  * Fix bug in distro driver that was causing false negative for baseline "CheckServiceEnabeld".

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Mon, 3 Apr 2017 12:00:00 +0800

azure-security (2.2.2) stable; urgency=low
  * Prevent SIGPIPE from terminating azsecd

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Tue, 7 Mar 2017 14:00:00 +0800

azure-security (2.2.1) stable; urgency=low
  * Whitelist ssh-agent and snap-confine in sbi audit 15

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Fri, 28 Oct 2016 09:00:00 +0800

azure-security (2.2.0) stable; urgency=low
  * Added container ID to heartbeat report
  * Implemented telemetry messaging
  * Added 'telemetry_url' attribute to azsec.xml (/etc/azsec/azsec.xml)
    to activate telemetry for azsecd and the scanners.
    Default value is empty string (not activated).

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Thu, 13 Oct 2016 12:00:00 +0800

azure-security (2.1.1) stable; urgency=low
  * Added SMBIOS UUID to heartbeat report
  * Added 'start_delay' attribute to azsec.xml (/etc/azsec/azsec.xml)
    to indicate delay between starting azsecd and invoking the scanners.
    Default value (if not present in azsec.xml) is 1 hour.

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Wed, 27 Jul 2016 12:00:00 +0800

azure-security (2.1.0) stable; urgency=low
  * Added option to copy scanner results to directory specified in azsec.xml
  * Remove checks and remediation for ipv6 secure_redirects, send_redirects, and log_martians
  * Added heartbeat built-in scanner
  * Removed facility from scanner config files (using scanner name instead)
  * Changed baseline result from MISS to SKIP when a distro has no defined check for an audit.

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Mon, 18 Jul 2016 12:00:00 +0800

azure-security (2.0.3) stable; urgency=low
  * Audit 15: Add Ubuntu 16.04 binaries to whitelist
  * Audit 159: Fix logic for detecting/removing unnecessary accounts

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Fri, 3 Jun 2016 12:00:00 +0800

azure-security (2.0.2) stable; urgency=low
  * Added support for Oracle Linux (6,7)
  * Added native RPM packaging

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Thu, 26 May 2016 16:30:00 +0800

azure-security (2.0.1) stable; urgency=low
  * Added support Debian 8
  * Added remediation subcommand to azsecd

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Fri, 29 Apr 2016 16:30:00 +0800

azure-security (2.0.0) stable; urgency=low
  * Ported to go
  * Added support for Ubuntu 16.04, Debian 8, CentOS (6,7), RHEL (6,7), SLES (11,12)
  * Removed rsyslog dependency from scanners

 -- Azure Security Engineering Linux Team <aselinux@microsoft.com>  Mon, 29 Feb 2016 16:30:00 +0800

azure-security (0.1.11) stable; urgency=low
  * Retry apt operations (update/dist-upgrade/install) in apply-secbaseline.sh

 -- Azure Linux Team <azlinux@microsoft.com>  Wed, 17 Feb 2016 12:40:00 +0800

azure-security (0.1.10) stable; urgency=low
  * Bugfix for OSError when creating /var/run/azsecd

 -- Azure Linux Team <azlinux@microsoft.com>  Fri, 12 Feb 2016 15:50:00 +0800

azure-security (0.1.9) stable; urgency=low
  * Bugfix remove cleartext passwords from Ubuntu 12.04 systems

 -- Azure Linux Team <azlinux@microsoft.com>  Mon, 30 Nov 2015 16:30:00 +0800

azure-security (0.1.8) stable; urgency=low
  * Bugfix for parsing unicode command output to ascii
  * Several fixes for the apply-secbaseline script
  * Support multiple scanner config files under /etc/azsec/cfg

 -- Azure Linux Team <azlinux@microsoft.com>  Fri, 20 Nov 2015 10:30:00 +0800

azure-security (0.1.7) stable; urgency=low
  * Add support for systemd (Ubuntu 15.04 and above)

 -- Azure Linux Team <azlinux@microsoft.com>  Thu, 29 Oct 2015 11:45:00 +0800

azure-security (0.1.6) stable; urgency=low
  * Antivirus scanner is removed

 -- Azure Linux Team <azlinux@microsoft.com>  Wed, 28 Oct 2015 16:10:00 +0800

azure-security (0.1.0) stable; urgency=low
  * Initial package release
  * Antivirus scanner for identifying malware
  * Baseline configurator for applying secure config settings
  * Baseline scanner for identifying deviations from applied baseline
  * Patch scanner for identifying patches that have not been installed
  * Software inventory scanner for scanning installed software packages

 -- Azure Linux Team <azlinux@microsoft.com>  Thu, 9 Apr 2015 15:52:00 +0800
