~~~~~~~~~~~~~~~~~~~~~~
version 2.0
~~~~~~~~~~~~~~~~~~~~~~

* added windows 7/8/10 install/uninstall support
* Reorganized linux install/uninstall routine
* added uac check(windows) 
* added root check(linux)





~~~~~~~~~~~~~~~~~~~~~~
version 1.8
~~~~~~~~~~~~~~~~~~~~~~

* fixed setup.py for backwards compatiblity for python2/3
* fixed issue that would cause restart_artillery to kill itself and not restart
* fixed an issue that would cause ssh to pull more logs then needed and not to ssh banning
* fixed an issue that would cause intelligence to still download if source feeds were on
* turned anti-dos to off by default
* fixed iptables trying to start when honeypot_ban was off
* fixed email from not loading modules properly due to python2to3 compatibility
* fixed syslog offloading

~~~~~~~~~~~~~~~~~~~~~~
version 1.7
~~~~~~~~~~~~~~~~~~~~~~

* converstion to Python3 and adding support for python3
* misc fixes for backwards compatibility for python2/3
* added fix for 0.x.x.x subnets sitll being added under sort

~~~~~~~~~~~~~~~~~~~~~~
version 1.6.1
~~~~~~~~~~~~~~~~~~~~~~

* put everything into pep8 format
* added password auth check thanks to benichmt1 git pull request

~~~~~~~~~~~~~~~~~~~~~~
version 1.6
~~~~~~~~~~~~~~~~~~~~~~

* fixed issue where 0.x.x.x could show up on banlist
* added OTX reputation IP lists to Artillery
* sped up artillery boot time significantly when ban is turned off
* sped up time for URL feeds and put them into one central function
* greatly increased time for threat intelligence feed pulls and removed old intelligence update function and centralized into source feeds with appropriate checks
* added sort IP after pulling in external source feeds and ATIF
* cleaned up old codebase

~~~~~~~~~~~~~~~~~~~~~~
version 1.5.1
~~~~~~~~~~~~~~~~~~~~~~

* fixed old git repo to new git repo at binarydefense

~~~~~~~~~~~~~~~~~~~~~~
version 1.5
~~~~~~~~~~~~~~~~~~~~~~

* disabled yaml config as this breaks configuration reading
* added better handling and ipv4 checking for remote feeds
* changed threat feed to pull every 1 hour instead of 24 hours
* fixed sort issue and malformed IP addresses due to sort not checking properly

~~~~~~~~~~~~~~~~~~~~~~
version 1.4.1
~~~~~~~~~~~~~~~~~~~~~~

* added a new function for sorting IP addresses when adding to the banlist, when an IP address is added, it will sort the text file banlist after an append action
* fixed an issue when artillery would initially launch it would not honor the ban() function for check to see if the IPs are already there. 
* fixed an issue when honeypot ban was specified to no, it would not populate the banlist even if it banned or not

~~~~~~~~~~~~~~~~~~~~~~
version 1.4
~~~~~~~~~~~~~~~~~~~~~~

* added the ability to remove old records after a certain interval - this will overwrite the banlist and start from scratch based on certain time intervals - options are available under the config files
* added multiple feeds based on the script from http://www.deepimpact.io/blog/splunkandfreeopen-sourcethreatintelligencefeeds - much appreciated. Artillery can now pull from multiple banlist IP addresses and will continue to add onto these as time goes on
* added new functions to handle multiple different aspects including downloading files and new additions for parsing through banlist ips
* turned banning to OFF by default and added threat intelligence feed to ON as defaults
* added a check to turn on intelligence feed and also turn off ban if it is selected in the options this will allow you to pull intelligence feeds, check IP adddresses, and add to banlist, but not actively ban

~~~~~~~~~~~~~~~~~~~~~~
version 1.3.1
~~~~~~~~~~~~~~~~~~~~~~

* added ability to change syslog port in the artillery config - if you are using a non-standard syslog port (defaults to 514)
* removed old unused code in email handler and added better commenting
* fixed an issue where starttls would cause open relays to bomb and require re-initiation
* fixed a bug where from and to would not be properly sent from send mail function

~~~~~~~~~~~~~~~~~~~~~~
version 1.3
~~~~~~~~~~~~~~~~~~~~~~

* added new function for grabbing date and time
* added new function kill_artillery() to kill any running processes of artillery using signal and os.kill
* added timestamp data for when a new instance of artillery is killed and restarted
* removed old kill_artillery() legacy function in setup that did not properly terminate prior versions of artillery
* added a write_log function that will notify when Artillery is unable to bind to a specific port and included timestamp data
* fixed spacing issues inside of syslog on remote and local
* corrected Issue identified spacing into one line in harden.py
* added timestamp data to error artillery unable to log to mail server
* fixed an issue that would cause the process to not properly be terminated on certain Linux versions
* added datetime for when artillery successfully started from normal artillery.py located in /var/artillery
* fixed a bug when using FILE as a designator that would cause an exception for alert not being defined (should have been assigned as variable)

~~~~~~~~~~~~~~~~~~~~~~
version 1.2
~~~~~~~~~~~~~~~~~~~~~~

* switched company to Binary Defense Systems (BDS)

~~~~~~~~~~~~~~~~~~~~~~
version 1.1
~~~~~~~~~~~~~~~~~~~~~~

* fixed loop issue when "local" was specified for syslog
* added "file" as config option for saving to local files

~~~~~~~~~~~~~~~~~~~~~~
version 1.0.3
~~~~~~~~~~~~~~~~~~~~~~

* removed a newline when honeypot puts an alert out

~~~~~~~~~~~~~~~~~~~~~~
version 1.0.2
~~~~~~~~~~~~~~~~~~~~~~

* quick fix to add a check for database file, if its not there it'll create it

~~~~~~~~~~~~~~~~~~~~~~
version 1.0.1
~~~~~~~~~~~~~~~~~~~~~~

* changed time delay if intelligence feed is turned to ON
* turned intelligence feed to OFF by default in the config

~~~~~~~~~~~~~~~~~~~~~~
version 1.0
~~~~~~~~~~~~~~~~~~~~~~

* added auto detection if artillery wasn't installed to kick off the setup.py script
* fixed database creation error if directory wasn't already created during a fresh install
* fixed an issue that would cause email_handler to throw an exceptions for mail() taking two arguments, needed to be changed to send_mail

~~~~~~~~~~~~~~~~~~~~~~
version 0.9
~~~~~~~~~~~~~~~~~~~~~~

* removed smtp and merged into core
* fixed duplicate mail() tag that was causing email alerts to not be sent
* fixed a bug that would cause valid_ip() to throw an error due to library mismatch

~~~~~~~~~~~~~~~~~~~~~~
version 0.8.1
~~~~~~~~~~~~~~~~~~~~~~

* added a better init.d script for startup, now supports stop/start. Will need to run setup.py in order to get the new file, or copy src/startup_artillery to /etc/init.d/artillery

~~~~~~~~~~~~~~~~~~~~~~
version 0.8
~~~~~~~~~~~~~~~~~~~~~~

* large amounts of refactoring and recoding (thanks to plentz)
* added ftp brute force detection (thanks johns3ej)

~~~~~~~~~~~~~~~~~~~~~~
version 0.7.4
~~~~~~~~~~~~~~~~~~~~~~

* fixed issue with HONEYPOT_BAN being yes on occasions and ON on others.

~~~~~~~~~~~~~~~~~~~~~~
version 0.7.3
~~~~~~~~~~~~~~~~~~~~~~

* fixed a bug that caused a 100% cpu spike on SSH monitoring

~~~~~~~~~~~~~~~~~~~~~~
version 0.7.2
~~~~~~~~~~~~~~~~~~~~~~

* added detection for monitor_ssh in /var/log/faillog on debian
* added better error handling within artillery.py in event of control-c or exceptions

~~~~~~~~~~~~~~~~~~~~~~
version 0.7.1
~~~~~~~~~~~~~~~~~~~~~~

* allowed open mail relays for when artillery is deployed internally, will use connection to connect to SMTP servers without creds
* added new flag to allow SMTP_FROM in the config, can now specify name coming from. For example "Artillery Alert Feed"
* changed the mailSever.sendmail() to use the alert address as the to/from.
* removed an old instance of code from src.core, no longer needed
* added check for open relay to != None versus != ""
* added new started to write_log message "Artillery has started successfully"
* added ability to remove the default port check for the SSH harden config script, you can now turn this to off
* added error handling to the mail program versus erroring out and closing artilery if the mail server was not properly found
* added a check that looks for to see if honeypot_ban is active, if not the wording is changed to detected versus blocked
* fixed a double import bug on src.core when import logging would not prompt anything more for the initial artillery service starting
* added the start and restart via syslog, will not let you know via syslog when artillery is being restarted

~~~~~~~~~~~~~~~~~~~~~~
version 0.7
~~~~~~~~~~~~~~~~~~~~~~

* changed everything over to github versus subversion
* fixed installer to use github versus subversion
* Artillery now stores logfiles for posix (nix based) in a syslog format. 
* You can now specify a local or remote syslog server in the config file
* Bug fix for setup file would cause makedirs error, should be fixed

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.7
~~~~~~~~~~~~~~~~~~~~~~

* if monitoring is turned off, it will not import the module

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.6
~~~~~~~~~~~~~~~~~~~~~~

* fixed a typo that would cause artillery not to start in some cases
* added folder create for src/program_junk and databases/ during installation of artillery

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.5
~~~~~~~~~~~~~~~~~~~~~~

* added new config option to disable root checks

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.4
~~~~~~~~~~~~~~~~~~~~~~

* Added the ability to detect what ports are being blocked via artillery honeypot (thanks spoonman)
* Changed README to README.txt to fix an OSX bug

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.3
~~~~~~~~~~~~~~~~~~~~~~

* Move over to github

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.2
~~~~~~~~~~~~~~~~~~~~~~

* Added better error handling around the threat intelligence feed
* Added a better cleanup for Artlilery when uninstalling
* Fixed a bug that caused Artillery to error out if banlist.txt was not found

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.1
~~~~~~~~~~~~~~~~~~~~~~

* bugfix that would cause thread to die under certain circumstances
* added terms to the banlist.txt file
* fixed when config or artillery would start with comment signs

~~~~~~~~~~~~~~~~~~~~~~
version 0.6
~~~~~~~~~~~~~~~~~~~~~~

 * fixed a bug in remove_ban that would not remove the ip address
 * added threat intelligence feed - this is an automatic feed that will pull from trustedsec webservers around attacker IP addresses
 * added ability to automatically block based on intelligence feed
 * daily checks added to banlist
 * fixed a bug when uninstall would not properly kill artillery
 * added a check in the uninstall to see if artillery is actually running
 * added some enhancements to the honeypot banning
 * added new flag for intelligence feed in the config file
 * added the ability to change threat feeds to a different server of your choice
 * added threading to reloading the IP tables matrix, was causing a hang on other imports
 * removed 3306 as a standard port, would cause conflicts at times if it was already installed
 * added the ability to specify the threat intelligence feed server
 * added the ability to configure your own threat intelligence feed server
 * added ability to change the public directory for the HTTP server
 * added ability to configure multiple threat feeds, can pull in multiple Artillery servers
 
~~~~~~~~~~~~~~~~~~~~~~
version 0.5.2 alpha
~~~~~~~~~~~~~~~~~~~~~~

* fixed a bug where ports were not properly starting
* added the ability to uninstall artillery by re-running setup.py
* performance improvement on honeypot

~~~~~~~~~~~~~~~~~~~~~~
version 0.5.1 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added the ability to specify a NIC interface (thanks Niel)
* fixed a bug when banlist.txt was not found, artillery would crash

~~~~~~~~~~~~~~~~~~~~~~
version 0.5 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added OSX support for setup.py installation (thanks for the help Giulio Bortot)

~~~~~~~~~~~~~~~~~~~~~~
version 0.4 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added ability to use cidr notations in the artillery config so you can do something like 127.0.0.1,localhost,192.168.235.1/24,etc.
* code cleanup and commenting on multiple directories 
* added a number of new core modules, most specifically cidr notation support
* changed install.py to be setup.py 
* moved root README to readme/ and deleted the old one
* added better detection around restart_server.py if artillery was there
* cleaned up some old threading syntax issues
* made some changes to help support OSX (thanks for the help Giulio Bortot)
 
~~~~~~~~~~~~~~~~~~~~~~
version 0.3 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added a check for ssh brute force on or off.. this was never implmeneted (thanks Jeff Bryner)
* fixed a bug that referenced iptables chain INPU instead of ARTILLERY (thanks Jeff Bryner)
* added the artillery chain to INPUT each time artillery starts (thanks Jeff Bryner)
* cleaned up some old code in honeypot.py that was no longer needed
* added better descriptions around why a specific IP address would be blocked
* added timestamp data to when IP addresses are blocked in both email notifications as well as standard log under /var/artillery/log/
* added support for SMTP versus just gmail... its gmail out of the box however can configure any SMTP server now
* added a check in artillery for ssh brute on or off

~~~~~~~~~~~~~~~~~~~~~~
version 0.2 alpha
~~~~~~~~~~~~~~~~~~~~~

* added a check to see if we are running on windows or linux
* added a new anti-dos protection for linux, it will check connections and limit based on how many are connecting, you will probably want to adjust this per server
* changed honeypot ban method to src.core through ban(ip) versus standalone call for iptables
* changed iptable chains to be ARTILLERY versus piggy backing INPUT, much cleaner to view
* fixed a bug that would cause duplicate entries into iptables and in banlist.txt
* added functionality to support blacklisting via redirection routes on windows machines.. may have better alternatives but this works for now
* added a ip check routine for when banning IP addresses, ensures sanitization if something crazy is inserted instead of an IP address
* converted all core.py modules to be windows compliant
* converted all of honeypot.py modules to be windows compliant
* converted all of the monitor.py modules, this will only work for linux until I rewrite the module to support difflib versus the actual application diff
* converted all of the ssh_brute.py modules to be windows compliant.. this will be linux only since nix is primarily used for SSH
* converted all of the harden.py modules to be windows compliant.. this will be linux only since nix is primarily checked. Will expand later on others
* fixed a bug that would not properly monitor the overall database for monitored files (thanks Pier)
* fixed a bug that would not remove an ip properly

~~~~~~~~~~~~~~~~~~~~~~
version 0.1.7 alpha
~~~~~~~~~~~~~~~~~~~~~~

* fixed a bug that would not properly whitelist in the config file on honeypot or ssh_monitor
* bug fix on honeypot that would cause it to ban without checking whitelist, thanks to Ryan Elkins
* bug fix for the bug fix, copy and paste didn't work so well

~~~~~~~~~~~~~~~~~~~~~~
version 0.1.6 alpha
~~~~~~~~~~~~~~~~~~~~~~

* created new core function write_log for writing eventually to the logging directory
* added writing of log file to /var/artillery/logs/alerts.log for all items regardless if email alerting is on or not
* fixed an issue that would cause whitelist to not properly function in ssh ban

~~~~~~~~~~~~~~~~~~~~~~
version 0.1.5 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added new email frequency handler for sending emails after a certain amount of time versus right away, should cut down on spam
* added the new email frequency handler to all of the triggers/alerting systems
* started to rewrite the monitor.py, it now hashes the two integrity databases before running diff, eventually will move completely off diff and into native python libraries 

~~~~~~~~~~~~~~~~~~~~~~
version 0.1.4 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added new large portions to ssh_monitor to fix potential issues
* added whitelist capabilities into ssh_monitor.py
* fixed a bug that caused multiple IP's on SSH ban to repeat and continue to ban the same IP address over and over
* added new core module for adding path to check for config file
* added remove_ban which will remove a banned IP address
* turned auto-update off by default 
* added a fix in honeypot that would cause socket errors of a full connection wasnt made
* added a fix in honeypot.py which would still continue to ban whitelisted ip addresses

~~~~~~~~~~~~~~~~~~~~~~
version 0.1.3 alpha
~~~~~~~~~~~~~~~~~~~~~~

* added better handling around list errors when parsing through filesystem
* added the ban command through iptables to use -I INPUT 1 so that it's always first in the list (happens if other iptables are in affect)
* fixed a counter issue when checking whitelist
* added a new config option to leverage excludes for certain files that may change often
* added a validate_ip routine to make sure the information being sent is in fact an IP address
* removed almost all references to subprocess.popen and replaced with shutil, os.makedirs, os.stat, etc.
* added restart_server.py

~~~~~~~~~~~~~~~~~~~~~
version 0.1.2 alpha
~~~~~~~~~~~~~~~~~~~~~

* added better detection of ssh logs for CentOS (thanks Quantum) to check for /var/log/secure as well as /var/log/auth.log
* added a config option for automatic updates. if you want them automatic on or off (note you will need to whitelist svn.secmniac.com on port 80 for automatic updates
* added config option for whitelisting IP addresses in the config file
* fixed some code that on other systems may cause issues
* fixed email delivery to harden.py and ssh_monitor, forgot to add import src.smtp
* added email deliverys on honeypot blacklisting

~~~~~~~~~~~~~~~~~~~~~
version 0.1.1 alpha
~~~~~~~~~~~~~~~~~~~~~

* removed the majority of imports in artillery.py
* added better handling over missing folders
* fixed the installer
* added better wording around what changes were detected
* added time changes were detected
* removed __init__.py, not needed
* added directory checking for monitored folders..different platforms may not have the exact folders
* changed port range to get detected through config versus hardcoded into src/honeypot.py..it will now use config to generate port ranges
* added granularity if port was in use
* added a generate random character sequence upon connect, will send a string between 5 and 30000 to the attacker...should be confusing :)
* added src/harden.py which now checks for base configurations on a linux system that may be insecure in nature
* added check for ssh log in harden.py to see if default port running on 22 and if running as root
* added a check for /var/www to check permissions and ensure files are running as root
* removed some un-necessary code in install and piped subprocess to stdout and stderr instead of /dev/null
* added option to checkout svn during install, this will keep artillery up-to-date
* added automatic-updating when artillery is launched
* added threading to automatic-update to remove any delay that might happen if Internet isn't working 
* instead of using rc.local, install.py adds /etc/init.d/artillery then runs update-rc.d to add to startup scripts
* added an automatic kill in install.py if Artillery was running on the system
* added two more config options, one do you want to use the honeypot, second, do you want to automatically ban via honeypot
* tweaked the database to lower CPU time and reduce overall footprint. New tests show it uses 0% of cpu at all times

~~~~~~~~~~~~~~~~~~~~~
version 0.1 alpha
~~~~~~~~~~~~~~~~~~~~~

* First release of Artillery
