Netmagis

Release notes

Contents

• What's new
• Introduction
• Specifications
• Documentation
• Support
• Download
• Screenshots
• Demonstration
• Development
• License

Netmagis: Release notes

Release notes contain the significant changes in each Netmagis release.

A more detailed change log is provided in the CHANGES file. Complete list of changes can be obtained by viewing the gitlab.com commits.

Netmagis 2.3.6

Release date: 26 july 2018

The 2.3.6 release of Netmagis is a maintenance release, fixing a bug introduced in 2.3.5 release and adding a feature:

• Bug fix:
  • The previous release has introduced a nasty bug when searching for a FQDN. See issue 184. Reported by schplurtz.
• New feature:
  • A little help has been added in search form.

Netmagis 2.3.5

Release date: 25 june 2018

The 2.3.5 release of Netmagis is a maintenance release, fixing some bugs and adding a few features:

• Bug fixes:
  • Netmagis was accepting empty mail roles. See issue 175.
  • When adding multiple host with consecutive addresses, the URL for the sort link was incorrect. Reported by Emmanuel Blindauer. See issue 163.
  • The accepted MIME type for answers from the CAS server was not correct. Reported by dgeo. See issue 153.
  • CAS sign-out was incorrectly handled. See issue 182.
  • Mapping for the mail attribute for LDAP was not correct. Reported (and fixed) by dgeo. See pull request 170.
• New features:
  • Network name is added in search results. See issue 177 reported by Emmanuel Halbwachs.
  • Add wildcard in search. See issue 169 reported by Bahram123. Thanks to Bahram123 and fmeynadier for their contributed code and pull request 179.
  • A work-around for Tclllib 1.18 has been implemented for installation which have not upgraded their Tcllib to at least 1.19. See issue 168 for a complete history.
• Infrastructure changes:
  • The Github repository has been moved from an individual account to the Netmagis organization.
  • The release engineering documentation is being reworked.
  • The Debian package building programs are now in a new, dedicated repository netmagis-debian.
  • Debian packages must now be signed. You need to apply the following command to install the Netmagis distribution key to your Debian/Ubuntu installation:

    # wget -O - http://netmagis.org/files/netmagis.key | apt-key add  -
    # apt-get update
    

Netmagis 2.3.4

Release date: 6 october 2017

The 2.3.4 release of Netmagis is a maintenance release, fixing an important security issue reported by Daniel Liikamaa: when using an LDAP directory hosted by Active Directory, any user can log-in with an empty password (see issue 173).

Netmagis 2.3.3

Release date: 25 november 2016

The 2.3.3 release of Netmagis is a maintenance release, providing some bug fixes and some improvements:

• Bug fixes:
  • When searching for a name, an error was issued if the name was a MX. See issue 158.
  • When trying to delete an alias in an unauthorized domain, an internal error was generated. See issue 160.
  • When displaying an L2 or L3 map, an internal error was generated due to an invalid syntax with recent Graphviz versions. See issue 166.
  • Adding MX records to existing RR was rejected. See issue 155.
  • Followup about the validation of the CAS ticket: the regular expression was still too restrictive.
• Improvements in the topo/detecteq modules:
  • Add support for Rancid 3
  • Add support for Cisco ASA. See pull request 152 provided by Benjamin Collet.
  • Add support for routing-instance-access for SNMP on Juniper routers
  • Add basic support for MVRP on Juniper routers

Netmagis 2.3.2

Release date: 3 september 2015

The 2.3.2 release of Netmagis provides a fix to a bug introduced in the 2.3.1 release: validation of the CAS ticket (for CAS authentication) was too restrictive in 2.3.0, so a patch has been proposed by Olivier Le Monnier for 2.3.1 which has been extended (by Netmagis authors) for genericity, but this extension in 2.3.1 was broken.

Netmagis 2.3.1

Release date: 28 august 2015

The 2.3.1 release of Netmagis is a maintenance release, providing some bug fixes:

• Validation of the CAS ticket was using a over-restrictive syntax. See pull request 145 provided by Olivier Le Monnier.
• Access to internal authentication menu items was broken. Problem reported by Russell Sutherland. See issue 146.
• An internal error message, that you should never see, was still not translated to English. See issue 147.
• Previous release introduced a fix in the topo module. This fix revealed another subtile bug, which broke the graph generation. See issue 148.
• A minor improvement has been made in the topo module to support the "analyzer" keyword in the ethernet-switching-options block on Juniper switches.

Netmagis 2.3.0

Release date: 25 june 2015

The 2.3.0 release of Netmagis is focused on the authentication infrastructure:

• Netmagis is no longer based on Apache authentication and, as such, no longer requires additionnal Apache modules such as mod_auth_pgsql which was not adapted to modern Apache distributions. Instead, authentication is now directly embedded in Netmagis itself, and the following methods are supported:
  • internal database authentication: accounts are stored in the database, as with previous releases.
  • LDAP-based authentication: user information and passwords are accessed from an LDAP directory (only group related information such as access rights are stored in the database), as with previous releases.
  • CAS (Central Authentication Service) authentication with a LDAP directory for user information. This is a new feature of Netmagis.
• It is now possible to disconnect from the application. This is a feature which was awaited by many users from a long time.
• The new authentication framework has anti-brute-force protection. If many failed attempts are detected, delays are introduced to slow down further attempts. Threshold and delay values are all configurable from the Admin / Application parameters menu.
• New Web pages have been introduced:
  • The index page is now public (non password-protected). it presents the Netmagis functionnality, but provides only access to the login page
  • The login page manages user login and logout.
  • The profile page lists the profile of the user and its last connections.
  • The who page (only from the Administration menu) lists current or last connections.
• Some configuration parameters (in netmagis.conf) have been introduced or removed:
  • The crypt parameter is no longer needed.
  • A new random parameter has been added to reference the non-blocking pseudo-random generator device.
  • A new cafile parameter has been added to point to the root certificate authority file, which is needed for CAS authentication and to retrieve the OUI file (for the mac module).
• Some application parameters (menu Admin / Application parameters) have been introduced to support the new authentication infrastructure.
• Database schema has been upgraded to 23, which means that all modules must be upgraded to a 2.3.x version.

In addition, the following modification have been done in this Netmagis release:

• Netmagis provides support for Apache 2.4.x only. Support for Apache 2.2.x has been dropped since it does not provide the REQUEST_SCHEME variable. See issue 143 for a complete description, and the StackOverflow discussion for a work-around if you really want to stick with Apache 2.2.x.
• The OUI fetching was a maintenance nightmare since the URL of the IEEE OUI database was a constantly moving target. We now accept the Wireshark manuf file format and the ouiurl configuration parameter (in netmagis.conf) has been updated accordingly. See issue 138.
• Debian packaging has been improved by Christophe Martin. See pull request 141.
• Many minor improvements or bug fixes has been done for the topo module:
  • Support for Rancid3 has been added (while keeping compatibility with Rancid2)
  • Support for irb interfaces on Juniper EX4300 has been added
  • Support for MTU has been added on interface definition on Juniper equipements
  • A bug has been fixed on when encoutering a description before an interface statement on Cisco equipements
  • A bug has been fixed in Port-channel analysis on Cisco equipements
  • A bug has been fixed on Juniper post-processing
  • Support has been added for mixed-case interface names on HP switches

Netmagis 2.2.4

Release date: 18 december 2014

The 2.2.4 release of Netmagis is a maintenance release, providing some bug fixes:

• The nologinfile keyword was incorrectly spelled in the the netmagis.conf file (missing "file" in "nologinfile"). Problem detected and corrected by Christophe Martin. See pull request 134. Update your own netmagis.conf to reflect the valid parameter name.
• The IEEE OUI list, needed for the mac module, has moved. The sample configuration file (netmagis.conf.sample) now reflects the new URL, thanks to Mathieu Parent. See pull request 133.
• In addition, the netmagis-getoui has been updated to follow HTTP redirections. See issue 137.

• To summarize, for users of previous Netmagis versions, update your netmagis.conf:
  • replace the nologin parameter by nologinfile
  • optionally replace the ouiurl URL by http://www.ieee.org/netstorage/standards/oui.txt

Netmagis 2.2.3

Release date: 3 october 2014

The 2.2.3 release of Netmagis is a maintenance release, providing some bug fixes:

• the dchpprofile keyword of the dnsmodattr program was incorrectly spelled (missing "e"). See issue 125 and issue 131.
• Cisco ASA configuration files were incorrectly analyzed by the Topo module as switch configuration files. Syntax of these configuration files is closer to router configuration files. See issue 127.
• The Topo module did not report an error when the link name was missing in an interface description of an HP equipment. See issue 90.
• The MAC database includes a table for OUI attributed by the IEEE, but this table was not filled in. The new program netmagis-getoui fetches the current OUI data from the IEEE and stores it in the MAC database. This new program is called in the MAC database creation program as well as periodically with cron. See issue 132.

  Attention for users of previous Netmagis versions:

  • add the ouiurl to your netmagis.conf
  • add a call to the netmagis-getoui program in your crontab file (see the sample crontab in the database module)
• The Debian/Ubuntu netmagis-database package had a dependancy on the exact 9.1 version of postgresql-pltcl. See issue 129.
• The FreeBSD ports are now adapted to the new staging FreeBSD infrastructure. See issue 128.

Netmagis 2.2.2

Release date: 28 march 2014

The 2.2.2 release of Netmagis is a maintenance release, providing some bug fixes:

• a new program netmagis-dbupgrade has been created to ease database schema upgrading when a new version is issued. This solution for upgrading is different from the one proposed in issue 103, since we don't want automatic upgrade by package post-install scripts which could possibly break an production system.
• update package www: it was broken by recent Linux distributions which default to Apache 2.4 and no longer provide the mod-auth-pgsql prerequisite. (see issue 116)
• new example httpd.conf, adapted to Apache versions 2.2 and 2.4, without using the mod-auth-pgsql authentication module (see issue 122)
• the netmagis-config is modified:
  • to accept an alternate configuration file with the -f flag (see issue 119)
  • to return the current configuration file with the pseudo-parameter _conffile (see issue 119)
  • to return the current Netmagis code version with the pseudo-parameter _version (see issue 120)
• some minor bug fixes:
  • in netmagis-dbmaint translation (see issue 118)
  • in a rare error message in programs from the package utils (see issue 121)
  • in the URL returned by the version consistency check

Netmagis 2.2.1

Release date: 16 january 2014

The 2.2.1 release of Netmagis is a maintenance release, providing some bug fixes:

• it was impossible to delete aliases (see issue 103)
• it was impossible to modify interfaces of an equipment in the topo module (see issue 104)
• no command was sent to equipments in the topo module (see issue 106)
• the ifchg CGI script, part of the topo module, was expecting a FQDN (see issue 107)
• the initial zone serial number was not conforming to specification (see issue 108)
• a partial fix is provided to issue 100: no database upgrade script is provided, but the version check is now correct

Netmagis 2.2

Release date: 26 june 2013

The 2.2.0 release of Netmagis is a major release, providing a most wanted feature (support of multiple DNS views) as well as large infrastructure changes.

Multiple DNS views, also called "Split-DNS", is a facility to serve different data based on the source address (the view point). For example, a host "www.example.com" may have the address 172.16.1.1 for the internal network, and 198.51.100.1 for the rest of the Internet. Netmagis provide support for an illimited number of views. Note that if you don't need multiple views, Netmagis will consider that you are using only one view, named "default". The support of multiple views in Netmagis has the following consequences:

• When you are adding a host or an alias, you need to provide the view. The menu is visible only if your group has access to more than one view.
• When you are using the search block or the map, there is no view menu: an address is considered as free only if no name is declared for this address in all views. If you choose an address on the map, you will then be asked for the view.
• When you are modifying a deleting a host, you only have to give the name. If more than one view match, you will be presented a page to choose the appropriate view.
• Mail roles may point to hosts in different views. For example, the mail role "sales.example.com" in view "external" may point to the host "mbox.example.com" in view "internal". With this mail role, a MX record for "sales.example.com" will be advertised on the Internet (e.g. "external" view), which points to the mail relay, and the mail relay can forward this mail to the "mbox.example.com" internal host.
• The administrator menu has a new entry to manage individual views. With this menu, you can add or delete views, as well as modify their name.
• Each zone is associated with a view. Note that a single domain may be associated with multiple views (hence multiple zones). For example, you may have two zones for the domain "example.com", one for the internal view, one for the external view, each associated to a different file name.
• The group edition page (in the admin menu) now provides access to views. You can then allow fine grain access rights.
• All programs in the utils package (dnsaddhost, dnsdelip, etc.) now require a new (mandatory) argument for the view name, even you have only one view. Adapt your scripts if you have ones.
• All programs in the server package (mkzone, mkdhcp, etc.) now accept a new (optional) argument for the view name (-w viewname).
• A new example script shows how to import data with multiple views in the Netmagis database.
• An integrity constraint has been removed from the database (no more link from topo.ifchanges to dns.rr): hosts for which interface status may change are just a name (rather than a reference to a RR). This change is needed to simplify handling of multiple views.

This release offers also some internal architectural changes:

• Include a check on database version number in order to ease database upgrades. Now, a new read-only application parameter "schemaversion" is provided by database creation script and upgrade procedures. This parameter is checked by all Netmagis programs. If the value in database differ from the hard-coded value in programs, an error is generated and the database is not corrupted.
• All database tables and columns have been translated into English (from French) in order to welcome more contributions from all users.
• In the same vein, %...% holes in Web pages have been translated into English.
• Database creation logic have been splitted in table creation, function creation and trigger creation. All these logics are now located in their own SQL file, and thus can be shared with upgrade scripts.
• If you use the detecteq module and have changed your radius.conf file, please modify the SQL request according to the new column names.
• If you use the "Addtl RR" facility in zone edition, please change %NOM% into %NAME%
• The "jourfmt" application parameter has been renamed to "dayfmt".
• Parameters for the dnsmodattr (in the utils package have been translated. Please modify your scripts using dnsmodattr.

Other changes include:

• A new search facility has been designed: it aims to be the central point of Netmagis GUI in future versions. At this time, you can search for hosts, aliases, IP or MAC addresses and group names. More objects will be added in future versions.
• Improve DNS zone generation latency: the mkzone program can run each minute (with cron), thanks to a new algorithm which allows for more than 100 changes a day while keeping the serial number under the format YYYYMMDDnn (if there are more than 100 changes on the 2013/01/31, the serial will become 2013013200 for the 101th change, 2013013201 for the 102th change, etc. The first change on 2013/02/01 will make the serial become 2013020100).
• The never used" web roles" have been removed from Netmagis.
• The "delete" menu allows you to enter a fully-qualified domain name (without using the domain menu) if you are a keyboard addict.
• The "consult" menu item can now export a list of hosts in CSV format.
• Some error messages are clarified.
• A new object "L2-only network" has been added in group access rights. This allows access to Topo informations for networks not associated with IP addresses.
• Topo: the bridge-domains directive is now supported on JunOS routers.

At last, this release provides bug fixes:

• In the "modify users and groups" menu, IP permissions outside any allowed network are now checked (but administrators may force these permissions).
• The "modify reverse IPv[46] zone" admin menu now correctly order zones by address.
• Integrity constraints were not enforced on zone_* tables.
• Topo: descriptions and sensors are no longer removed when editing configuration of multiple interfaces.
• Topo: bridge nodes are now associated with an equipment in the graph.
• Topo: JunOS comments are no longer (incorrectly) parsed.

Netmagis 2.1.1

Release date: 27 february 2013.

This release is mainly a bug-fix release in order to ease installation for new users.

• fixes about various special characters in passwords (reported by Martin Oesting and Christophe Martin)
• fix message when an error occurs early in application initialization
• various fixes on Topo package: descriptions were removed when editing multiple interfaces at once, and sensor names were not checked for syntax conformance)
• Debian package fixes with adapted dependancy (reported by Thomas van Oudenhove) and proper symbolic link (reported by Martin Oesting and Christophe Martin)
• FreeBSD port is now in sync with FreeBSD ports tree thanks to Olli Hauer and Chris Rees

Netmagis 2.1

Release date: 22 june 2012.

This release is the first since the initial Netmagis release in november 2011. It brings integration of two major tools (Metro and Mac packages) and focuses on ease of installation, even if it provides some other new and nice features.

• The Metro package is now integrated. If equipments are configured with proper sensor names, the metrology package periodically polls them for traffic information, and traffic graphs are available in the Netmagis Web interface.

• The MAC package is now integrated. It register in the Netmagis database (or another database if you fear performance problems) MAC-Ports associations as well as MAC-IP associations. These informations are available in the Netmagis Web interface.

• Linux Debian/Ubuntu packages are now provided (as well as FreeBSD ports) for ease of installation. Appropriate documentation is provided as well.

• Greatly improve installation documentation.

• PostgreSQL users are now simplified: you need to create only one user, which will be used everywhere.

• Symbols used in L2 and L3 graphs (topology package) may now be modified by the administrator through the Netmagis Web admin interface.

• Some parameters such as paper format and pdflatex program path are now configurable through the Netmagis Web admin interface.

• The Rancid configuration has been simplified: the ranciddb and rancidconfdir parameters are removed and the new ranciddir replaces them in netmagis.conf file.

• Configuration commands (used to determine which commands are to be sent to an equipment in order to modify port configuration) are now editable through the Web application and are no longer hard-coded in the toposend program.

• The generated network graph built by the topology package is now copied from the topo server (by the topographd program) to the www server (if they are distinct servers). This brings more performance to the Web application.

• Graphviz dot and neato commands are the same command. The netmagis.conf file is simplified accordingly.

See upgrade instructions for upgrading from version 2.0.

Netmagis 2.0

This release is the first Netmagis release. Previous releases were called WebDNS. It brings many fundamental modifications.

• Name changed to Netmagis to reflect the new functionnalities introduced, which form a real network information system rather than a simple management tool.

• Netmagis has a new logo.

• Application is internationalized. Web pages and messages are translated in both French and English. All scripts have been rewritten.

• Topo package has been integrated.

• Installation process is easier, by providing more scripting and modularization.

• FreeBSD ports are provided for a very easy installation.

• The configuration system has been centralized in the database (for host independant configuration) and in a local netmagis.conf file (for host dependant configuration).

• A single data import script is now provided, which more generic import instructions.

• Database is now splitted into different schemas to provide further extensibility and separation.

• A new IPv4 address map allows users to easily find available addresses.

• New option in host addition page allow for searching a pool of IPv4 free addresses.

• DHCP generation allows for one machine to get a different IP address within each connected network.

• DHCP generation supports DHCP server high availability (failover).

• Bug fix in dnsmodattr : HINFO specification was incorrectly handled.

See upgrade instructions for upgrading from WebDNS v1.5.

Previous Netmagis/WebDNS versions

Previous Netmagis/WebDNS are described on the old WebDNS web site.