Releases: cedricllorens/cawk
v2.4.0
v2.4.0 (march 2025):
Tests:
- update and add new tests for supplier scopes : packetfilter-fwcli, iptables-fwcli, checkpoint-fwcli
- add a new supplier scope : cisco-xr
Cawk Makefile:
- add new sync targets to synchronize configurations from a central confs repository to a cawk assessment audit=AUDIT_NAME
it refers to sync_run, sync_run_audit targets (please refer to the README for further information)
- add new backup targets to backup data linked to a cawk assessment audit=AUDIT_NAME (confs, tests, exceptions, reports)
it refers to backup_run, backup_run_audit targets (please refer to the README for further information)
- add new restore targets to restore data linked to a cawk assessment audit=AUDIT_NAME (confs, tests, exceptions, reports)
it refers to restore_run, restore_run_audit targets (please refer to the README for further information)
- add new targets to manage the cawk sync database used for confs synchronization
it refers to database_view, database_sync_(add,del,update)
Directory structure:
- add a new directory in the cawk root directory to store all cawk options in flat files
- add a new directory in the cawk root directory to store backup and restore data
v2.3.0
v2.3.0 (march 2025):
Tests:
- add a new supplier scope cisco-xe
- add new tests (snmp v3) for all these supplier scopes :
cisco-ios, cisco-cedge, cisco-xe, cisco-viptela, nokia-sros, paloalto-panos, huawei-vrp, fortinet-fortios, juniper-junos
Reports:
- computation of two key security indicators in the summary report:
- security Compliance : expressed as a percentage between 0% and 100%, where 100% is the best score
- average number of errors per Device : measured from 0 up to an upper bound, where 0 is the best score
- generate automatically json reports from csv reports using the cawk assessment format (ref README)
- generate automatically json reports from txt summary reports using the cawk summary headers
Cawk makefile:
- automatically build a tar.gz file in archives directory in reports/repo or reports/run or reports/run_AUDIT_NAME
each time an assessment is runned, the date of day is part of the tar.gz filename
- you may clean reports or archives by new clean targets (clean_report_repo, ..., clean_archive_repo, ...), please
refer to the cawk gmake help
v2.2.0
v2.2.0 (february 2025):
- add a new target <run_audit>, allowing to run all the assessments with AUDIT_NAMEs (audit=AUDIT_NAME)
- review all purpose/author sections and add new tests (lldp/cdp) for all supplier scopes :
cisco-ios, cisco-cedge, cisco-viptela, nokia-sros, paloalto-panos, huawei-vrp, fortinet-fortios, juniper-junos
- add new supplier scopes thanks to new authors : packetfilter-fw, iptables-fw, checkpoint-fw and new associated tests
maxime souris, adrien lebout, pierre bertrand, lucas vanhaaren, gautier goncalves, wael elsingaby
v2.1.0
v2.1.0 (january 2025): enforce a stabilized version of the v2.0.0 release train
- update date 2024-2025 in cawk root directory
- change checkdiff output generated by to be compliant with all linux/unix systems (default sort output may differ from os to os)
- add <.gitkeep> in all empty cawk directories to avoid that empty directories are not pushed in github
- enforce that the repository is a full copy of the repository
- add a new target gicheckdist (implement counter-measures checks) in cawk Makefile to avoid deployment errors before github push
- optimize the cawk root Makefile for future supplier os deployment
- provide the procedure to submit a pull request
v2.0.1
v2.0.1 (december 2024): add .gitkeep reports/repo and reports/run as not pushed in gitlab
v2.0.0
v2.0.0 (november 2024): this is a major update with new usage of building assessments
Common:
- add <number_of_pass_error> in the summary report
- review the output of the command at cawk root directory (provide full help on the cawk gmake targets)
Makefile:
- review the Makefile parts
- use of variables to point out all cawk core directories
- able to create/delete/list an assessment based on an <AUDIT_NAME> thanks to new cawk targets :
- gmake create_audit audit=AUDIT_NAME
- gmake delete_audit audit=AUDIT_NAME
- gmake list_audit
You may refer to README for further information and the number of assessments that can be built is limited by system resources
Directories:
- confs, tests, exceptions and reports directories setup have been reviewed and organized on the same design
Tests:
- add new tests for cisco-ios, cisco-cedge, cisco-viptela, nokia-sros, paloalto-panos, huawei-vrp, fortinet-fortios, juniper-junos
v1.9.0
v1.9.0 (october 2024):
Common:
- fix a small bug (Makefile - gmake catalog)
- add a new target : gmake common to provide the list of functions available in the common directory for tests
Tests:
- add new tests for cisco-ios, cisco-cedge, cisco-viptela, nokia-sros, paloalto-panos, huawei-vrp, fortinet-fortios, juniper-junos
- review the paloalto-panos conf (add block) and update the tests accordingly
v1.8.0
v1.8.0 (august 2024):
Common:
- fix some little bugs or bad ouputs of the Makefile
- include m4 preprocessing of exceptions to include later friendly m4 functions
- a test can has <.template> suffix and <.m4> suffix, for <.m4> a preprocessing
is performed by m4 functions available in the cawk m4 directory. m4 allows to
define predefined templates of tests managing configuration block hierarchy
automatically
Tests:
- add a new supplier : cisco-cedge
- add new tests for cisco-ios, cisco-cedge, cisco-viptela (tests with *.m4 extension)
v1.7.0
v1.7.0 (june 2024):
Common:
- build exceptions directory with empty exception files per supplier
- update Makefile to build for each assessment an exception report
Tests:
- Run and fix bugs on all suppliers tests
v1.6.0
v1.6.0 (june 2024):
Common:
- migrate the fw rules assessment library in common directory
- add the as supplier target for development purpose
- add a new risk level = info for audit purpose
- update reporting to take into consideration the new risk level info and sort the list of tests
Tests:
- add new tests checking cisco-ios simple acl with risk level info and add other tests
- add new tests checking huawei-vrp acl (partially done) with risk level info and add other tests
- add ntp tests for cisco-ios,juniper-junos,huawei-vrp,cisco-viptela and nokia-sros