Changelog
All notable changes to LinuxGuard will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
3.0.0 - 2026-03-02
Added
Console redesigned with 5-pillar navigation: Dashboard, Identity Intelligence, Zero Trust Enforcement, Compliance & Audit, and Infrastructure
Identity Intelligence: cross-server identity aggregation, risk scoring, and SSH key algorithm strength and age analysis
NHI Inventory with three-tier classification (System Default, Application Service, Custom Service) and credential age tracking
Access Patterns: behavioral baseline learning, observation/shadow/active mode state machine, activity heatmaps, and behavioral feed
What Changed guide mapping pre-redesign section names to new pillar locations
Active Response: playbooks with trigger conditions, four containment actions (lock account, kill sessions, disable SSH key, revoke sudo), and automatic timeout-based rollback
Triple opt-in safety model documentation with blast radius system properties and Active Responses audit page
Notification Rules configuration with severity filters, throttle windows, quiet hours, and scope filters
Webhook integration with HMAC-SHA256 payload signature verification (examples in Python, Node.js, Go)
Syslog forwarding to SIEM platforms using RFC 3164 and RFC 5424 over UDP, TCP, and TLS
Splunk HEC integration with sourcetype configuration, index routing, and JSON event field reference
Automated Deployment overview with idempotency patterns and six-tool comparison
Ansible role and inline playbook with Ansible Vault secrets integration and service verification
AWS EC2 user-data script with IAM role and Secrets Manager credential retrieval (no hardcoded secrets)
GCP startup script with every-boot idempotency guard and Secret Manager credential retrieval
Azure cloud-init and Custom Script Extension with Managed Identity and Key Vault integration
Chef cookbook with chef-vault secrets management and idempotency guard
Puppet module with Hiera eyaml secrets management and idempotency guard
Changed
Security Architecture updated with response executor privilege model and updated "What LinuxGuard Does NOT Do" section reflecting conditional active response capability
RPM package GPG signature verification documented in Security Architecture
2.2.2 - 2026-02-08
Added
Authentication event collection from syslog, journald, and utmp/wtmp/btmp logs
Brute force detection for repeated failed login attempts using sliding window analysis
GeoIP enrichment for authentication events using MaxMind GeoLite2 database
Real-time file system monitoring using eBPF-based access tracing
File monitoring configuration from Settings > File Monitoring in console
Exfiltration detection alerts for suspicious data access patterns
User Behavior Analytics (UBA) with statistical baseline learning for authentication patterns
Anomaly detection for unusual login behavior (time, location, frequency)
Per-server compliance scoring with evaluators for SSHD configuration, accounts, groups, sudo policies, and SSH keys
Account Access Graph showing direct and group-mediated sudo rules with privilege highlighting
Identity page with unified directory of all user and service accounts across the fleet
GeoIP weekly updates with automated MaxMind GeoLite2 database downloads and hot-reload
Changed
Config drift tracking expanded to six component types: Accounts, Groups, Sudo, SSH, SSHD, SSH Keys
Config drift event lifecycle enhanced with New → Active → Investigating → Acknowledged → Resolved (or Suppressed) workflow
Config drift events now display field-level configuration diffs in event detail panel
Drift Trends chart now supports 7D/30D/90D time range views
Resolution history includes audit trail and notes
Server Detail Dashboard redesigned with bento grid layout featuring hero card, posture score gauge, compliance score, and efficiency status
Server detail tabs expanded to 11 tabs: Overview, Accounts, Groups, Sudo, SSHD Config, SSH Keys, SSH Client, Efficiency, Drift, Auth, File Monitoring
Posture and compliance score cards now show trend arrows (up/down/stable)
Dashboard time range tabs (7D/30D/90D) added for infrastructure utilization chart
Security findings page enhanced with severity filtering and breakdown dashboard
Documentation
Quality review: validated all internal links, resolved orphaned pages, standardized footer navigation and formatting, updated project instructions (CLAUDE.md) for Diataxis structure
Added Auth Tab subsection to Console Overview
Added File Monitoring Tab subsection to Console Overview
Added NHI Automation section to Console Overview
Added Posture Score, Compliance Score, and Config Drift concepts to Glossary
2.2.1 - 2026-02-05
Added
CPU/Memory Rightsizing analysis identifying over-provisioned and under-utilized resources
Rightsizing recommendation classifications: downsize, maintain, or upsize
Fleet-wide rightsizing list page with filter bar and waste metrics
Per-server rightsizing detail page with utilization trend charts and threshold zones
Network I/O Analysis with dedicated network utilization endpoint and console page
Changed
Efficiency page reorganized into 4-card grid layout
Baseline creation dialogs enhanced for accounts, groups, and sudo policies
Documentation
Added Efficiency page subsections (CPU/Memory Rightsizing, Network I/O) to Console Overview
2.2.0 - 2026-02-04
Added
Storage Recommendations with mount-point-level storage analysis and growth forecasting via linear regression
Storage resize recommendations with step alignment
Tenant-configurable storage thresholds and policies
Fleet-wide storage recommendations page grouped by server
Per-server storage detail page with forecast charts
Automatic filtering of loop devices and virtual filesystems
5GB minimum threshold for storage opportunity reporting
Per-mount-point metrics tracking with device and mount point fields
Changed
Queue-based aggregation jobs implemented for metrics, utilization, and efficiency scoring
Hourly resource metrics aggregation with cleanup service
Documentation
Added Storage Recommendations subsection to Console Overview
2.1.1 - 2026-02-02
Added
Security posture scoring system across five object types: Accounts (15 detractors, 10 mitigators), Groups (8 detractors, 5 mitigators), Sudo Policies, SSHD Configuration, and SSH Keys (11 detractors, 11 mitigators)
Configurable score bands, factor weights (127 total), and fleet aggregation methods
Daily posture recalculation with snapshot history
Posture retention configuration with admin-enforced maximums
Console pages for fleet overview, per-server scores, and per-object detail views with radar charts, detractor/mitigator lists, and remediation guidance
API endpoints for posture data collection and querying
SSH key encryption detection for private keys
Changed
Agent installer now includes
sysstatpackage on all distributions for iostat/mpstat system metrics support
Documentation
Initial documentation published (v1.0 milestone)
Added Quick Start guide
Added Agent Commands reference
Added Security Architecture documentation
Added Console Overview
Related: Console Overview | Security Architecture
Last updated
Was this helpful?