# Changelog All notable changes to LinuxGuard will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [3.0.0](https://github.com/linuxguard/linuxguard/compare/v2.2.2...v3.0.0) - 2026-03-02 ### Added * Console redesigned with 5-pillar navigation: Dashboard, Identity Intelligence, Zero Trust Enforcement, Compliance & Audit, and Infrastructure * Identity Intelligence: cross-server identity aggregation, risk scoring, and SSH key algorithm strength and age analysis * NHI Inventory with three-tier classification (System Default, Application Service, Custom Service) and credential age tracking * Access Patterns: behavioral baseline learning, observation/shadow/active mode state machine, activity heatmaps, and behavioral feed * What Changed guide mapping pre-redesign section names to new pillar locations * Active Response: playbooks with trigger conditions, four containment actions (lock account, kill sessions, disable SSH key, revoke sudo), and automatic timeout-based rollback * Triple opt-in safety model documentation with blast radius system properties and Active Responses audit page * Notification Rules configuration with severity filters, throttle windows, quiet hours, and scope filters * Webhook integration with HMAC-SHA256 payload signature verification (examples in Python, Node.js, Go) * Syslog forwarding to SIEM platforms using RFC 3164 and RFC 5424 over UDP, TCP, and TLS * Splunk HEC integration with sourcetype configuration, index routing, and JSON event field reference * Automated Deployment overview with idempotency patterns and six-tool comparison * Ansible role and inline playbook with Ansible Vault secrets integration and service verification * AWS EC2 user-data script with IAM role and Secrets Manager credential retrieval (no hardcoded secrets) * GCP startup script with every-boot idempotency guard and Secret Manager credential retrieval * Azure cloud-init and Custom Script Extension with Managed Identity and Key Vault integration * Chef cookbook with chef-vault secrets management and idempotency guard * Puppet module with Hiera eyaml secrets management and idempotency guard ### Changed * Security Architecture updated with response executor privilege model and updated "What LinuxGuard Does NOT Do" section reflecting conditional active response capability * RPM package GPG signature verification documented in Security Architecture ## [2.2.2](https://github.com/linuxguard/linuxguard/compare/v2.2.1...v2.2.2) - 2026-02-08 ### Added * Authentication event collection from syslog, journald, and utmp/wtmp/btmp logs * Brute force detection for repeated failed login attempts using sliding window analysis * GeoIP enrichment for authentication events using MaxMind GeoLite2 database * Real-time file system monitoring using eBPF-based access tracing * File monitoring configuration from Settings > File Monitoring in console * Exfiltration detection alerts for suspicious data access patterns * User Behavior Analytics (UBA) with statistical baseline learning for authentication patterns * Anomaly detection for unusual login behavior (time, location, frequency) * Per-server compliance scoring with evaluators for SSHD configuration, accounts, groups, sudo policies, and SSH keys * Account Access Graph showing direct and group-mediated sudo rules with privilege highlighting * Identity page with unified directory of all user and service accounts across the fleet * GeoIP weekly updates with automated MaxMind GeoLite2 database downloads and hot-reload ### Changed * Config drift tracking expanded to six component types: Accounts, Groups, Sudo, SSH, SSHD, SSH Keys * Config drift event lifecycle enhanced with New → Active → Investigating → Acknowledged → Resolved (or Suppressed) workflow * Config drift events now display field-level configuration diffs in event detail panel * Drift Trends chart now supports 7D/30D/90D time range views * Resolution history includes audit trail and notes * Server Detail Dashboard redesigned with bento grid layout featuring hero card, posture score gauge, compliance score, and efficiency status * Server detail tabs expanded to 11 tabs: Overview, Accounts, Groups, Sudo, SSHD Config, SSH Keys, SSH Client, Efficiency, Drift, Auth, File Monitoring * Posture and compliance score cards now show trend arrows (up/down/stable) * Dashboard time range tabs (7D/30D/90D) added for infrastructure utilization chart * Security findings page enhanced with severity filtering and breakdown dashboard ### Documentation * Quality review: validated all internal links, resolved orphaned pages, standardized footer navigation and formatting, updated project instructions (CLAUDE.md) for Diataxis structure * Added Auth Tab subsection to Console Overview * Added File Monitoring Tab subsection to Console Overview * Added NHI Automation section to Console Overview * Added Posture Score, Compliance Score, and Config Drift concepts to Glossary ## [2.2.1](https://github.com/linuxguard/linuxguard/compare/v2.2.0...v2.2.1) - 2026-02-05 ### Added * CPU/Memory Rightsizing analysis identifying over-provisioned and under-utilized resources * Rightsizing recommendation classifications: downsize, maintain, or upsize * Fleet-wide rightsizing list page with filter bar and waste metrics * Per-server rightsizing detail page with utilization trend charts and threshold zones * Network I/O Analysis with dedicated network utilization endpoint and console page ### Changed * Efficiency page reorganized into 4-card grid layout * Baseline creation dialogs enhanced for accounts, groups, and sudo policies ### Documentation * Added Efficiency page subsections (CPU/Memory Rightsizing, Network I/O) to Console Overview ## [2.2.0](https://github.com/linuxguard/linuxguard/compare/v2.1.1...v2.2.0) - 2026-02-04 ### Added * Storage Recommendations with mount-point-level storage analysis and growth forecasting via linear regression * Storage resize recommendations with step alignment * Tenant-configurable storage thresholds and policies * Fleet-wide storage recommendations page grouped by server * Per-server storage detail page with forecast charts * Automatic filtering of loop devices and virtual filesystems * 5GB minimum threshold for storage opportunity reporting * Per-mount-point metrics tracking with device and mount point fields ### Changed * Queue-based aggregation jobs implemented for metrics, utilization, and efficiency scoring * Hourly resource metrics aggregation with cleanup service ### Documentation * Added Storage Recommendations subsection to Console Overview ## [2.1.1](https://github.com/linuxguard/linuxguard/releases/tag/v2.1.1) - 2026-02-02 ### Added * Security posture scoring system across five object types: Accounts (15 detractors, 10 mitigators), Groups (8 detractors, 5 mitigators), Sudo Policies, SSHD Configuration, and SSH Keys (11 detractors, 11 mitigators) * Configurable score bands, factor weights (127 total), and fleet aggregation methods * Daily posture recalculation with snapshot history * Posture retention configuration with admin-enforced maximums * Console pages for fleet overview, per-server scores, and per-object detail views with radar charts, detractor/mitigator lists, and remediation guidance * API endpoints for posture data collection and querying * SSH key encryption detection for private keys ### Changed * Agent installer now includes `sysstat` package on all distributions for iostat/mpstat system metrics support ### Documentation * Initial documentation published (v1.0 milestone) * Added Quick Start guide * Added Agent Commands reference * Added Security Architecture documentation * Added Console Overview *** **Related**: [Console Overview](/explanation/explanation/index.md) | [Security Architecture](/explanation/explanation/security.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.linuxguard.io/changelog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.