Revisions of ossec-hids
Lars Vogdt (lrupp)
committed
(revision 14)
Lars Vogdt (lrupp)
committed
(revision 13)
Lars Vogdt (lrupp)
committed
(revision 12)
Lars Vogdt (lrupp)
committed
(revision 11)
trigger service run
Lars Vogdt (lrupp)
committed
(revision 10)
Lars Vogdt (lrupp)
committed
(revision 9)
Lars Vogdt (lrupp)
committed
(revision 8)
trigger service run
Lars Vogdt (lrupp)
committed
(revision 7)
Modified via webui
Lars Vogdt (lrupp)
committed
(revision 6)
- update to 3.6.0 + Its that time of year again, our annual independent security audit! Joining our previous two years auditors, Apple Security and OVH Internet is security researcher Daniel McCarney (@cpu) who performed a very in depth analysis on our IDS engine updates (PCRE2, and more). With a project as critical as OSSEC in securing cloud and enterprise assets its very important to us to have independent assessments of the framework. So again we want to thank all of our auditors, old and new for their contribution to the project. - from 3.5.0 + This would have been a minor 3.4.1 update if it wasnt for Boris Lukashev of https://www.sempervictus.com contributing a much needed update to multi-line log analysis. Previous usage of multi-line in OSSEC in the past was limited in processing events that did not use indentiation, a fairly common modern practice for readability. This update adds a new type: multi-line_indented to handle this condition (Example: postgresql). + Maintenance fixes in this release also address issue #1781, which affected maild when calling an external program, and add support for Fedora 31 - from 3.4.0 Big changes in this release add support for the following new platforms: + Debian buster + Fedora 30 + RHEL 8 + (Much awaited!) Centos 8 @jubois has completed the first round of pcre2 rule updates. This is a very exciting change to the overall IDS engine in OSSEC and opens the platform up to much more complex (and faster!) search functionality. + Last but not least, @ddpbsd has a long awaited fix for agentd/maild when ipv6 is disabled and/or hostnames are used instead of IPs in PR#1698. Thanks again to all our community contributors, and dedicated team members for their
Darin Perusich (deadpoint)
accepted
request 677665
from
Tuukka Pasanen (illuusio)
(revision 5)
- update to 3.2.0 The great JSON-in-ing has begun! New features in this release focus on extending JSON output support to control commands like agent_control, syscheck_control, and rootcheck_control. Additional extensions add support for archives.log in native json format, and improving the alert.json output. This release also also brings some much needed enhancements to ossec-authd to streamline the agent registration experience (thanks nhatking16591!), Bob-Andrews continues on major auditing improvements plus support for Solaris 11. - See rest releases: https://github.com/ossec/ossec-hids/releases - Update build process to new build system - Update patch 'ossec-hids-suse.init.patch'. - Added GPG signature to verify source
Lars Vogdt (lrupp)
accepted
request 672365
from
Tuukka Pasanen (illuusio)
(revision 4)
- openSUSE 15.0 and above doesn't use '/var/adm/fillup-template' They use %{_fillupdir}. Make chage to use macro not direct directory - Add fallback define %{_fillupdir} for openSUSE 42.3
Darin Perusich (deadpoint)
accepted
request 416472
from
Boris Manojlovic (bmanojlovic)
(revision 3)
fixing CVE-2015-3222
Darin Perusich (deadpoint)
committed
(revision 2)
- update to 2.8.1 * NOTE: In terms of features this release is the same as OSSEC 2.8, *EXCEPT* it includes a fix for CVE-2014-5284 vulnerability discovered by Jeff Petersen of Roka Security LLC. Go to https://github.com/ossec/ossec-hids/releases/tag/2.8.1 for more information regarding this issue. * Installation + Server - Avoided a crash of agentd on Solaris (danpop60) + Agent - Fixed manage_agents -f potential infinite loop (awiddersheim) - Added manage_agents -r <id> to remove an agent (awiddersheim) - Allow NIX agents to use "-f" option and run in forground (awiddersheim) - Windows agent install/uninstall GUI enhancements (awiddersheim) - Windows agent_config profile fixed (gaelmuller) - Added eventchannel support for Windows agent on Vista or later (gaelmuller) - Many Windows agent bug fixes (awiddersheim) * Syscheck + Extended filesize from an integer to a long integer + Make syscheck/analysisd/remoted.debug in internal_options.conf work (awiddersheim) * ActiveResponse + Fix active-response on MAC OS Firewall (jknockaert) * Log monitoring/analysis + Add option to allow the outputing of all alerts to a zeromq PUB socket in JSON format, using cJSON library (jrossi, justintime32). New Config: <ossec> <global> <zeromq_output>yes|no</zeromq_output>
Darin Perusich (deadpoint)
accepted
request 222588
from
Darin Perusich (deadpoint)
(revision 1)
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Displaying all 14 revisions