File ossec-hids.changes of Package ossec-hids

Overview Repositories Revisions Requests Users Attributes Meta

File ossec-hids.changes of Package ossec-hids

-------------------------------------------------------------------
Sun May 17 16:09:17 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de>

- update to 3.6.0
  + Its that time of year again, our annual independent security audit! Joining our
    previous two years auditors, Apple Security and OVH Internet is security
    researcher Daniel McCarney (@cpu) who performed a very in depth analysis on our
    IDS engine updates (PCRE2, and more). With a project as critical as OSSEC in
    securing cloud and enterprise assets its very important to us to have
    independent assessments of the framework. So again we want to thank all of our
    auditors, old and new for their contribution to the project.
- from 3.5.0
  + This would have been a minor 3.4.1 update if it wasnt for Boris Lukashev of
    https://www.sempervictus.com contributing a much needed update to multi-line
    log analysis. Previous usage of multi-line in OSSEC in the past was limited
    in processing events that did not use indentiation, a fairly common 
    modern practice for readability. 
    This update adds a new type: multi-line_indented to handle this condition 
    (Example: postgresql).
  + Maintenance fixes in this release also address issue #1781, which affected
    maild when calling an external program, and add support for Fedora 31
- from 3.4.0
  Big changes in this release add support for the following new platforms:
  + Debian buster
  + Fedora 30
  + RHEL 8
  + (Much awaited!) Centos 8
  @jubois has completed the first round of pcre2 rule updates. This is a very
  exciting change to the overall IDS engine in OSSEC and opens the platform up to
  much more complex (and faster!) search functionality.
  + Last but not least, @ddpbsd has a long awaited fix for agentd/maild when
    ipv6 is disabled and/or hostnames are used instead of IPs in PR#1698. Thanks
    again to all our community contributors, and dedicated team members for their
    work on this release!
- from 3.3.0
  + PCRE2, Jubois made a major update to the IDS foundation in OSSEC 3.3.0 with
    PCRE2 (https://www.pcre.org/current/doc/html/pcre2.html) library. This is an
    extremely powerful update to the overall pattern analysis functionaility in
    OSSEC. In order to build this with the native distribution pcre2 packages
    (pcre2-devel, etc), you will need to use: export PCRE2_SYSTEM=yes. This adds
    several new xml tags:
    o pcre2 (to replace regex)
    o match_pcre2
    o program_name_pcre2
    o prematch_pcre2
    o srcgeoip_pcre2
    o dstgeoip_pcre2
    o srcport_pcre2
    o dstport_pcre2
    o user_pcre2
    o url_pcre2
    o id_pcre2
    o status_pcre2
    o hostname_pcre2
    o extra_data_pcre2
  + Dynamic Decoders, discussed in the "Beyond Security" talk at OSSECCON 2019,
    this allows for user-defined keys in decoders. These are exposed in JSON output
    for inclusion with other data analytics tools. This adds a new internal option:
    analysisd.decoder_order_size to define the maximum number keys allowed in a
    single decoder.
- additional BuildRequires: libevent-devel & pcre2-devel
- refreshed ossec-hids-location.patch
- small spec file cleanup (removed commented out paths)
- added ossec-hids-rpmlintrc

-------------------------------------------------------------------
Wed Feb 13 12:39:44 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>

- update to 3.2.0 
  The great JSON-in-ing has begun!
  New features in this release focus on extending JSON output support to control
  commands like agent_control, syscheck_control, and rootcheck_control.
  Additional extensions add support for archives.log in native json format,
  and improving the alert.json output. This release also also brings some much
  needed enhancements to ossec-authd to streamline the agent registration experience
  (thanks nhatking16591!), Bob-Andrews continues on major auditing
  improvements plus support for Solaris 11.

- See rest releases: https://github.com/ossec/ossec-hids/releases
- Update build process to new build system
- Update patch 'ossec-hids-suse.init.patch'.
- Added GPG signature to verify source

-------------------------------------------------------------------
Thu Feb  7 07:31:41 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>

- openSUSE 15.0 and above doesn't use '/var/adm/fillup-template'
  They use %{_fillupdir}. Make chage to use macro not direct
  directory
- Add fallback define %{_fillupdir} for openSUSE 42.3

-------------------------------------------------------------------
Mon Aug  1 19:54:22 UTC 2016 - boris@steki.net

- update to 2.8.3
  + "This should fix eventchannel and hybrid."
  + update to 2.8.2
    * Fix for CVE-2015-3222 which allows for root escalation via syscheck

-------------------------------------------------------------------
Tue Nov 25 17:01:35 UTC 2014 - darin@darins.net

- update to 2.8.1
 * NOTE: In terms of features this release is the same as OSSEC 2.8, *EXCEPT*
         it includes a fix for CVE-2014-5284 vulnerability discovered by Jeff
         Petersen of Roka Security LLC.

Go to https://github.com/ossec/ossec-hids/releases/tag/2.8.1 for more
         information regarding this issue.

* Installation
  + Server 
    - Avoided a crash of agentd on Solaris (danpop60)
    
  + Agent 
    - Fixed manage_agents -f potential infinite loop (awiddersheim)
    - Added manage_agents -r <id> to remove an agent (awiddersheim)
    - Allow NIX agents to use "-f" option and run in forground (awiddersheim)
    
    - Windows agent install/uninstall GUI enhancements (awiddersheim)
    - Windows agent_config profile fixed (gaelmuller)
    - Added eventchannel support for Windows agent on Vista or later (gaelmuller)
    - Many Windows agent bug fixes (awiddersheim)

* Syscheck
  + Extended filesize from an integer to a long integer 
  + Make syscheck/analysisd/remoted.debug in internal_options.conf work (awiddersheim)

* ActiveResponse 
  + Fix active-response on MAC OS Firewall (jknockaert)

* Log monitoring/analysis
  + Add option to allow the outputing of all alerts to a zeromq PUB socket 
     in JSON format, using cJSON library (jrossi, justintime32). New Config:
     <ossec>
         <global>
             <zeromq_output>yes|no</zeromq_output>
             <zeromq_uri>tcp://localhost:11111</zeromq_uri>
  + Add TimeGenerated to the output of Windows Event logs (awiddersheim)
  + os_net fixes, and code clean up in general (cgzones)
  + os_regex unit test cases added (cgzones)
  + os_xml review and fixes  (cgzones)

* Rules and Decoders
  + Added some additional sshd rules in sshd_rules.xml (joshgarnett)
  + Removed bro-ids rules (ddpbsd)
  + Removed event ID 676, 672 in msauth_rules.xml (mstarks01)

* Contributions 
  + zeromq_pubsub.py (jrossi)
  + ossec-eps.sh, a script to calculate events-per-second (mstarks01)

- update ossec-zlib.patch
- fix how {mysql,pg}.ossec-dbd are handled during build
- removed ossec-remoted.patch, fixed upstream
- removed old .spec and .changes

-------------------------------------------------------------------
Wed Jan 29 17:44:44 UTC 2014 - darin.perusich@ctg.com

- Updated packaging to use /var/lib/ossec as the basedir 
- add sysconfig.ossec-hids, replacing /etc/ossec-init.conf,
  patched init/systemd scripts accordingly

-------------------------------------------------------------------
Wed Jan 15 13:56:23 UTC 2014 - darin.perusich@ctg.com

- add %pre for systemd in client and server packages
- moved rids to %files server as it requires the ossecr user
- fixed ossec-hids.service, can't use env variables

-------------------------------------------------------------------
Tue Jan 14 15:55:24 UTC 2014 - darin.perusich@ctg.com

- add support for systemd
- much rpmlint cleanup

-------------------------------------------------------------------
Mon Jan 13 17:36:37 UTC 2014 - darin.perusich@ctg.com

- Fix %post and %postun to use macro's and not call chkconfig, etc
  directly
- Add su to logrotate
- Add logrotate depend
- moved update-alt to %post server 
- fix license

-------------------------------------------------------------------
Wed Dec  4 14:24:50 UTC 2013 - darin.perusich@ctg.com

- install proper zlib-devel package for sles

-------------------------------------------------------------------
Mon Dec  2 20:41:15 UTC 2013 - darin@darins.net

- patch for remoted segfault
- set correct ownership of rids directory
- bring back zlib patch

-------------------------------------------------------------------
Tue Nov 26 18:08:21 UTC 2013 - darin@darins.net

- remove the zlib patch, ossec-remoted needs it

-------------------------------------------------------------------
Mon Nov 25 17:51:18 UTC 2013 - darin@darins.net

- update to 2.7.1
- significant reworking of .spec
- add packaging for server-mysql and server-postgresql, using
  update-alternatives to switch between them

-------------------------------------------------------------------
Tue Oct 15 00:00:00 UTC 2013 - eric@nixwizard.net

- Updated to OSSEC 2.7 release

-------------------------------------------------------------------
Tue Jun 12 00:00:00 UTC 2012 - eric@nixwizard.net

- First OSSEC build hosted on the OpenSUSE build service

-------------------------------------------------------------------
Tue Jul 19 00:00:00 UTC 2011 - friz@godshell.com

- Update to official 2.6.0 release

-------------------------------------------------------------------
Thu Jul  7 00:00:00 UTC 2011 - friz@godshell.com

- Added cmoraes patch
- - Adds config options for enabling/disabling rootkit/syscheck options
- - Add support for agent config profiles

-------------------------------------------------------------------
Tue Jul  5 00:00:00 UTC 2011 - friz@godshell.com

- Update to latest 2.6.0 from Mercurial

-------------------------------------------------------------------
Tue Jun  7 00:00:00 UTC 2011 - friz@godshell.com

- Update to 2.6.0 Beta 1
- - Added IPv6 support
- - Lots of new rules (OpenBSD, Clamav, BRO-ids, active response logs, etc, etc)
- - Added os-authd ‚Äì Automatically creating and setting up the agent keys
- - Added CEF support to client syslog
- - Improved reporting for file changes
- - Added option to Block repeated offenders with OSSEC

-------------------------------------------------------------------
Mon Feb 21 00:00:00 UTC 2011 - friz@godshell.com

- Rebuild because I'm an idiot

-------------------------------------------------------------------
Wed Oct 13 00:00:00 UTC 2010 - friz@godshell.com

- Update to 2.5.1 Release
- - Bugfixes

-------------------------------------------------------------------
Mon Oct 11 00:00:00 UTC 2010 - friz@godshell.com

- Inadvertantly removed manage_client.  This restores that.

-------------------------------------------------------------------
Tue Sep 28 00:00:00 UTC 2010 - friz@godshell.com

- Update to 2.5 Release
- 1.  Added support for ‚Äúreport_changes‚Äù on syscheck to show what was
-     changed in the file modification alert.
- 2.  Added support for cdb lists inside the rules.
- 3.  Added support for drop-in rules and decoders directory.
- 4.  Added a Rule unit testing framework (in python) and inside logtest
- 5.  Added support for a generic multi-line log reader.
- 6.  Added granular Windows rules.
- 7.  Added option to restrict integrity checking to a set of files.
- 8.  Added alias option to the command monitoring.
- 9.  Added silent switch for windows installer.
- 10. Added variable expansion in command output monitoring.
- 11. Fixed several windows installer bugs.

-------------------------------------------------------------------
Fri Sep 10 00:00:00 UTC 2010 - friz@godshell.com

- Update to 2.5 beta (100907)

-------------------------------------------------------------------
Wed Aug 18 00:00:00 UTC 2010 - friz@godshell.com

- re-establish client-specific logcollector and syscheckd

-------------------------------------------------------------------
Thu Apr 29 00:00:00 UTC 2010 - scott@atomicorp.com

- Updated init and ossec-server scripts to support the new reload feature.

-------------------------------------------------------------------
Tue Apr 20 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Update to 2.4.1

-------------------------------------------------------------------
Fri Apr  9 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Added zabbix reporting active response

-------------------------------------------------------------------
Thu Apr  1 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Update to 2.4 final
- Lowered courier rule 3910 (failures) from 6 over 240 to 10 over 10
- Lowered courier rule 3911 (success) from 10 over 60 to 30 over 20

-------------------------------------------------------------------
Tue Mar 23 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Rebuilt for atomic repo

-------------------------------------------------------------------
Mon Mar 22 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Update to CVS 100317

-------------------------------------------------------------------
Thu Mar 11 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Update to CVS 100311
- Add decoder for denyhosts
- Update asl_rules.xml to include denyhosts rules

-------------------------------------------------------------------
Tue Mar  9 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Update to CVS 100309

-------------------------------------------------------------------
Fri Mar  5 00:00:00 UTC 2010 - scott@atomicrocketturtle.com

- Added new decoder for smtp_auth
- Added rules to detect smtp_auth brute force attempts
- Added rules to detect imap/pop brute force attempts

-------------------------------------------------------------------
Mon Dec  7 00:00:00 UTC 2009 - scott@atomicrocketturtle.com

- Updated ossec-server.conf to be in parity with the ASL config
- Added templates dir for generating configs

-------------------------------------------------------------------
Thu Oct  9 00:00:00 UTC 2008 - scott@atomicrocketturtle.com

- update to 1.6.1

-------------------------------------------------------------------
Wed Sep  3 00:00:00 UTC 2008 - scott@atomicrocketturtle.com

- update to 1.6

-------------------------------------------------------------------
Thu Jun 26 00:00:00 UTC 2008 - scott@atomicrocketturtle.com

- update to 1.5.1

-------------------------------------------------------------------
Mon Jun  9 00:00:00 UTC 2008 - scott@atomicrocketturtle.com

- added mysql support

-------------------------------------------------------------------
Tue May 20 00:00:00 UTC 2008 - scott@atomicrocketturtle.com

- Added Stanislaw Polak's excellent ban-hackers script to manage shunning more intelligently.

-------------------------------------------------------------------
Tue May 13 00:00:00 UTC 2008 - scott@atomicrocketturtle.com

- update to 1.5

-------------------------------------------------------------------
Mon Nov 26 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- fix on active-response locking bug that prevented some rules from expiring.

-------------------------------------------------------------------
Mon Nov 19 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update to ossec 1.4

-------------------------------------------------------------------
Mon Oct 15 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update snapshot to ossec-hids-071011.tar.gz
- relinked C4, FC4, FC5 against mysql4

-------------------------------------------------------------------
Tue Oct  9 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update to snapshot ossec-hids-071006.tar.gz

-------------------------------------------------------------------
Wed Sep  5 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update to shun blocklist tracking used by ASL
- added authpsa rules + decoder

-------------------------------------------------------------------
Tue Aug 14 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update to 1.3

-------------------------------------------------------------------
Wed Aug  8 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- minor adjustment in %post, to check for config file before overwriting it

-------------------------------------------------------------------
Fri Aug  3 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- v6 was first version of the patch.
- added in logging in active-response for better ASL support
- Disabled conf event in %post, to keep from overwriting config files.

-------------------------------------------------------------------
Mon Jun 25 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- changed permissions on queue/syscheck so it can be read by the ossec group (tweak for web gui)

-------------------------------------------------------------------
Fri Jun 15 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- removed the noreplace settings from decoder and the rules
- patch for a more ASL friendly client config

-------------------------------------------------------------------
Thu Jun 14 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- release -2 had a bug.
- added ASL rules (asl_rules.xml)
- added decoder for the asl style modsecurity logging
- adjusted syslog_rules for qmail-scanner issue (BUG #ASL-18)
- Added http index in asl_rules.xml (BUG #ASL-7)

-------------------------------------------------------------------
Tue May 15 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update to 1.2

-------------------------------------------------------------------
Tue Apr 24 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- update to 1.1

-------------------------------------------------------------------
Tue Mar  6 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- configuration change for ASL

-------------------------------------------------------------------
Wed Jan 17 00:00:00 UTC 2007 - scott@atomicrocketturtle.com

- updated to 1.0

-------------------------------------------------------------------
Fri Dec  8 00:00:00 UTC 2006 - scott@atomicrocketturtle.com

- import into ART
- changed their naming conventions a bit, 0.9-3 to 0.9.3. Please dont be cross with me.

-------------------------------------------------------------------
Thu Nov  2 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- new version (0.9-3)

-------------------------------------------------------------------
Fri Sep 29 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- new version (0.9-2)

-------------------------------------------------------------------
Thu Sep  7 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- new version (0.9-1a)

-------------------------------------------------------------------
Thu Aug 24 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- new version (0.9-1)

-------------------------------------------------------------------
Wed Jul 26 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- new version (0.9)

-------------------------------------------------------------------
Fri Jul 14 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- some bugfixes

-------------------------------------------------------------------
Fri Jul  7 00:00:00 UTC 2006 - peter.pramberger@member.fsf.org

- created

Places

File ossec-hids.changes of Package ossec-hids

Places