A few random project updates:

• nikto was updated to 2.1.3. This is a basic web application vulnerability scanner, theres another we've been meaning to package called w3af. Looks promising
• openvas-manager was updated, with more fixes. This is a minor update in a series to support the greenbone security administrator (GSA) on centos 5.
• clapf, an antivirus/antispam module for postfix was updated to 0.4.5rc3. A few more issues were fixed, but I believe it still needs a few more changes in the cron jobs.

The larger project update going on right now is OSSEC version 2.5 (beta). As ASL 3.0 is being developed a number of our support packages need to be either updated, or modified to support our new API's and features. This is a big one, since OSSEC supports both event recording in mysql as well as our enterprise client/server components. The latest build, 2.5-0.2 added a new rule set called exclude_rules.xml which we use in ASL to generate rule customizations. Currently ASL 2.2.11-0.2 allows you to modify either the level (used to manage shunning, shunning/reporting, or ignore) or the email policy on a per alert level via the file /etc/asl/rules.

Please note this is an interim configuration file as the design works itself out, so it can and will change considerably. The current format is:

# Rule ID, Email, Level

When asl -s -f is run, this will generate the appropriate rule exclude data to customize the policy. For example to disable email alerting on specific OSSEC rule ids like 60118 (mod_security) you would use:

60118,no,7

Internally we've already seen the shortcomings of this file based approach to managing the rule configuration and prototyped past this, so this is just going to be an interim solution. Don't get too attached!