Whats new in OSSEC HIDS 2.0:

-Added compiled rules

-Fixed bug on the Windows agent event log reader that was not
working properly when the message size was larger than 2048 *64 chars.

-Fixed alerting when the event log is cleared.

-Fixed su decoder
(Reported by Ricardo Stocco).

-Fixed bug on the Windows agent event log reader where non-standard logs
where failing the configuration test.

-Added option for agentless integrity checking on Linux.

-Added option for agentless integrity checking on BSD systems.

-Added option for generic diffs using the agentless monitoring.

-Ignoring /dev/oprofile alerts on Ubuntu
(reported by gary <garyyuen at gmail.com> ).

-Fixed scan_day value on syscheck that was not working properly
(patch by Matthias Schmidt).

-Added ossec-reported tool to generate text-based reports.

-Fixed bug on syscheckd where it would stop working if ever found a link to a socket or device
(reported by Matthias Schmidt).

-Fixed bug on the installation script that was not disabling rootcheck properly
(by Meir Michanie).

-Added agentless integrity checking on Cisco devices (routers, switches and firewalls)
(thanks to Marcus Maciel for the help and script samples).

-Fixed false positives on some pix rules.

-Added support for Yum rules
(thanks to Michael Starks for the help).

-Added dutch translation
(thanks to Martijn de Boer).

-Added support for picviz
(thanks to Sebastien Tricaud).

-Fixed support for wildcards on logcollector. It was not working if
it was the first entry in the file
(Thanks to Nicolas Arias for the report).

-Fixed MySQL output support that was dying if the server went
down
(thanks to Scott Shinn for the reporting and help debugging it).

-Fixing output of rootcheck_control that was reporting the wrong
ip address
(thanks to Aaron Bliss for the report).

-Added CentOS 5.2 to the RHEL5 CIS checks.

-Added scan_on_start option to rootcheck.

-Fixed init scripts for Mac OSX 10.5
(reported by Martijn de Boer).

-Updated checkpoint decoder
(patch by Dean Takemori).

-Removed false positive on FreeBSD caused by rootcheck looking at libproc.a
(reported by moto kawasaki).


Upgrading to OSSEC-HIDS 2.0:

Step 1) yum upgrade ossec-hids

Step 2) asl -s -f

hey
i get this (i dont have testing or bleeding active)

Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for ossec-hids to pack into transaction set.
ossec-hids-2.0-2.el4.art. 100% |=========================| 11 kB 00:00
---> Package ossec-hids.i386 0:2.0-2.el4.art set to be updated
---> Downloading header for ossec-hids-server to pack into transaction set.
ossec-hids-server-2.0-2.e 100% |=========================| 18 kB 00:00
---> Package ossec-hids-server.i386 0:2.0-2.el4.art set to be updated
--> Running transaction check
--> Processing Dependency: ossec for package: asl
--> Finished Dependency Resolution
Error: Missing Dependency: ossec is needed by package asl
[root@star yum.repos.d]#

greets
zek

Same here also.

[root@inet3170 ~]# yum update ossec-hids
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
* plesk: 3es.atomicrocketturtle.com
* base: chi-10g-1-mirror.fastsoft.net
* updates: repo.genomics.upenn.edu
* asl-2.0: atomicorp.com
* addons: mirrors.greenmountainaccess.net
* extras: mirror.myriadnetwork.com
* atomic: www6.atomicorp.com
Setting up Update Process
Resolving Dependencies
--> Running transaction check
--> Processing Dependency: ossec-hids.pp for package: ossec-hids-server
--> Processing Dependency: ossec for package: asl
--> Processing Dependency: ossec-hids = 2.0-1.el5.art for package: ossec-hids-server
---> Package ossec-hids.i386 0:2.0-2.el5.art set to be updated
--> Running transaction check
--> Processing Dependency: ossec for package: asl
---> Package ossec-hids-server.i386 0:2.0-2.el5.art set to be updated
--> Finished Dependency Resolution
Error: Missing Dependency: ossec is needed by package asl

+3

+4

-4, clear your caches and update to 2.0-3

yes, now its ok, thanks

Cool, sorry about that one. That was QA'd against ASL 2.1, which doesn't have a Requires: on ossec. ASL 2.0 does, so there was the problem.

Is there any solution to the dependency problem?

Error: Missing Dependency: ossec is needed by package asl


I tried the following which did not help:

yum clean all
yum --disablerepo=rpmforge update

2.2 is out, and its an upgrade - so try upgrade instead of update.

Thank you, I tried upgrade, but I still get

Error: Missing Dependency: ossec is needed by package asl

You get that when you run: "yum upgrade" ?

Make sure also run:

yum clean all

yum upgrade

And if that doesnt work, please post the output from those commands, along with:

rpm -qa | grep "asl|ossec"

yum --version

your repo setups in /etc/yum.repos.d

and confirm what distro you are running.

Yes



Yes I did that



[root@wmx-us-08 yum.repos.d]# rpm -qa | grep asl
cyrus-sasl-2.1.22-4
asl-2.0.7-3.el5.art
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-lib-2.1.22-4
asl-web-gui-0.13-1.el5.art
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-lib-2.1.22-4

[root@wmx-us-08 yum.repos.d]# rpm -qa | grep ossec
ossec-hids-1.5-3.el5.art
ossec-hids-server-1.5-3.el5.art



3.2.8



-rw-r--r-- 1 root root 571 Sep 1 15:37 asl.repo (disabled)
-rw-r--r-- 1 root root 1.2K Dec 29 2008 atomic.repo priority=1
-rw-r--r-- 1 root root 2.1K Aug 20 2008 CentOS-Base.repo priority=3
-rw-r--r-- 1 root root 2.0K Aug 20 2008 CentOS-Base.repo.zipservers priority=3
-rw-r--r-- 1 root root 626 Jun 19 2008 CentOS-Media.repo (disabled)
-rw-r--r-- 1 root root 693 Aug 19 2008 mirrors-rpmforge
-rw-r--r-- 1 root root 189 Dec 29 2008 plesk.repo
-rw-r--r-- 1 root root 440 Aug 19 2008 rpmforge.repo priority=10


CentOS release 5.2 (Final)

If the repo is disabled you're not going to be able to get the updates from it. I would go in there and re-enable it before you run yum upgrade again.