store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Wed Sep 02, 2015 4:33 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: [asl-2.0-testing] OSSEC HIDS 2.1.1-2
Unread postPosted: Fri Jul 03, 2009 10:34 am 
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8163
Location: earth
This is the initial release candidate for OSSEC 2.1.1-2 for ASL environments.

-Added additional rules to detect the enumeration of extensions
(Patch by Chris Bailes <chris at>).

-Added support for glob (regular expressions) when specifying the directories
to check on syscheck.

-Added support for syslog-ng ISODATE (conforming to ISO-8601) date formats
in the syslog header.

-Added support for rsyslog non-standard date format (RFC 5425).

-Added the log testing tool to the default build (now available at
/var/ossec/bin/ossec-logtest ).

-Added agentless script for Foundry switches
(Thanks to Matt <mgoldsberry at> for the help).

-Added support for real time integrity checking.

-Added support for sending OSSEC alerts to twitter via active response.

-Added support for Windows DHCP logs
(Thanks to for the help).

-Adding changes to support ASA/FWSM on the agentless monitoring
(Thanks to Michael Starks for the patch)

-Added option to restart an ossec agent remotely.

-Added agent config on the manager side.

-Added the ability to fully build an Windows ossec agent directly from
the (Linux) server.

-Fixed rootcheck to do not monitor read-only file systems during the
(Reported by Dennis Golden).

-Fixed Windows policy that was looking for the wrong value to check if
the firewall
was enabled or not
(Reported by Aaron Bliss).

-Fixed debian rules that were matching on Juniper messages
(Reported by Reggie Griffin).

-Fixed yum rules that we matching on another events.

-Fixed syscheck_control that was segfaulting on 64 bit systems.

-Fixed mcafee rule that was triggering deleted viruses as uncontained
(Thanks to Michael Starks for the patch).

-Fixed sshd rule to support new log format
(Thanks to j.bromley at for the report).

-Fixed ssh_integrity_check_linux agentless script that had some extra spaces
causing it to hang
(Thanks to Mark Ibrahim for the report).

-Fixed support for systems without proper syslog hostname (solaris 8/9
most of the time).

-Added System32 Restore directory to the list of ignore files for
integrity checking
(it was causing too many false positives).

-Fixed iptables active-response scripts that was not properly deleted
all the entries.

-Added agentless devices to the listing tools (agent_control -l,
syscheck_control, -l ,etc).

-Fixed bug when reading /dev/fd on FreeBSD that was causing ossec to loop.
(Patch by Danny Fullerton - dfullerton at )

-Fixed file descriptor leak on execd.
(Patch by Slava Semushin - php-coder at )

-Fixed bug where descriptions with new lines would break the alert file.
(Reported by Bill Mathews <billford at>)

-Fixed init scripts for Darwin.
(patch by Peter <peter.wolanin at>)

-Added support for strftime on globbed files.

-Added the option to decrease syscheck sleep time to 0 (and run as fast as possible).
(thanks to Michael Altfield < at> for the suggestion)

To Upgrade:
yum --enablerepo=asl-2.0-testing upgrade ossec-hids

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group