store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Wed Oct 22, 2014 11:23 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: [asl-2.0-testing] OSSEC HIDS 2.1.1-2
Unread postPosted: Fri Jul 03, 2009 10:34 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7936
Location: earth
This is the initial release candidate for OSSEC 2.1.1-2 for ASL environments.

Changelog:
-Added additional rules to detect the enumeration of extensions
(Patch by Chris Bailes <chris at paeenterprises.co.uk>).

-Added support for glob (regular expressions) when specifying the directories
to check on syscheck.

-Added support for syslog-ng ISODATE (conforming to ISO-8601) date formats
in the syslog header.

-Added support for rsyslog non-standard date format (RFC 5425).

-Added the log testing tool to the default build (now available at
/var/ossec/bin/ossec-logtest ).

-Added agentless script for Foundry switches
(Thanks to Matt <mgoldsberry at gmail.com> for the help).

-Added support for real time integrity checking.

-Added support for sending OSSEC alerts to twitter via active response.

-Added support for Windows DHCP logs
(Thanks to phishphreek@gmail.com for the help).

-Adding changes to support ASA/FWSM on the agentless monitoring
(Thanks to Michael Starks for the patch)

-Added option to restart an ossec agent remotely.

-Added agent config on the manager side.

-Added the ability to fully build an Windows ossec agent directly from
the (Linux) server.

-Fixed rootcheck to do not monitor read-only file systems during the
rc_sys_check
(Reported by Dennis Golden).

-Fixed Windows policy that was looking for the wrong value to check if
the firewall
was enabled or not
(Reported by Aaron Bliss).

-Fixed debian rules that were matching on Juniper messages
(Reported by Reggie Griffin).

-Fixed yum rules that we matching on another events.

-Fixed syscheck_control that was segfaulting on 64 bit systems.

-Fixed mcafee rule that was triggering deleted viruses as uncontained
(Thanks to Michael Starks for the patch).

-Fixed sshd rule to support new log format
(Thanks to j.bromley at bristol.ac.uk for the report).

-Fixed ssh_integrity_check_linux agentless script that had some extra spaces
causing it to hang
(Thanks to Mark Ibrahim for the report).

-Fixed support for systems without proper syslog hostname (solaris 8/9
most of the time).

-Added System32 Restore directory to the list of ignore files for
integrity checking
(it was causing too many false positives).

-Fixed iptables active-response scripts that was not properly deleted
all the entries.

-Added agentless devices to the listing tools (agent_control -l,
syscheck_control, -l ,etc).

-Fixed bug when reading /dev/fd on FreeBSD that was causing ossec to loop.
(Patch by Danny Fullerton - dfullerton at mantor.org )

-Fixed file descriptor leak on execd.
(Patch by Slava Semushin - php-coder at altlinux.org )

-Fixed bug where descriptions with new lines would break the alert file.
(Reported by Bill Mathews <billford at gmail.com>)

-Fixed init scripts for Darwin.
(patch by Peter <peter.wolanin at acquia.com>)

-Added support for strftime on globbed files.

-Added the option to decrease syscheck sleep time to 0 (and run as fast as possible).
(thanks to Michael Altfield <michael.sa at gmail.com> for the suggestion)


To Upgrade:
yum --enablerepo=asl-2.0-testing upgrade ossec-hids


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group