Monday, November 19, 2012
OSSEC 2.7 Released
Go straight to ossec.net
OSSEC 2.7 key features:
Add hybrid mode – allows the same host to be both a server and an agent, useful for multi-tier OSSEC deployment.
option for bulk generation of client keys from an input file.
During Agent installation, allow the OSSEC server to be specified using hostname instead of IP.
Add prelinking support – reduce confusion when a file change is the result of prelinking.
Add fine-grained configuration control – allows you to turn ON/OFF individual rootcheck tasks for more efficiency and flexibility. The default is all ON.
Add GeoIP lookup support – allows geographical city names to be associated with IP addresses in OSSEC alerts, for more intelligent correlation.
Alert options and syslog output
Add syscheck MD5/SHA1 sum to alerts for easier integration with third-party file signature checking.
Support JSON and Splunk formats in syslog output.
Rules and other notable changes/fixes
Windows 2000 logs support has been deprecated (but will probably still work fine). Vista and Windows Server 2008 logs are now officially supported.
Windows registry syscheck alert level has been reduced from 7 to 5 to reduce unnecessary noise from alerts which do not indicate a compromise.
Update decoders include: PIX, auditd, apache, pam, php.
Many updated rules, such as new checks for vulnerable web apps exploitation attempts.
Update rootcheck rules.
ossec-client.sh now allows for ‘reload’, in addition to ‘restart’
Many bug fixes…
LICENSE text updated by adding exception clause for OpenSSL, while OSSEC is still under GPLv2
Share to Twitter
Share to Facebook
Share to Pinterest