Wednesday, March 20, 2019

OSSEC Con 2019 is Happening!

It is happening!
The OSSEC Con2019 is happening on the Spring Equinox of 2019.
See details at:
https://www.eventbrite.com/e/ossec-con2019-tickets-51523249426

Saturday, January 20, 2018

Monday, November 13, 2017

OSSEC has a new home

OSSEC has moved to a new home on GitHub.
You can find he latest releases here.
Check it out!

Tuesday, January 20, 2015

OSSEC 2.8.1 was released on September 9, 2014

OSSEC can be downloaded here. In terms of features OSSEC 2.8.1 is the same as OSSEC 2.8 except that 2.8.1 includes a fix for CVE-2014-5284 vulnerability, which allows for root escalation via temp files. Go to OSSEC GitHub repository for more information regarding this issue.

For a complete release history since 2.7, see What's New in OSSEC documentation.

Monday, July 7, 2014

OSSEC 2.8 Released

OSSEC 2.8 has been released in June 2014 and can be downloaded here. After moving to GitHub in early 2014, many contributors joined and submitted excellent Pull Requests. Below is a copy of the release notes which is a high level summary of the major changes since 2.7.1. Refer to GitHub commit history for a complete list.

Trend Micro, Inc.                                                  June 4, 2014
--------------------------------------------------------------------------------
                       OSSEC "v2.8.0" Release Note
--------------------------------------------------------------------------------

Summary of changes in v2.8.0 

=== Installation
    == Server 
  - Avoided a crash of agentd on Solaris (danpop60)
  
    == Agent 
  - Fixed manage_agents -f potential infinite loop (awiddersheim)
  - Added manage_agents -r <id> to remove an agent (awiddersheim)
  - Allow NIX agents to use "-f" option and run in forground (awiddersheim)
  
     - Windows agent install/uninstall GUI enhancements (awiddersheim)
  - Windows agent_config profile fixed (gaelmuller)
  - Added eventchannel support for Windows agent on Vista or later (gaelmuller)
  - Many Windows agent bug fixes (awiddersheim)

=== Syscheck
    == Extended filesize from an integer to a long integer 
 == Make syscheck/analysisd/remoted.debug in internal_options.conf work (awiddersheim)

=== ActiveResponse 
    == Fix active-response on MAC OS Firewall (jknockaert)

=== Log monitoring/analysis
 == Add option to allow the outputing of all alerts to a zeromq PUB socket 
  in JSON format, using cJSON library (jrossi, justintime32). New Config:
  <ossec>
   <global>
    <zeromq_output>yes|no</zeromq_output>
    <zeromq_uri>tcp://localhost:11111</zeromq_uri>
    == Add TimeGenerated to the output of Windows Event logs (awiddersheim)
 == os_net fixes, and code clean up in general (cgzones)
 == os_regex unit test cases added (cgzones)
 == os_xml review and fixes  (cgzones)

=== Rules and Decoders
    == Added some additional sshd rules in sshd_rules.xml (joshgarnett)
 == Removed bro-ids rules (ddpbsd)
    == Removed event ID 676, 672 in msauth_rules.xml (mstarks01)

=== Contributions 
    == zeromq_pubsub.py (jrossi)
 == ossec-eps.sh, a script to calculate events-per-second (mstarks01)


OSSEC 2.8 CONTRIBUTORS (GitHub usernames in alphabetical order): 
awiddersheim 
Brad Lhotsky
cgzones
ChristianBeer
danpop60 (Solaris fix)
ddpbsd
denied39
dopefish
gaelmuller 
harshilmathur
jbcheng
jknockaert
justintime32 
Joshua Garnett
harshilmathur
hexinglun
jrossi 
labrown
Micha Nasriachi
mstarks01
northox
pdrakeweb
reyjrar
Santiago Bassett


                               === END ===

Tuesday, January 28, 2014

OSSEC 2.7.1 and Beyond

OSSEC 2.7.1 has been released in November 2013 which contained mostly bug fixes.
Since then many new pull requests have been submitted and many developers are eager to contribute their talents. After considering many factors, it was decided that it's time to move the source code repository to GitHub.  This is happening during the first quarter of 2014. 

After the move, the future of OSSEC will be driven mainly by the community. There will be many opportunities for contributors/maintainers in the areas of source code, rule sets, and documentation. 
Please check www.osse.net in the next few weeks for the latest development. 

Monday, November 19, 2012

OSSEC 2.7 Released


Go straight to ossec.net Download page!

OSSEC 2.7 key features:

  1. Installation
    • Add hybrid mode – allows the same host to be both a server and an agent, useful for multi-tier OSSEC deployment.
    • Add  manage_agents -f option for bulk generation of client keys from an input file.
    • During Agent installation, allow the OSSEC server to be specified using hostname instead of IP.
  2. Syscheck
    • Add prelinking support – reduce confusion when a file change is the result of prelinking.
  3. Rootcheck
    • Add fine-grained configuration control – allows you to turn ON/OFF individual rootcheck tasks for more efficiency and flexibility. The default is all ON.
  4. Log monitoring/analysis
    • Add GeoIP lookup support – allows geographical city names to be associated with IP addresses in OSSEC alerts, for more intelligent correlation.
  5. Alert options and syslog output
    • Add syscheck MD5/SHA1 sum to alerts for easier integration with third-party file signature checking.
    • Support JSON and Splunk formats in syslog output.
  6. Rules and other notable changes/fixes
    • Windows 2000 logs support has been deprecated (but will probably still work fine). Vista and Windows Server 2008 logs are now officially supported.
    • Windows registry syscheck alert level has been reduced from 7 to 5 to reduce unnecessary noise from alerts which do not indicate a compromise.
    • Update decoders include: PIX, auditd, apache, pam, php.
    • Many updated rules, such as new checks for vulnerable web apps exploitation attempts.
    • Update rootcheck rules.
    • ossec-client.sh now allows for ‘reload’, in addition to ‘restart’
    • Many bug fixes…
  7. LICENSE text updated by adding exception clause for OpenSSL, while OSSEC is still under GPLv2
Enjoy!