I have recently setup ossec 0.8 on my Ubuntu machine and would like to make the following comments for improvement.
1. The installation documentation refers to this address http://www.ossec.net/files/ossec-hids-latest_sum.txt for the MD5 and SHA1 checksums, however this document does not exist. I found only the ossec-hids-0.8-latest_sum.txt existing. This is fine, however the documentation needs to be updated. 2. Just a minor note, on both my Gentoo and Ubuntu boxes the commands for md5 and sha1 are called md5sum and sha1sum. The installation documentation might want to make a Note: about this, however its not that important. If you are installing a HIDS then you should probably know how to calculate a MD5 sum on your box. 3. tar -zxvf ossec-hids-* doesn't work because of the MD5/SHA1 text file is there. The documentation has you download the checksums making the untar command ambiguous. 4. During the last part of installation the world "below" is misspelled (as pointed out below). "Press ENTER to finish (maybe more information bellow)" 5. none of the syscheck check_xxx values seem to work as described in the documentation. For example the documentation says check_sum should take a yes or no value, however <check_sum>yes</check_sum> is listed as an invalid value upon startup. This applies to all the check_xxx values listed in the documentation. I couldn't get any of them to work. 6. The one question that I can't find an answer to is; Where can you get updated txt files for the rootcheck program? Several points in the documentation point out a "the signature files are here" but I could not find a link to the actual signatures anywhere. I'm assuming that ossec is not going to update the signatures by it's self. So how do I go about making sure that rootcheck's signature files are up to date? Overall I'm very impressed, and find the installation very easy. Thanks. -- Stephen Bunn http://sbunn.roguesoftware.net --~--~---------~--~----~------------~-------~--~----~ -~----------~----~----~----~------~----~------~--~---
