Hi list,
We are happy to announce that OSSEC version 2.1 is available now.
This new version is the first one with support for centralized
configurations and realtime integrity monitoring on Linux.
It also includes many other features and bug fixes:
* Centralized configuration - The agent.conf file was introduced
to allow granular configuration of the agents directly on the manager
side.
* Remote agent restart - Functionality was added to restart the
agents remotely using the agent_control tool.
* Real time integrity checking - Real time integrity checking was
added to Linux systems.
* New Log Rules Support - We added support for Windows DHCP logs
and fixed/improved many of the other rules for different messages.
Source:
http://www.ossec.net/main/ossec-v21-released
Download from here:
http://www.ossec.net/main/downloads
Full changelog (If I forgot somone, please let me know and I will
update it asap):
http://www.ossec.net/announcements/v2.1-2009-06-30.txt
-Added additional rules to detect the enumeration of extensions
(Patch by Chris Bailes <chris at paeenterprises.co.uk>).
-Added support for glob (regular expressions) when specifying the directories
to check on syscheck.
-Added support for syslog-ng ISODATE (conforming to ISO-8601) date formats
in the syslog header.
-Added support for rsyslog non-standard date format (RFC 5425).
-Added the log testing tool to the default build (now available at
/var/ossec/bin/ossec-logtest ).
-Added agentless script for Foundry switches
(Thanks to Matt <mgoldsberry at gmail.com> for the help).
-Added support for real time integrity checking.
-Added support for sending OSSEC alerts to twitter via active response.
-Added support for Windows DHCP logs
(Thanks to [email protected] for the help).
-Adding changes to support ASA/FWSM on the agentless monitoring
(Thanks to Michael Starks for the patch)
-Added option to restart an ossec agent remotely.
-Added agent config on the manager side.
-Added the ability to fully build an Windows ossec agent directly from
the (Linux) server.
-Fixed rootcheck to do not monitor read-only file systems during the
rc_sys_check
(Reported by Dennis Golden).
-Fixed Windows policy that was looking for the wrong value to check if
the firewall
was enabled or not
(Reported by Aaron Bliss).
-Fixed debian rules that were matching on Juniper messages
(Reported by Reggie Griffin).
-Fixed yum rules that we matching on another events.
-Fixed syscheck_control that was segfaulting on 64 bit systems.
-Fixed mcafee rule that was triggering deleted viruses as uncontained
(Thanks to Michael Starks for the patch).
-Fixed sshd rule to support new log format
(Thanks to j.bromley at bristol.ac.uk for the report).
-Fixed ssh_integrity_check_linux agentless script that had some extra spaces
causing it to hang
(Thanks to Mark Ibrahim for the report).
-Fixed support for systems without proper syslog hostname (solaris 8/9
most of the time).
-Added System32 Restore directory to the list of ignore files for
integrity checking
(it was causing too many false positives).
-Fixed iptables active-response scripts that was not properly deleted
all the entries.
-Added agentless devices to the listing tools (agent_control -l,
syscheck_control, -l ,etc).
-Fixed bug when reading /dev/fd on FreeBSD that was causing ossec to loop.
(Patch by Danny Fullerton - dfullerton at mantor.org )
-Fixed file descriptor leak on execd.
(Patch by Slava Semushin - php-coder at altlinux.org )
-Fixed bug where descriptions with new lines would break the alert file.
(Reported by Bill Mathews <billford at gmail.com>)
-Fixed init scripts for Darwin.
(patch by Peter <peter.wolanin at acquia.com>)
-Added support for strftime on globbed files.
-Added the option to decrease syscheck sleep time to 0 (and run as
fast as possible).
(thanks to Michael Altfield <michael.sa at gmail.com> for the suggestion)
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
