It's a me too reply ^_^ just upgraded to 2.1
[534986.676528] ossec-syscheckd[19422]: segfault at 0 ip 40414b sp 7fffbd4e3b10
error 4 in ossec-syscheckd[400000+3b000]
debian lenny 5.0.2
kernel 2.6.26-2-amd64
--
Louie June 30, 2009 22:10:35
On Tue, Jun 30, 2009 at 09:16:54AM -0400, Koski, David wrote:
>
> Just upgraded and my ossec-syscheckd segfaulted on its first run (RHEL5 x64)
> on the main server:
>
> kernel: ossec-syscheckd[1853]: segfault at 0000000000000000 rip
> 0000000000403dbe rsp 00007fff14946db0 error 4
>
> David
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Daniel Cid
> Sent: Tuesday, June 30, 2009 8:38 AM
> To: [email protected]; [email protected]
> Subject: [ossec-list] OSSEC v2.1 released
>
>
> Hi list,
>
> We are happy to announce that OSSEC version 2.1 is available now.
>
> This new version is the first one with support for centralized
> configurations and realtime integrity monitoring on Linux.
> It also includes many other features and bug fixes:
>
> * Centralized configuration - The agent.conf file was introduced
> to allow granular configuration of the agents directly on the manager
> side.
> * Remote agent restart - Functionality was added to restart the
> agents remotely using the agent_control tool.
> * Real time integrity checking - Real time integrity checking was
> added to Linux systems.
> * New Log Rules Support - We added support for Windows DHCP logs
> and fixed/improved many of the other rules for different messages.
>
> Source:
> http://www.ossec.net/main/ossec-v21-released
>
> Download from here:
> http://www.ossec.net/main/downloads
>
>
> Full changelog (If I forgot somone, please let me know and I will
> update it asap):
> http://www.ossec.net/announcements/v2.1-2009-06-30.txt
>
> -Added additional rules to detect the enumeration of extensions
> (Patch by Chris Bailes <chris at paeenterprises.co.uk>).
>
> -Added support for glob (regular expressions) when specifying the directories
> to check on syscheck.
>
> -Added support for syslog-ng ISODATE (conforming to ISO-8601) date formats
> in the syslog header.
>
> -Added support for rsyslog non-standard date format (RFC 5425).
>
> -Added the log testing tool to the default build (now available at
> /var/ossec/bin/ossec-logtest ).
>
> -Added agentless script for Foundry switches
> (Thanks to Matt <mgoldsberry at gmail.com> for the help).
>
> -Added support for real time integrity checking.
>
> -Added support for sending OSSEC alerts to twitter via active response.
>
> -Added support for Windows DHCP logs
> (Thanks to [email protected] for the help).
>
> -Adding changes to support ASA/FWSM on the agentless monitoring
> (Thanks to Michael Starks for the patch)
>
> -Added option to restart an ossec agent remotely.
>
> -Added agent config on the manager side.
>
> -Added the ability to fully build an Windows ossec agent directly from
> the (Linux) server.
>
> -Fixed rootcheck to do not monitor read-only file systems during the
> rc_sys_check
> (Reported by Dennis Golden).
>
> -Fixed Windows policy that was looking for the wrong value to check if
> the firewall
> was enabled or not
> (Reported by Aaron Bliss).
>
> -Fixed debian rules that were matching on Juniper messages
> (Reported by Reggie Griffin).
>
> -Fixed yum rules that we matching on another events.
>
> -Fixed syscheck_control that was segfaulting on 64 bit systems.
>
> -Fixed mcafee rule that was triggering deleted viruses as uncontained
> (Thanks to Michael Starks for the patch).
>
> -Fixed sshd rule to support new log format
> (Thanks to j.bromley at bristol.ac.uk for the report).
>
> -Fixed ssh_integrity_check_linux agentless script that had some extra spaces
> causing it to hang
> (Thanks to Mark Ibrahim for the report).
>
> -Fixed support for systems without proper syslog hostname (solaris 8/9
> most of the time).
>
> -Added System32 Restore directory to the list of ignore files for
> integrity checking
> (it was causing too many false positives).
>
> -Fixed iptables active-response scripts that was not properly deleted
> all the entries.
>
> -Added agentless devices to the listing tools (agent_control -l,
> syscheck_control, -l ,etc).
>
> -Fixed bug when reading /dev/fd on FreeBSD that was causing ossec to loop.
> (Patch by Danny Fullerton - dfullerton at mantor.org )
>
> -Fixed file descriptor leak on execd.
> (Patch by Slava Semushin - php-coder at altlinux.org )
>
> -Fixed bug where descriptions with new lines would break the alert file.
> (Reported by Bill Mathews <billford at gmail.com>)
>
> -Fixed init scripts for Darwin.
> (patch by Peter <peter.wolanin at acquia.com>)
>
> -Added support for strftime on globbed files.
>
> -Added the option to decrease syscheck sleep time to 0 (and run as
> fast as possible).
> (thanks to Michael Altfield <michael.sa at gmail.com> for the suggestion)
>
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
signature.asc
Description: Digital signature
