Is there any sort of rules repository out there for OSSEC? I saw an
older message asking about this, but there wasn't a definitive response...
Been thinking about this a lot and even got started on it. Here is what I
have started and also think ddpbsd has started something but I lost the
link.
I use mercurial so went with bitbucket.org.
Setup http://bitbucket.org/jrossi/ossec-rules/ that has all the current
rules and policies and other things from the standard ossec releases.
To hack on them fork on bitbucket.org (free account available) and send
pull requests or email with pull requests. I am willing to maintain the
central repo and handle merging of other peoples contributions.
I am also the author of the unittesting patch[1] for ossec (not accepted
and not in ossec yet;)) but I plan on preforming full unit testing of rules
so that something else that people can contribute it would be great.
[1]:
<http://bitbucket.org/jrossi/ossec-hids-patches/src/tip/rules-unittests.patch>
