I created some RPMs (based on Atomic's I think, but without the mysql
crap and extras, and based on more current source). Unfortunately I
haven't put enough time into it to figure out how to get decent
ossec.confs in each package. It's kind of annoying.
I created 2 virtual Centos 6 systems to test them.
1 system got the -server, and the other -client. This combination did not work.
The server side does not even seem to recognize the client.
list_agents -a didn't show the agent until I changed the any to an IP.
I was also getting the not allowed error.
Using manage_agents to extract the key and import it into the agent
did not solve the issue.
I then used an lxc installed debian with ossec installed via source.
The agent-auth worked just fine, the agent connected with no errors.
So the issue seems to be in the RPM's agent-auth?
Thoughts? Ideas?
On Tue, Oct 25, 2011 at 7:05 PM, Kat <[email protected]> wrote:
> Anyone every come up with a solution to this? I built rpms from the
> Atomic SPEC (modified) and same issue - if I replace "any" with the
> IP, it works, and I don't have to extract or reset the client end, it
> just magically starts working with I replace "any" with the IP.
>
> Trying to figure out what, in the SPEC file/build, might be causing
> this.
>
> Going to start looking through the build process and the SPEC file and
> see if I can figure it out, unless someone already has.
>
> thanks
>
> On Oct 11, 4:35 pm, "dan (ddp)" <[email protected]> wrote:
>> On Tue, Oct 11, 2011 at 5:19 PM, Joe S <[email protected]> wrote:
>> > So, would you agree that OSSEC 2.6 is just fine and the problem is
>> > with the Atomic RPMs?
>>
>> Yes. I've notified them (via IRC) that there is an issue.
>>
>
# Notes
# agent - read local files (syslog, snort, etc) and forward
# server - above + notifications + remote agents
# local - do everything server does, but not recieve messages
%define experimental 1
%define _default_patch_fuzz 2
%define prg ossec
Summary: An Open Source Host-based Intrusion Detection System
Name: ossec-hids
Version: 2.6.1
Release: 4%{?dist}
License: GPL
Group: Applications/System
#Source0: http://www.ossec.net/files/%{name}-%{version}.tar.gz
Source0: http://www.ossec.net/files/%{name}-2.6.1.tar.gz
URL: http://www.%{prg}.net/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Vendor: http://www.ossec.net
Packager: Jason Frisvold <[email protected]>
BuildRequires: coreutils glibc-devel openssl-devel inotify-tools-devel
Provides: ossec
Requires: inotify-tools
ExclusiveOS: linux
%description
OSSEC HIDS is an Open Source Host-based Intrusion Detection
System. It performs log analysis, integrity checking, rootkit
detection, time-based alerting and active response.
%package client
Summary: The OSSEC HIDS Client
Group: Applications/System
Provides: ossec-client
Requires: %{name} = %{version}-%{release}
Conflicts: %{name}-server
%package server
Summary: The OSSEC HIDS Server
Group: Applications/System
Provides: ossec-server
Requires: %{name} = %{version}-%{release}
Conflicts: %{name}-client
%description client
The %{name}-client package contains the client part of the
OSSEC HIDS. Install this package on every client to be
monitored.
%description server
The %{name}-server package contains the server part of the
OSSEC HIDS. Install this package on a central machine for
log collection and alerting.
%prep
%setup -q -n ossec-hids-2.6.1
# Prepare for docs
rm -rf contrib/specs
rm -rf contrib/ossec-testing
chmod -x contrib/*
%build
pushd src
# Build the agent version first
echo "CEXTRA=-DCLIENT" >> ./Config.OS
make all
make build
mv addagent/manage_agents ../bin/manage_client
mv logcollector/ossec-logcollector ../bin/client-logcollector
mv syscheckd/ossec-syscheckd ../bin/client-syscheckd
# Rebuild for server
make clean
make all
make build
popd
# Generate the ossec-init.conf template
echo "DIRECTORY=\"%{_localstatedir}/%{prg}\"" > %{prg}-init.conf
echo "VERSION=\"%{version}\"" >> %{prg}-init.conf
echo "DATE=\"`date`\"" >> %{prg}-init.conf
# Do not strip, only compress documentation
%define __os_install_post /usr/lib/rpm/brp-compress
# Exclude from requires
%define _use_internal_dependency_generator 0
%define __find_requires %{SOURCE1}
%install
[ -n "${RPM_BUILD_ROOT}" -a "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/{bin,stats,rules,tmp}
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/rules/translated/pure_ftpd
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/logs/{archives,alerts,firewall}
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/queue/{alerts,%{prg},fts,syscheck,rootcheck,agent-info,rids}
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/var/run
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc/shared
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc/templates
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/active-response/bin
install -m 0600 %{prg}-init.conf ${RPM_BUILD_ROOT}%{_sysconfdir}
install -m 0644 etc/%{prg}.conf ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc/%{prg}.conf.sample
install -m 0644 etc/%{prg}-{agent,server}.conf ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc
install -m 0644 etc/*.xml ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc
install -m 0644 etc/internal_options* ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc
install -m 0644 etc/rules/*xml ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/rules
install -m 0644 etc/rules/translated/pure_ftpd/* ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/rules/translated/pure_ftpd
install -m 0644 etc/templates/config/* ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc/templates/
install -m 0550 bin/* ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/bin
install -m 0755 active-response/*.sh ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/active-response/bin
install -m 0644 src/rootcheck/db/*.txt ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc/shared
install -m 0550 src/init/%{prg}-{client,server}.sh ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/bin
#install -m 0755 %{SOURCE2} ${RPM_BUILD_ROOT}%{_initrddir}/%{name}
install -m 0555 src/init/init.sh ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/ossec
# create the faux ossec.conf, %ghost'ed files must exist in the buildroot
touch ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/etc/%{prg}.conf
#mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
#install -m 0644 %{SOURCE3} ${RPM_BUILD_ROOT}/etc/logrotate.d/ossec-hids
#install -m 0755 %{SOURCE4} ${RPM_BUILD_ROOT}%{_localstatedir}/%{prg}/bin/ossec-configure
%pre
if ! id -g %{prg} > /dev/null 2>&1; then
groupadd -r %{prg}
fi
if ! id -u %{prg} > /dev/null 2>&1; then
useradd -g %{prg} -G %{prg} \
-d %{_localstatedir}/%{prg} \
-r -s /sbin/nologin %{prg}
fi
%pre server
if ! id -u %{prg}m > /dev/null 2>&1; then
useradd -g %{prg} -G %{prg} \
-d %{_localstatedir}/%{prg} \
-r -s /sbin/nologin %{prg}m
fi
if ! id -u %{prg}e > /dev/null 2>&1; then
useradd -g %{prg} -G %{prg} \
-d %{_localstatedir}/%{prg} \
-r -s /sbin/nologin %{prg}e
fi
if ! id -u %{prg}r > /dev/null 2>&1; then
useradd -g %{prg} -G %{prg} \
-d %{_localstatedir}/%{prg} \
-r -s /sbin/nologin %{prg}r
fi
%post client
if [ $1 = 1 ]; then
chkconfig --add %{name}
chkconfig %{name} on
fi
echo "TYPE=\"agent\"" >> %{_sysconfdir}/%{prg}-init.conf
if [ ! -f %{_localstatedir}/%{prg}/etc/%{prg}.conf ]; then
ln -sf %{prg}-agent.conf %{_localstatedir}/%{prg}/etc/%{prg}.conf
fi
ln -sf %{prg}-client.sh %{_localstatedir}/%{prg}/bin/%{prg}-control
# daemon trickery
ln -sf %{_localstatedir}/%{prg}/bin/client-logcollector %{_localstatedir}/%{prg}/bin/%{prg}-logcollector
ln -sf %{_localstatedir}/%{prg}/bin/client-syscheckd %{_localstatedir}/%{prg}/bin/%{prg}-syscheckd
touch %{_localstatedir}/%{prg}/logs/ossec.log
chown %{prg}:%{prg} %{_localstatedir}/%{prg}/logs/ossec.log
chmod 0664 %{_localstatedir}/%{prg}/logs/ossec.log
if [ -f %{_localstatedir}/lock/subsys/%{name} ]; then
%{_initrddir}/%{name} restart
fi
%post server
if [ $1 = 1 ]; then
chkconfig --add %{name}
chkconfig %{name} on
fi
echo "TYPE=\"server\"" >> %{_sysconfdir}/%{prg}-init.conf
if [ ! -f %{_localstatedir}/%{prg}/etc/%{prg}.conf ]; then
ln -sf %{prg}-server.conf %{_localstatedir}/%{prg}/etc/%{prg}.conf
fi
ln -sf %{prg}-server.sh %{_localstatedir}/%{prg}/bin/%{prg}-control
touch %{_localstatedir}/%{prg}/logs/ossec.log
chown %{prg}:%{prg} %{_localstatedir}/%{prg}/logs/ossec.log
chmod 0664 %{_localstatedir}/%{prg}/logs/ossec.log
if [ -f %{_localstatedir}/lock/subsys/%{name} ]; then
%{_initrddir}/%{name} restart
fi
%preun client
if [ $1 = 0 ]; then
chkconfig %{name} off
chkconfig --del %{name}
if [ -f %{_localstatedir}/lock/subsys/%{name} ]; then
%{_initrddir}/%{name} stop
fi
rm -f %{_localstatedir}/%{prg}/etc/localtime
rm -f %{_localstatedir}/%{prg}/etc/%{prg}.conf
rm -f %{_localstatedir}/%{prg}/bin/%{prg}-control
rm -f %{_localstatedir}/%{prg}/bin/%{prg}-logcollector
rm -f %{_localstatedir}/%{prg}/bin/%{prg}-syscheckd
fi
%preun server
if [ $1 = 0 ]; then
chkconfig %{name} off
chkconfig --del %{name}
if [ -f %{_localstatedir}/lock/subsys/%{name} ]; then
%{_initrddir}/%{name} stop
fi
rm -f %{_localstatedir}/%{prg}/etc/localtime
rm -f %{_localstatedir}/%{prg}/etc/%{prg}.conf
rm -f %{_localstatedir}/%{prg}/bin/%{prg}-control
fi
%triggerin -- glibc
[ -r %{_sysconfdir}/localtime ] && cp -fpL %{_sysconfdir}/localtime %{_localstatedir}/%{prg}/etc
%clean
[ -n "${RPM_BUILD_ROOT}" -a "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root)
%doc BUGS CONFIG contrib INSTALL* README
%doc %dir contrib doc
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/active-response
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/active-response/bin
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/bin
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/etc
%attr(770,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/etc/shared
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/etc/templates
%attr(640,%{prg},%{prg}) %{_localstatedir}/%{prg}/etc/templates/*
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/logs
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/queue
%attr(770,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/queue/alerts
%attr(770,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/queue/%{prg}
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/queue/syscheck
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/var
%attr(770,root,%{prg}) %dir %{_localstatedir}/%{prg}/var/run
#%config(noreplace) /etc/logrotate.d/ossec-hids
#%{_localstatedir}/%{prg}/bin/%{prg}-configure
%files client
%defattr(-,root,root)
%attr(600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/%{prg}-init.conf
%{_initrddir}/*
%config(noreplace) %{_localstatedir}/%{prg}/etc/%{prg}-agent.conf
%config(noreplace) %{_localstatedir}/%{prg}/etc/internal_options*
%config(noreplace) %{_localstatedir}/%{prg}/etc/shared/*
%{_localstatedir}/%{prg}/etc/*.sample
%{_localstatedir}/%{prg}/active-response/bin/*
%{_localstatedir}/%{prg}/bin/%{prg}-client.sh
%{_localstatedir}/%{prg}/bin/%{prg}-agentd
%{_localstatedir}/%{prg}/bin/client-logcollector
%{_localstatedir}/%{prg}/bin/client-syscheckd
%{_localstatedir}/%{prg}/bin/ossec-logcollector
%{_localstatedir}/%{prg}/bin/ossec-syscheckd
%{_localstatedir}/%{prg}/bin/%{prg}-execd
%{_localstatedir}/%{prg}/bin/manage_client
%{_localstatedir}/%{prg}/bin/agent-auth
%attr(755,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/queue/rids
%files server
%defattr(-,root,root)
%attr(600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/%{prg}-init.conf
%{_initrddir}/*
%ghost %config(missingok,noreplace) %{_localstatedir}/%{prg}/etc/ossec.conf
%config(noreplace) %{_localstatedir}/%{prg}/etc/%{prg}-server.conf
%config(noreplace) %{_localstatedir}/%{prg}/etc/internal_options*
%config %{_localstatedir}/%{prg}/etc/*.xml
%config(noreplace) %{_localstatedir}/%{prg}/etc/shared/*
%{_localstatedir}/%{prg}/etc/*.sample
%{_localstatedir}/%{prg}/active-response/bin/*
%{_localstatedir}/%{prg}/bin/%{prg}-server.sh
%{_localstatedir}/%{prg}/bin/%{prg}-agentd
%{_localstatedir}/%{prg}/bin/%{prg}-analysisd
%{_localstatedir}/%{prg}/bin/%{prg}-execd
%{_localstatedir}/%{prg}/bin/%{prg}-logcollector
%{_localstatedir}/%{prg}/bin/%{prg}-maild
%{_localstatedir}/%{prg}/bin/%{prg}-monitord
%{_localstatedir}/%{prg}/bin/%{prg}-remoted
%{_localstatedir}/%{prg}/bin/%{prg}-syscheckd
%{_localstatedir}/%{prg}/bin/%{prg}-dbd
%{_localstatedir}/%{prg}/bin/%{prg}-reportd
%{_localstatedir}/%{prg}/bin/%{prg}-agentlessd
%{_localstatedir}/%{prg}/bin/%{prg}-makelists
%{_localstatedir}/%{prg}/bin/%{prg}-regex
%{_localstatedir}/%{prg}/bin/ossec-csyslogd
%{_localstatedir}/%{prg}/bin/list_agents
%{_localstatedir}/%{prg}/bin/manage_agents
%{_localstatedir}/%{prg}/bin/syscheck_update
%{_localstatedir}/%{prg}/bin/clear_stats
%{_localstatedir}/%{prg}/bin/agent_control
%{_localstatedir}/%{prg}/bin/rootcheck_control
%{_localstatedir}/%{prg}/bin/syscheck_control
%{_localstatedir}/%{prg}/bin/ossec-logtest
%{_localstatedir}/%{prg}/bin/verify-agent-conf
%{_localstatedir}/%{prg}/bin/ossec-authd
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/logs/archives
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/logs/alerts
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/logs/firewall
%attr(755,%{prg}r,%{prg}) %dir %{_localstatedir}/%{prg}/queue/agent-info
%attr(755,%{prg}r,%{prg}) %dir %{_localstatedir}/%{prg}/queue/rids
%attr(700,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/queue/fts
%attr(700,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/queue/rootcheck
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/rules
%config %{_localstatedir}/%{prg}/rules/*
%attr(750,%{prg},%{prg}) %dir %{_localstatedir}/%{prg}/stats
%attr(550,root,%{prg}) %dir %{_localstatedir}/%{prg}/tmp
%changelog
* Tue Jul 19 2011 Jason Frisvold <[email protected]> - 2.6.0-4
- Update to official 2.6.0 release
* Thu Jul 7 2011 Jason Frisvold <[email protected]> - 2.6.0-3
- Added cmoraes patch
- - Adds config options for enabling/disabling rootkit/syscheck options
- - Add support for agent config profiles
* Tue Jul 5 2011 Jason Frisvold <[email protected]> - 2.6.0-2
- Update to latest 2.6.0 from Mercurial
* Tue Jun 7 2011 Jason Frisvold <[email protected]> - 2.6.0-1
- Update to 2.6.0 Beta 1
- - Added IPv6 support
- - Lots of new rules (OpenBSD, Clamav, BRO-ids, active response logs, etc, etc)
- - Added os-authd – Automatically creating and setting up the agent keys
- - Added CEF support to client syslog
- - Improved reporting for file changes
- - Added option to Block repeated offenders with OSSEC
* Mon Feb 21 2011 Jason Frisvold <[email protected]> - 2.5.1-2
- Rebuild because I'm an idiot
* Wed Oct 13 2010 Jason Frisvold <[email protected]> - 2.5.1-1
- Update to 2.5.1 Release
- - Bugfixes
* Mon Oct 11 2010 Jason Frisvold <[email protected]> - 2.5-4
- Inadvertantly removed manage_client. This restores that.
* Tue Sep 28 2010 Jason Frisvold <[email protected]> - 2.5-3
- Update to snapshot 100928 to fix crashing logcollector
* Tue Sep 28 2010 Jason Frisvold <[email protected]> - 2.5-2
- Update to 2.5 Release
- 1. Added support for “report_changes” on syscheck to show what was
- changed in the file modification alert.
- 2. Added support for cdb lists inside the rules.
- 3. Added support for drop-in rules and decoders directory.
- 4. Added a Rule unit testing framework (in python) and inside logtest
- 5. Added support for a generic multi-line log reader.
- 6. Added granular Windows rules.
- 7. Added option to restrict integrity checking to a set of files.
- 8. Added alias option to the command monitoring.
- 9. Added silent switch for windows installer.
- 10. Added variable expansion in command output monitoring.
- 11. Fixed several windows installer bugs.
* Fri Sep 10 2010 Jason Frisvold <[email protected]> - 2.5-1
- Update to 2.5 beta (100907)
* Wed Aug 18 2010 Jason Frisvold <[email protected]> - 2.4.1-6
- re-establish client-specific logcollector and syscheckd
* Thu Apr 29 2010 Support <[email protected]> - 2.4.1-4
- Updated init and ossec-server scripts to support the new reload feature.
* Tue Apr 20 2010 Scott R. Shinn <[email protected]> - 2.4.1-1
- Update to 2.4.1
* Fri Apr 9 2010 Scott R. Shinn <[email protected]> - 2.4-5
- Added zabbix reporting active response
* Thu Apr 1 2010 Scott R. Shinn <[email protected]> - 2.4-4
- Update to 2.4 final
- Lowered courier rule 3910 (failures) from 6 over 240 to 10 over 10
- Lowered courier rule 3911 (success) from 10 over 60 to 30 over 20
* Tue Mar 23 2010 Scott R. Shinn <[email protected]> - 2.4-1
- Rebuilt for atomic repo
* Thu Mar 22 2010 Scott R. Shinn <[email protected]> - 2.4-0.2
- Update to CVS 100317
* Thu Mar 11 2010 Scott R. Shinn <[email protected]> - 2.4-0.1
- Update to CVS 100311
- Add decoder for denyhosts
- Update asl_rules.xml to include denyhosts rules
* Tue Mar 9 2010 Scott R. Shinn <[email protected]> - 2.3-8
- Update to CVS 100309
* Fri Mar 5 2010 Scott R. Shinn <[email protected]> - 2.3-7
- Added new decoder for smtp_auth
- Added rules to detect smtp_auth brute force attempts
- Added rules to detect imap/pop brute force attempts
* Mon Dec 7 2009 Scott R. Shinn <[email protected]> - 2.3-6
- Updated ossec-server.conf to be in parity with the ASL config
- Added templates dir for generating configs
* Mon Dec 7 2009 Scott R. Shinn <[email protected]> - 2.3-1
- Update to 2.3 release
* Mon Nov 9 2009 Scott R. Shinn <[email protected]> - 2.2-5
- Update to snapshot 091109
* Tue Sep 29 2009 Scott R. Shinn <[email protected]> - 2.2-4
- Update to snapshot 091008
* Tue Sep 29 2009 Scott R. Shinn <[email protected]> - 2.2-3
- Update to snapshot 090925
- Added timestamp field to the mysql schema
- Bugfix #XXX, for the ossec-client.init script to call the correct (renamed) ossec syscheckd/logcollector daemons
- Appologies for not updating the previous changelogs. Missed a few updates!
* Mon Aug 31 2009 Scott R. Shinn <[email protected]> - 2.2.0.beta2.1
- Update to snapshot 090827
- Feature Request #225, Added logrotate event to active-response log
- Updated system_audit_rcl.txt to look for the correct php.ini file
* Mon Aug 24 2009 Scott R. Shinn <[email protected]> - 2.2.0.beta1.1
- Update to 090824, beta 1 release
* Wed Aug 12 2009 Scott R. Shinn <[email protected]> - 2.1.1-5
- Update to 090812 snapshot
* Thu Jul 28 2009 Scott R. Shinn <[email protected]> - 2.1.1-3
- Rebuild agent daemons with -DCLIENT, added symlink trickery
* Thu Jul 2 2009 Scott R. Shinn <[email protected]> - 2.1.1-1
- update to 2.1.1
* Wed Jun 30 2009 Scott R. Shinn <[email protected]> - 2.1-3
- update to 090630 snapshot, this has fixes for CentOS/RHEL 4 64-bit environments
* Wed Jun 12 2009 Scott R. Shinn <[email protected]> - 2.1-1
- update to 2.1 final
* Wed Jun 12 2009 Scott R. Shinn <[email protected]> - 2.0-11
- update to snapshot 090612
* Wed Jun 10 2009 Scott R. Shinn <[email protected]> - 2.0-10
- update to snapshot 090610
* Wed Jun 3 2009 Scott R. Shinn <[email protected]> - 2.0-9
- update to snapshot 090603
* Mon Apr 27 2009 Scott R. Shinn <[email protected]> - 2.0-8
- Disable postgresql support, to get around an undesirable dependency on EL4
* Mon Apr 17 2009 Scott R. Shinn <[email protected]> - 2.0-7
- Update to snapshot 090417
* Mon Apr 13 2009 Scott R. Shinn <[email protected]> - 2.0-6
- Update to snapshot 090413 (this adds in inotify support)
* Wed Apr 10 2009 Scott R. Shinn <[email protected]> - 2.0-5
- Update to snapshot 090410 (this adds in inotify support)
* Wed Apr 8 2009 Scott R. Shinn <[email protected]> - 2.0-4
- Update to snapshot 090408
* Thu Mar 5 2009 Scott R. Shinn <[email protected]> - 2.0-2
- Added authpsa rules back in, this is used to detect brute force attacks
- Added conditional building support for ASL modifications
* Fri Feb 27 2009 Scott R. Shinn <[email protected]> - 2.0-1
- Update to 2.0 official release
* Thu Feb 26 2009 Scott R. Shinn <[email protected]> - 2.0.0-0.090225.1
- update to snapshot 090225
* Sun Feb 20 2009 Scott R. Shinn <[email protected]> - 2.0.0-0.090220.1
- update to snapshot 090220
* Fri Feb 6 2009 Scott R. Shinn <[email protected]> - 2.0.0-0.090206.1
- update to snapshot 090206
* Mon Feb 5 2009 Scott R. Shinn <[email protected]> - 2.0.0-0.090205.1
- update to snapshot 090205
* Fri Jan 30 2009 Scott R. Shinn <[email protected]> - 1.99-2
- update to CVS code 090129, this is not an offical release. Its for testing only
* Tue Jan 27 2009 Scott R. Shinn <[email protected]> - 1.99-1
- update to CVS code 090126, this is not an offical release. Its for testing only
* Thu Oct 9 2008 Scott R. Shinn <[email protected]> - 1.6.1-1
- update to 1.6.1
* Wed Sep 3 2008 Scott R. Shinn <[email protected]> - 1.6-1
- update to 1.6
* Thu Jun 26 2008 Scott R. Shinn <[email protected]> - 1.5.1-1
- update to 1.5.1
* Mon Jun 9 2008 Scott R. Shinn <[email protected]> - 1.5-3
- added mysql support
* Tue May 20 2008 Scott R. Shinn <[email protected]> - 1.5-2
- Added Stanislaw Polak's excellent ban-hackers script to manage shunning more intelligently.
* Tue May 13 2008 Scott R. Shinn <[email protected]> - 1.5-1
- update to 1.5
* Mon Nov 26 2007 Scott R. Shinn <[email protected]> - 1.4-2
- fix on active-response locking bug that prevented some rules from expiring.
* Mon Nov 19 2007 Scott R. Shinn <[email protected]> - 1.4-1
- update to ossec 1.4
* Mon Oct 15 2007 Scott R. Shinn <[email protected]> - 1.3-4
- update snapshot to ossec-hids-071011.tar.gz
- relinked C4, FC4, FC5 against mysql4
* Tue Oct 9 2007 Scott R. Shinn <[email protected]> - 1.3-3
- update to snapshot ossec-hids-071006.tar.gz
* Wed Sep 5 2007 Scott R. Shinn <[email protected]> - 1.3-2
- update to shun blocklist tracking used by ASL
- added authpsa rules + decoder
* Tue Aug 14 2007 Scott R. Shinn <[email protected]> - 1.3-1
- update to 1.3
* Wed Aug 8 2007 Scott R. Shinn <[email protected]> - 1.2-8
- minor adjustment in %post, to check for config file before overwriting it
* Fri Aug 3 2007 Scott R. Shinn <[email protected]> - 1.2-7
- v6 was first version of the patch.
- added in logging in active-response for better ASL support
- Disabled conf event in %post, to keep from overwriting config files.
* Mon Jun 25 2007 Scott R. Shinn <[email protected]> - 1.2-5
- changed permissions on queue/syscheck so it can be read by the ossec group (tweak for web gui)
* Fri Jun 15 2007 Scott R. Shinn <[email protected]> - 1.2-4
- removed the noreplace settings from decoder and the rules
- patch for a more ASL friendly client config
* Thu Jun 14 2007 Scott R. Shinn <[email protected]> - 1.2-3
- release -2 had a bug.
- added ASL rules (asl_rules.xml)
- added decoder for the asl style modsecurity logging
- adjusted syslog_rules for qmail-scanner issue (BUG #ASL-18)
- Added http index in asl_rules.xml (BUG #ASL-7)
* Tue May 15 2007 Scott R. Shinn <[email protected]> - 1.2-1
- update to 1.2
* Tue Apr 24 2007 Scott R. Shinn <[email protected]> - 1.1-1
- update to 1.1
* Tue Mar 6 2007 Scott R. Shinn <[email protected]> - 1.0-2
- configuration change for ASL
* Wed Jan 17 2007 Scott R. Shinn <[email protected]> - 1.0
- updated to 1.0
* Fri Dec 8 2006 Scott R. Shinn <[email protected]>
- import into ART
- changed their naming conventions a bit, 0.9-3 to 0.9.3. Please dont be cross with me.
* Thu Nov 02 2006 [email protected]
- new version (0.9-3)
* Fri Sep 29 2006 [email protected]
- new version (0.9-2)
* Thu Sep 07 2006 [email protected]
- new version (0.9-1a)
* Thu Aug 24 2006 [email protected]
- new version (0.9-1)
* Wed Jul 26 2006 [email protected]
- new version (0.9)
* Fri Jul 14 2006 [email protected]
- some bugfixes
* Fri Jul 07 2006 [email protected]
- created
