However it's a good starting point, thanks for that Jeremy. Just to get started I'll create a repo in my own Github account because I want to get something going for my own purposes. *If* it looks interesting to anyone else we can put an oosec-rules repo in the OSSEC Github account. If not, then no harm done.
On Mar 20, 2014, at 7:30 PM, Michael Starks <[email protected]> wrote: > On 03/20/2014 09:17 PM, Jeremy Rossi wrote: >> * Michael Starks <[email protected]> [2014-03-20 21:00:03 >> -0500]: >> >>> On 03/20/2014 02:02 PM, Vic Hargrave wrote: >>>> One problem with this that I can see is keeping the rule ids for new >>>> rules unique. We'd have to figure out how to set aside rule id ranges >>>> that would serve as namespaces or at least log the ids used by people as >>>> they add rules. If we do this we should have a well maintained READ me >>>> that identifies the rule ID ranges and what they do. >>> >>> When I used to add support for new applications, Daniel C would assign >>> me a range to use, depending on how many rules I thought I might >>> create. It was very much like getting assigned a class C, and also had >>> the associated issues (wasting rule space, etc). There was a page >>> which has all of the defined rule spaces. It should be around >>> somewhere--heck, maybe even in the Wayback machine. :) The user space >>> is also well defined and should not change for legacy reasons. >> >> It's in the repo: >> https://github.com/ossec/ossec-hids/blob/master/doc/rule_ids.txt > > That doesn't look completely up-to-date. For example, the McAfee ruleset I > wrote isn't in there. It looks like a review is in order. > > > -- > > --- You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
