bookmark_borderOSSEC v2.0 released

from http://www.ossec.net/main/ossec-v20-released:

We are pleased to announce the general availability of OSSEC version 2.0.
This new version is the first one with support for agentless monitoring and include many others new features and bug fixes:

  • Compiled Rules – Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
  • Agentless Monitoring – Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
  • New Language Support – We added support for the Dutch language in the install
  • New Log Rules Support – We added support for Yum logs and fixed/improved many of the other rules for different messages.
  • New reporting tool – We added a new tool to create and help generate reports

And much more… Check the changelog to see all changes and contributors.

Download it from: http://www.ossec.net/main/downloads .

Special thanks to Michael Starks, Dean Takemori, Scott Shinn, Sebastien Tricaud, Martijn de Boer,Meir Michanie, Matthias Schmidt, Dan Pariott and Daniel Medianero for helping with this release.

bookmark_borderv2.0 beta testing begins

This is that time of the year where everyone can help our project. Beta testers for our version 2.0 is what we need!

The list of new features, bug fixes and packages to use are all available at: http://www.ossec.net/wiki/index.php/Dev:BetaTesting

These are our goals with beta testing:

  1. Make sure that everything that was working on previous versions is still on the new one.
  2. Make sure your local rules still work and it can parse all your logs.
  3. Make sure that all the new features work as expected.
  4. Bugs reported were properly fixed.
  5. Make sure that the upgrade process still works on all platforms.
  6. We need to make sure it compiles fine on all platforms and operating systems. Try it on Solaris, NetBSD, FreeBSD, AIX, HP-UX, any Linux distribution that you have.
  7. Test that the agentless monitoring is working as it should.
  8. Test the compiled rules and reporting tool.

If you run into any issues, please let us know.

Thanks!

bookmark_borderAgentless monitoring using public key authentication

As a follow up to the previous post (Agentless monitoring), I will now show how to use public key authentication instead of passwords to access the remote boxes.

1- Adding the remote host

When adding the remote host, you need to provide the password as “NOPASS”:

  # /var/ossec/agentless/register_host.sh add root@xx.net NOPASS
   *Host root@xx.netl added.

2-Adding the public key

The public key must be created by the user ossec inside the ossec home directory. To do that, follow these steps:

# sudo -u ossec ssh-keygen

It will create the public keys inside /var/ossec/.ssh . After that, just scp the public key to the remote box and your password less connection should work.