bookmark_borderTrend Micro to Acquire Third Brigade

Fresh news from http://www.ossec.net/main/trend-micro-to-acquire-third-brigade:

On April 29, 2009 Trend Micro announced a definitive agreement to acquire the business of Third Brigade, a privately-held security and compliance software company headquartered in Ottawa, Canada that owns the OSSEC project. The acquisition is subject to customary approvals and is expected to close in the 2nd quarter of 2009.

So basically, they will be acquiring Third Brigade and the OSSEC project. They are committed to maintaining OSSEC as an open source project.

More updates soon…

Thanks,

bookmark_borderOSSEC to Twitter

Want to see your OSSEC alerts on twitter? We just added support for that on the latest snapshot.

To make it work, first update to the latest snapshot and add the following to your ossec.conf:

<command>
<name>ossec-tweeter</name>
<expect></expect>
<executable>ossec-tweeter.sh</executable>
</command>

<active-response>
<command>ossec-tweeter</command>
<location>server</location>
<level>6</level>
</active-response>

Where the first entry “command” is defining the active response script and the second one “active-response” is configuring when to execute it. In my example above, I chose to execute it for every alert >= level 6. Note, that you can’t run it on the individual agents, just on the management server.

After that, you need to configure the twitter script with the appropriate credentials. So, open the file /var/ossec/active-response/bin/ossec-tweeter.sh and modify the first 2 entries:

TWITTERUSER=”youruser”
TWITTERPASS=’yourpass’

If you want to send direct messages to yourself (or any other account), also set the direct msg user variable:

DIRECTMSGUSER=””

After that, just restart OSSEC and wait for the updates. If you want some examples, check the ossec twitter page.

bookmark_borderIntegrity checking application profiles

We are trying to make syscheck (the integrity checking module on ossec) more useful than what it is now and we are looking for contributions to create application profiles. What we are looking exactly is a list of files/directories (or registry entries) per application to be added to ossec.

For example, files used by qmail:

/var/qmail/control/
/var/qmail/rc

by Named:

/var/named/chroot/etc
/var/named/data/

By Apache:

/var/www/htdocs/

A few more is on the wiki: http://www.ossec.net/wiki/index.php/Dev:Syscheck

We need that for Windows and Unix applications (including IIS, Anti virus, etc), open source and commercial… Any feedback is more than welcome.

*You can add on your own to the wiki or just reply in here..