April 2009 – OSSEC

Trend Micro to Acquire Third Brigade

Posted on April 29, 2009July 2, 2020 by Daniel Cid

Fresh news from http://www.ossec.net/main/trend-micro-to-acquire-third-brigade:

On April 29, 2009 Trend Micro announced a definitive agreement to acquire the business of Third Brigade, a privately-held security and compliance software company headquartered in Ottawa, Canada that owns the OSSEC project. The acquisition is subject to customary approvals and is expected to close in the 2nd quarter of 2009.

So basically, they will be acquiring Third Brigade and the OSSEC project. They are committed to maintaining OSSEC as an open source project.

More updates soon…

Thanks,

OSSEC to Twitter

Posted on April 14, 2009July 2, 2020 by Daniel Cid

Want to see your OSSEC alerts on twitter? We just added support for that on the latest snapshot.

To make it work, first update to the latest snapshot and add the following to your ossec.conf:

<command>
<name>ossec-tweeter</name>
<expect></expect>
<executable>ossec-tweeter.sh</executable>
</command>
<active-response>
<command>ossec-tweeter</command>
<location>server</location>
<level>6</level>
</active-response>

Where the first entry “command” is defining the active response script and the second one “active-response” is configuring when to execute it. In my example above, I chose to execute it for every alert >= level 6. Note, that you can’t run it on the individual agents, just on the management server.

After that, you need to configure the twitter script with the appropriate credentials. So, open the file /var/ossec/active-response/bin/ossec-tweeter.sh and modify the first 2 entries:

TWITTERUSER=”youruser”
TWITTERPASS=’yourpass’

If you want to send direct messages to yourself (or any other account), also set the direct msg user variable:

DIRECTMSGUSER=””

After that, just restart OSSEC and wait for the updates. If you want some examples, check the ossec twitter page.

Integrity checking application profiles

Posted on April 13, 2009July 2, 2020 by Daniel Cid

We are trying to make syscheck (the integrity checking module on ossec) more useful than what it is now and we are looking for contributions to create application profiles. What we are looking exactly is a list of files/directories (or registry entries) per application to be added to ossec.

For example, files used by qmail:

/var/qmail/control/
/var/qmail/rc

by Named:

/var/named/chroot/etc
/var/named/data/

By Apache:

/var/www/htdocs/

A few more is on the wiki: http://www.ossec.net/wiki/index.php/Dev:Syscheck

We need that for Windows and Unix applications (including IIS, Anti virus, etc), open source and commercial… Any feedback is more than welcome.

*You can add on your own to the wiki or just reply in here..

The Changing Landscape of OSSEC-HIDS

Posted on April 13, 2009July 2, 2020 by Daniel Cid

Chuck Little published the article The Changing Landscape of OSSEC-HIDS for the Security Horizon Journal, detailing the latest year of OSSEC development. Recommended read!

Follow us on twitter

Posted on April 9, 2009July 2, 2020 by Daniel Cid

I couldn’t stay away from it very long, so I am twitting now too (or trying to). If you want to hear the latest on ossec development, follow us there:

twitter.com/danielcid(opens in a new tab)

Thanks!