OSSEC v2.2 beta1 available

Posted on by Daniel Cid

OSSEC v2.2 will be released soon and we need help beta testing it. The code is pretty stable already and have been through a series of internal testings.

So, if you have a spare system or can install it on your production network, we would love to hear some feedback (just follow the instructions at our Beta testing wiki page.

New features/Bug fixes

  1. Added tool to proper validate if the system is little or big endian.
  2. Added “ignore” option to rootcheck (specially to deal with large NFS shares and avoid scaning them)
  3. Added option to log every rootcheck event (not only the FTS ones).
  4. Fixed configuration error when no parameter was given to the agent.conf file
  5. Added rules to ignore constant CRON login/logout alerts (happening on Debian/Ubuntu)
  6. Changed the way we handle Windows sockets to avoid timeouts on shared files
  7. Added support for roundcube logs. (Thanks to Michael Starks for the work).
  8. Added support for Netscreen alert (IDS) events.
  9. Added command line options to the manage_agents tool.
  10. Fixed issue of duplicated IP addresses on syscheck_control. (Patch by ddpbsd at gmail.com).
  11. Fixed the way we handle /0 netmasks on all the control tools.
  12. Added custom fine-grained entries to syscheck on Windows. The goal is to reduce the amount of directories check and increase usefulness.
  13. Added option to disable message id checks. Useful when you plan to reuse keys.
  14. Added support for WordPress logs. They come from the wpsyslog2 plugin that we modified to log everything to syslog (from new posts, new comments, logins, logouts, etc).
  15. Added support for escaping “<” on the XML and regex libraries.
  16. Fixed bug on syscheck_control where the zero/ignore options were not working on some systems. (Thanks to Michael Starks for the report).
  17. Added support for Trend OSCE (Office scan) log files
  18. Fixed installation script on AIX to only use /bin/false if it is installed.

Download

Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *