Category: Community Contribution

I don’t think I mentioned it before, but we have two free sample chapters of the OSSEC book available online.

The first one is chapter 2: http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1323740,00.html

The second one is chapter 5: http://www.syngress.com/book_catalog/sample_159749240X.pdf

I have very good news to share. Hope you all like it 🙂

First, from now I will be working full time on OSSEC, being fully
sponsored (and paid) by Third Brigade. As some of you know, for the last few years I have been working on OSSEC as a “second job”, during the evenings and at night, so hopefully now with more time we will see some awesome improvements in a short period of time (let’s clear our bugzilla :)).

Plus, the code will remain open source (GPL), and the project will continue running the way it is now (with a few improvements), so there is nothing to worry about.

Secondly, Third Brigade (same company sponsoring me to work full time on it), also acquired the project. That means that they will put more resources to work on the project and help us bring it to the next level. For the average user it will not change anything, but for any company interested in getting an enterprise-level support and additional commercial offerings (training, professional services, etc), it will be a huge benefit.

To clear up any questions you may have:

• Yes, I WILL remain working 100% on the project!
• The code WILL remain open source and community driven!

More information can be found on the FAQ about the acquisition:
http://www.ossec.net/main/acquisition-faq/

Press release:
http://www.thirdbrigade.com/news_events.aspx?id=770

Feel free to ask any questions you may have.

Thanks!

OSSEC is part of the Hackontest, a 24-hour programming marathon
and we are looking for contributions…

First, you can register to request features that we would develop during this 24-hour period. I already added a couple, but the more the better. Second, you can vote on the submitted features and the one that receives more votes is going to be chosen.

Our page is at:

http://www.hackontest.org/index.php?action=Root-projectDetail(32)

If you are a developer, you can click on a feature and choose to help to implement it… If we are chosen, our team (whosoever registers to implement it) is going to Switzerland for the contest!

So, votes, features, ideas and developers are welcome..

The OSSEC project is now an official partner/sponsor of the The Academy.

They already have videos showing how to install OSSEC (on Unix and Windows) and will be giving away a copy of the new OSSEC book to one of their registered users. More information at their site.

From: http://www.ossec.net/main/ossec-at-the-academy

Sandro Gauci wrote a very interesting article showing how to add support for Asterisk Logs on OSSEC. Enjoy:

Using OSSEC to detect attacks on an Asterisk box

This blog has been slow lately (vacation time), but I would like to share some articles about OSSEC that were published in the last couple of months.

• Building OSSEC – A Young Man’s Journey – by Steve McMaster
• Tuning OSSEC – by Steve McMaster
• Intrusion Detection: Snort (IDS), OSSEC (HbIDS) And Prelude (HIDS) – by mbrams

*If you wrote something about OSSEC, let us know and I will publish here

It looks like that our first book about OSSEC is completed and should soon be released. Andrew Hay, Rory Bray and myself *wrote it during the last few months and we also got some great external contributions (more info to come). The book is already on **Amazon, so you can pre-order it from:

http://www.amazon.com/OSSEC-Host-Based-…

*Well, Andrew did a lot of work and pushed us a lot too, so he should get more credit for it.

**The information on Amazon is not completed, but they will hopefully update it soon.

David Bianco released a test version of an agent that can take events from
OSSEC and insert them into Sguil as alerts. This is his full msg to the ossec-list:

I’ve put together a test release of an agent that can take events from
the OSSEC alert.log and insert them into Sguil as alerts. It’s based
on the example agent that comes with sguil 0.7.0 (in CVS). It’s pretty
rough code at the moment, but I think I got most of the crash bugs out
of it. Still, I wouldn’t run it on production Sguil servers without
testing it yourself.

You can fetch the code from:

http://www.vorant.com/files/ossec_agent-0.01.tar.gz

I have received some great logos/images about OSSEC lately and I have been keeping them on the following page: OSSEC Logos.

Feel free to use any of them in case you want to help us spread the usage of OSSEC: