OSSEC Commercial Support contracts will no longer be available directly from Trend Micro as of March 2014; however all existing agreements will continue to be fully supported until the end of their respective terms.
If you are still interested in OSSEC and requrie commercial support, Trend Micro is aware of some 3rd party vendors who may be able to provide some deployment assistance or post-sale support options. Please note that Trend Micro does not specifically endorse these vendors, but is merely providing this information as a convenience for users. Interested parties are advised to directly contact the vendor for more information on their specific capabilities or offerings around OSSEC.
While AlienVault does not offer stand-alone support options for OSSEC, it does offer OSSEC support through it’s commercial offering. OSSEC is one of many open source tools found in the AlienVault Unified Security Management (USM) platform which provides OSSEC users with an interface to manage and configure large agents deployments, customize rules, generate reports or dashboards and correlate incoming agents data. To learn more visit: http://www.alienvault.com/landing/ossec or contact us at firstname.lastname@example.org.
OSSEC Training Resources from the AlienVault Community:
- Advanced OSSEC Training Webcast
- Installing OSSEC agent in a Windows server
- Reading a log file with OSSEC agent
- Deploying OSSEC agents to Linux Hosts
AtomiCorp is the maker of Atomic Secured Linux – the complete security solution for Linux web servers which features OSSEC as one of its primary security tools. AtomiCorp has long been involved with the OSSEC Project and currently builds the OSSEC RPM packages for each release. If you are interested in the Atomic Secured Linux, AtomiCorp provides commericial support for the system You can find out more about Atomic Secured linux by contating AtomiCorp sales at email@example.com.
The OSSEC developers have been hard at work on version 2.8 and we have made Beta-1 packages available for testing. See the Downloads page. Helps us with the testing and fine tuning of this preliminary release.
The recently disclosed CVE-2014-0160 vulnerability – heartbleed read overrun – in OpenSSL may impact OSSEC installations where OSSEC was deployed with OpenSSL support, either when built from source or installed from RPMs. In particular this issue leaves ossec-authd open to attack.
The CVE-2014-0160 vulnerability has been fixed in OpenSSL 1.0.1g as described here - https://www.openssl.org/news/secadv_20140407.txt. OSSEC users are advised to replace their existing OpenSSL shared libraries with version 1.0.1.g which you can obtain as a source tarball on the OpenSSL website here http://www.openssl.org/source/. As of this writing it does not appear that yum repositories for CentOS 6.x have pushed this version of OpenSSL to the repository servers.
It is further advised that, until you patch your OpenSSL components, you do not leave ossec-authd running when it is not receiving requests from your OSSEC agents.
Our friends at AlienVault have created and now host Debian packages of OSSEC for Ubuntu Wheezy, Jessie and Sid. See the Downloads page for the links to the packages and AlienVault's respositories. Thanks to OSSEC Project team member Santiago Gonzalez for taking the time to create these packages and AlientVault for hosting them
And just a reminder, we have RPMs for all the major RedHat derived distros courtesy of our friends at Atomicorp and long time team member Scott Shinn.
OSSEC is moving from bitbucket to github, and in the process moving to a new method for accepting contributions. This is an exciting change that we feel will help push OSSEC forward in 2014 and further into the future.
The overall goals of the change are to allow OSSEC to be more dynamic, agile, and quicker to respond to the needs of the community.
This change will not be without issues or problems, but we aim to make it as seamless as possible. To do this we are committing to the following task to be completed 7 days from now:
- Port all code to github
- Port all Open Issues to github issues
- Port all Open Pull Requests to github Pull Requests
1) Porting code
This is currently done every 30 minutes (when hg-git does not break). We have set up and enabledgithib.com/ossec/ossec-hids
This will continue till to the cut over date of Feb 7th 2014.
2) Port all Open Issues
We will copy all open issues from Bitbucket to github. Due to the api avaiable, and reporting user and all comments on issues will show up as the user performing the migration. Test runs are being preformed togithib.com/jrossi/issue-migration-test
3) Port all Open Pull Requests
This process will be the hardest, and will be the hardest to detail, but we shall attempt it here.
Contact pull request author to request they move to github and resubmit using github. If no response is recevied before the following:
- Create github.com/ossec/bitbucket-pull-requests as a fork of github.com/ossec/ossec-hids/
- Export each Pull Request as a patch bb-gh-pull-request-##.patch
Import each patch into a branch named bb-gh-pull-request-##
- Apply correct author/email git infomation so no infomation is lost.
- Create a github pull request for each branch.
For authors who email addresses match between githib and bitbucket everything will show up as expected. Authors can also use github email settings to add second or third email address.
Once completed, each pull request will stand on its own and be reviewed for merging based on the Collective Code Construction Contract.