== OSSEC v1.3 CHANGELOG (Aug 08, 2007)==

We are pleased to announce the general availability of OSSEC version 1.3.
This is one of our biggest releases so far, with numerous new features
and bug fixes. If updating, make sure to upgrade the ossec server FIRST,
before any agent.


It has the following new features and fixes:

-Added support for NTFS ADS (alternate data streams) detection.

-Added Chinese translation.
(By Brian Wang <junchangwang at gmail.com>)

-Fixed configuration reader for os-execd that was incorrectly
disabling it when rootcheck was disabled.
(Reported by Blaine Aldridge <blaine.aldridge at gmail.com>)

-Fixed file descriptor leak on the Windows agent while reading
the Windows registry.
(Reported by Luke Bradeen <lbradeen at suresource.com>)

-Fixed bug on the overwrite usage (not working for all the
rules options).
(Reported by Michael Starks)

-Added rule "18141" for Windows unexpected shutdown.
(by Michael Starks)

-Added more logs to be monitored by default on HP-UX (auth.log and syslog.log)
(Reported by Michael Starks)

-Added rules 18170, 18171 and 18172 to detect possible Kerberos attacks.
(by Michael Starks)

-Fixed problem where if_sid and if_matched_sid were not allowed to
be different.
(Reported by Michael Starks)

-Increased maximum rule size from 1024 to 2048.

-Added support for Courier pop3/imapd logs.

-Added do_not_group for the granular e-mail options.

-Added all e-mail recipients in the e-mail header (as CC). Before
only the main address was present (in the TO field).

-Fixed compilation issue with Solaris (va_copy).
(Thanks to Warren Petrofsky for the report and Serge Dubrouski
for the fix)

-Fixed multiple XML variables usage. They were causing ossec
to segfault during startup.
(Reported by Michael Starks)

-Added rule 3331 for Postix (452 Insufficient system storage).
(By Michael Starks)

-Added decoders/rules for SMF-SAV Sendmail filter.
(By Logan O'Sullivan Bruns <logan at gedanken.org>).

-Fixed bug where OSSEC was crashing on Solaris (passing null pointers
to *printf).
(Thanks to Logan Bruns for the patch)

-Added forced integrity checking of agents configuration. During
startup ossec will forward it to the server.

-Added times of first/last seeing for rootcheck messages.

-Added better error handling/reporting on the agent startup.

-Added ossec (agent) version to the agent-info information (server-side).

-Added support for Cisco IOS logs.

-Added support for Symantec Web Security logs.

-Added User interface to manage the Windows agent.
Screenshots at http://www.ossec.net/dcid/?p=91 .

-Added additional error handling, better error messages
and verbose outputs (troubleshooting should be easier now).

-Added support for Windows policy monitoring.
http://www.ossec.net/wiki/index.php/Know_How:WindowsPolicy



To download the new version:
http://www.ossec.net/main/downloads


We want to thank everyone who sent comments, suggestions
or just some nice words to us! We really appreciate the 
feedback!


Daniel B. Cid (in name of the OSSEC team).
http://www.ossec.net/main/about
http://www.ossec.net/announcements/v1.3-2007-08-07.txt