==OSSEC v2.3 CHANGELOG (Dec 07, 2009)== We are pleased to announce the general availability of OSSEC version 2.3. As always, this version comes with lots of bug fixes and new features. They are listed in this changelog with the proper credits. Changelog: -Added support for the Nginx web server. -Added support for Suhosin (Hardened PHP). -Added support for real time integrity monitoring on Windows systems. -Added support for monitoring the output of commands on Linux and Windows. -Added rules for PHP Warnings/errors. -Fixed the way we read log files on Windows to properly support rotation without locking the files. -Added support for Windows environment variables in the field of log monitoring. -Added check to avoid reading the same log file twice on incorrect configurations. -Fixed pam rules to ignore cron "login" events. -Fixed real time integrity checking bug on Linux, where the directories set were not recursive. (Reported by Michael Starks). -Added check to run the proper installation scripts on OSX 10.6 (Snow Leopard) -Fixed bug where option from rootcheck was not being utilized properly. -Fixed bug where syscheck was crashing if not directory was provided. (Reported by Aung Khant). -Fixed sshd rules that were generating false positives. -Changing default value for "stats" alerts to be lower. Now default to level 4. -Fixing installation scripts to better detect build errors. http://ossec.uservoice.com/pages/18254-general/suggestions/374023-check-and-handle-more-errors-during-install?ref=title -Fixed option on rootcheck. http://ossec.uservoice.com/pages/18254-general/suggestions/296272-allow-for-the-disabling-of-rootcheck -Fixing installer to detect DragonFlyBSD and set up the users properly. http://ossec.uservoice.com/pages/18254-general/suggestions/339696-dragonflybsd-does-not-create-the-ossec-users-and-group?ref=title -Fixed active-response alert_id field that was pointing to the wrong event. -Added new rule to detect comment spam on Wordpress. (By Michael Starks). -Added dovecot rules and decoders. (By Michael Starks). -Fixed ossec-control bug, where during the stop process, it could kill another process by mistake. (Reported by xti9er) http://ossec.uservoice.com/pages/18254-general/suggestions/299723-fix-ossec-control-bug?ref=title http://hi.baidu.com/xti9er/blog/item/8cfea0085084c79c0b7b82e8.html -Fixed behavior of the syscheck alerts that would always say that the file changed 3rd time for changes more often than 3 times. http://ossec.uservoice.com/pages/18254-general/suggestions/321253-change-file-integrity-alert-3rd-time- -Fixed bug on "ignore" option, which was not fully ignoring the alert for the right time. -Added rules to alert on login events from MS SQL. (By Fabio Paracchini ) -Added support for foregroung mode. (By Jeremy Rossi) -Fixed typo on Wordpress rules. -Fixed database output do not strip backslashes. -Fixed hanging issue on the Windows agent. To download the new version: http://www.ossec.net/main/downloads We want to thank everyone who sent comments, suggestions or just some nice words to us! We really appreciate the feedback! Daniel B. Cid (in name of the OSSEC team). http://www.ossec.net/main/about http://www.ossec.net/announcements/v2.3-2009-12-07.txt