[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] OSSEC 1.1 BETA1 available

To: ossec-dev@xxxxxxxxx
Subject: [ossec-dev] OSSEC 1.1 BETA1 available
From: "Daniel Cid" <dcid@xxxxxxxxx>
Date: Wed, 21 Feb 2007 21:57:02 -0400
Content-disposition: inline
Content-transfer-encoding: 7bit


If you are looking for a way to help the project, here is your chance.

We just release the first beta for the 1.1 version and we need beta testers.
This version has numerous bug fixes and new features, so a great deal of
QA will be required. If you try it out, let us know if it worked or
not (and provide
the operating system/version that you used).

Download it:

http://www.ossec.net/files/snapshots/ossec-hids-070221.tar.gz
http://www.ossec.net/files/snapshots/ossec-win32-070221.exe


More info:
http://www.ossec.net/dcid/?p=42


Full changelog:

-Added support for IIS 6 log formats.
(Thanks Michael Starks for the logs).

-Added support for Windows event log from Snare.
(Thanks Michael Starks for the logs).

-Added support for tabs (\t) in the regex library.

-FTS on windows logs now case insensitive.
(Thanks Michael Starks for the idea).

-Fixed bug on if_matched_group that was improperly
searching on the groups (causing false positives).

-Fixed wrong message on the stats notification
http://www.ossec.net/bugs/show_bug.cgi?id=36
(Thanks Wilfried <wilfried.werner@xx> for the report).

-Added support for hostnames in the server-ip configuration.
Use "server-hostname" to specify it.

-Added rules/decoders for Cisco VPN concentrator.

-Added rules for PIX VPN (AAA) logs
(Thanks Isaac Straley for the logs).

-Fixed bug where pending active responses were not
being removed after a clean shutdown.

-Fixed Apache decoder to make it work on countries
east of Greenwich.

-Added granular e-mail configuration options.
Extra email_alerts options can be added based
on the severity or event location. Example bellow
sends alerts to xx@xxxxxx for severities >= 10.

 <email_alerts>
   <email_to>xx@xxxxxx</email_to>
   <level>10</level>
 </email_alerts>

-Fixed error on SETGID_ERROR messages, causing manage_agents
to segfault. Thanks Robert Millan for the patch.

-Added "type sregex" for the ignore entries on syscheck. It
allows simple regular expressions (match style) to be used.

-Added check to ignore duplicated entries on syscheckd
ignore/registry_ignore entries.

-Fixed alert on syscheckd to handle the case when a file was
removed and then re-added back again (it was generating an
incorrect alert).

-Added "\$" escape on the os_regex library.

-Fixed issue with active-responses and the "analysisd" location.
Thanks to Marco Supino <Marco at praxell.com>  for the report.

-Added support for Solaris 10 and OpenBSD su messages.

-Added support for Symantec anti virus logs from the Windows event log.

-Fixed issue where child rules were not inheriting all the logs from
the parent. Thanks David J. Bianco for the report.

-Increased time out values for Windows agents.

-Improved Windows installer to use NSIS Modern UI.

-Add "-a" argument to syscheck-update, to update every agent.

-Improve manage-agents to clear the agent information during
removal.

-Removing some false positive entries from rootcheck.

-Added overwrite attribute to the rules. It allows an entire rule
to be overwritten.
Example to overwrite rule 1002:

 <rule id="1002" level="8" overwrite="yes">
   <match>Segmentation|XYZ</match>
   <description>Rule 1002 overwritten.</description>
 </rule>

Prev by Date: [ossec-dev] Re: OSSEC compile on Solaris 10 - sparc and Sun compilers
Next by Date: [ossec-dev] [Bug 37] New: Ossec in debug mode wont start
Previous by thread: [ossec-dev] Re: OSSEC compile on Solaris 10 - sparc and Sun compilers
Next by thread: [ossec-dev] [Bug 37] New: Ossec in debug mode wont start
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.