viernes, 18 de septiembre de 2009

Tools: OSSEC version 2.2 released

OSSEC es una plataforma de fuente abierta que ayuda a monitorear y controlar los sistemas.



OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.


La nueva versión trae las funcionalidades siguientes:
-Added support to vpopmail logs.
-Removed duplicated Apache log entry.
-Added validation checks on the email_to option.
-Added tool to proper validate if the system is little or big endian.
-Added option to rootcheck (specially to deal with large NFS shares and avoid scaning them).
-Added option to log every rootcheck event (not only the FTS ones).
-Fixed configuration error when no parameter was given to the agent.conf file.
-Added rules to ignore constant CRON login/logout alerts (happening on Debian/Ubuntu).
-Changed the way we handle Windows sockets to better handle shared files.
-Added support for roundcube logs.
-Added support for Netscreen alert (IDS) events.
-Added command line options to the manage_agents tool.
-Fixed issue of duplicated IP addresses on syscheck_control. (Patch by ddpbsd at gmail.com).
-Fixed the way we handle /0 netmasks on all the control tools.
-Added custom fine-grained entries to syscheck on Windows. The goal is to reduce the amount of directories check and increase usefulness.
-Added option to disable message id checks. Useful when you plan to reuse keys.
-Added support for Wordpress logs. They come from the wpsyslog2 plugin that we modified to log everything to syslog (from new posts, new comments, logins, logouts, etc).
-Added support for escaping "<" on the XML and regex libraries. -Fixed bug on syscheck_control where the zero/ignore options were not working on some systems. -Added support for Trend OSCE log files. -Fixed installation script on AIX to only use /bin/false if it is installed. -Fixed test log program that was using 100% CPU when cat/tailing a file to it. -Fixed logcollector seg fault when the agent.conf file is empty. -Added ossec rule to alert when the event log is cleared even on non-security event logs.


Web y descarga del proyecto

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here.

Post relacionado:
Top 5 Open Source Security Tools in the Enterprise

No hay comentarios: