SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ossec-hids-server-3.7.0-ill15500.40.10.x86_64.rpm :

* Thu Dec 14 2023 Tuukka Pasanen - Correcting path which is ossec-hids-3.7.0- Add patch ossec-hids-server_sh.patch + Patch makes sure that starting order is better: ossed-remoted now starts before ossec-logcollector. This is because starting ossec-logcollector can be too slow and ossec-analysisd requires ZeroMQ /queue/alerts/ar which is provided by ossec-remoted.
* Tue Apr 19 2022 Tuukka Pasanen - Update to 3.7.0- Spec changes + Remove %clean as it\'s depricated + Remove /etc/init/ossec-hids as it\'s depricated and systemd should be favored- from 3.6.0: + Add systemd journald support + Fix for building in some platfrom i.e Ubuntu Bionic arm64 and NetBSD + Add rootkits: Beurk, Jynx, Reptile + Maild rework with maxminddb. This retires usage of the EOL GEOIP library. + Add active response for Amazon AWS WAF + Add active response script for nftables
* Sun May 17 2020 Lars Vogdt - update to 3.6.0 + Its that time of year again, our annual independent security audit! Joining our previous two years auditors, Apple Security and OVH Internet is security researcher Daniel McCarney (AATTcpu) who performed a very in depth analysis on our IDS engine updates (PCRE2, and more). With a project as critical as OSSEC in securing cloud and enterprise assets its very important to us to have independent assessments of the framework. So again we want to thank all of our auditors, old and new for their contribution to the project.- from 3.5.0 + This would have been a minor 3.4.1 update if it wasnt for Boris Lukashev of https://www.sempervictus.com contributing a much needed update to multi-line log analysis. Previous usage of multi-line in OSSEC in the past was limited in processing events that did not use indentiation, a fairly common modern practice for readability. This update adds a new type: multi-line_indented to handle this condition (Example: postgresql). + Maintenance fixes in this release also address issue #1781, which affected maild when calling an external program, and add support for Fedora 31- from 3.4.0 Big changes in this release add support for the following new platforms: + Debian buster + Fedora 30 + RHEL 8 + (Much awaited!) Centos 8 AATTjubois has completed the first round of pcre2 rule updates. This is a very exciting change to the overall IDS engine in OSSEC and opens the platform up to much more complex (and faster!) search functionality. + Last but not least, AATTddpbsd has a long awaited fix for agentd/maild when ipv6 is disabled and/or hostnames are used instead of IPs in PR#1698. Thanks again to all our community contributors, and dedicated team members for their work on this release!- from 3.3.0 + PCRE2, Jubois made a major update to the IDS foundation in OSSEC 3.3.0 with PCRE2 (https://www.pcre.org/current/doc/html/pcre2.html) library. This is an extremely powerful update to the overall pattern analysis functionaility in OSSEC. In order to build this with the native distribution pcre2 packages (pcre2-devel, etc), you will need to use: export PCRE2_SYSTEM=yes. This adds several new xml tags: o pcre2 (to replace regex) o match_pcre2 o program_name_pcre2 o prematch_pcre2 o srcgeoip_pcre2 o dstgeoip_pcre2 o srcport_pcre2 o dstport_pcre2 o user_pcre2 o url_pcre2 o id_pcre2 o status_pcre2 o hostname_pcre2 o extra_data_pcre2 + Dynamic Decoders, discussed in the \"Beyond Security\" talk at OSSECCON 2019, this allows for user-defined keys in decoders. These are exposed in JSON output for inclusion with other data analytics tools. This adds a new internal option: analysisd.decoder_order_size to define the maximum number keys allowed in a single decoder.- additional BuildRequires: libevent-devel & pcre2-devel- refreshed ossec-hids-location.patch- small spec file cleanup (removed commented out paths)- added ossec-hids-rpmlintrc
* Wed Feb 13 2019 Tuukka Pasanen - update to 3.2.0 The great JSON-in-ing has begun! New features in this release focus on extending JSON output support to control commands like agent_control, syscheck_control, and rootcheck_control. Additional extensions add support for archives.log in native json format, and improving the alert.json output. This release also also brings some much needed enhancements to ossec-authd to streamline the agent registration experience (thanks nhatking16591!), Bob-Andrews continues on major auditing improvements plus support for Solaris 11.- See rest releases: https://github.com/ossec/ossec-hids/releases- Update build process to new build system- Update patch \'ossec-hids-suse.init.patch\'.- Added GPG signature to verify source
* Thu Feb 07 2019 Tuukka Pasanen - openSUSE 15.0 and above doesn\'t use \'/var/adm/fillup-template\' They use %{_fillupdir}. Make chage to use macro not direct directory- Add fallback define %{_fillupdir} for openSUSE 42.3
* Mon Aug 01 2016 borisAATTsteki.net- update to 2.8.3 + \"This should fix eventchannel and hybrid.\" + update to 2.8.2
* Fix for CVE-2015-3222 which allows for root escalation via syscheck
* Tue Nov 25 2014 darinAATTdarins.net- update to 2.8.1
* NOTE: In terms of features this release is the same as OSSEC 2.8,
*EXCEPT
* it includes a fix for CVE-2014-5284 vulnerability discovered by Jeff Petersen of Roka Security LLC. Go to https://github.com/ossec/ossec-hids/releases/tag/2.8.1 for more information regarding this issue.
* Installation + Server - Avoided a crash of agentd on Solaris (danpop60) + Agent - Fixed manage_agents -f potential infinite loop (awiddersheim) - Added manage_agents -r to remove an agent (awiddersheim) - Allow NIX agents to use \"-f\" option and run in forground (awiddersheim) - Windows agent install/uninstall GUI enhancements (awiddersheim) - Windows agent_config profile fixed (gaelmuller) - Added eventchannel support for Windows agent on Vista or later (gaelmuller) - Many Windows agent bug fixes (awiddersheim)
* Syscheck + Extended filesize from an integer to a long integer + Make syscheck/analysisd/remoted.debug in internal_options.conf work (awiddersheim)
* ActiveResponse + Fix active-response on MAC OS Firewall (jknockaert)
* Log monitoring/analysis + Add option to allow the outputing of all alerts to a zeromq PUB socket in JSON format, using cJSON library (jrossi, justintime32). New Config: yes|no tcp://localhost:11111 + Add TimeGenerated to the output of Windows Event logs (awiddersheim) + os_net fixes, and code clean up in general (cgzones) + os_regex unit test cases added (cgzones) + os_xml review and fixes (cgzones)
* Rules and Decoders + Added some additional sshd rules in sshd_rules.xml (joshgarnett) + Removed bro-ids rules (ddpbsd) + Removed event ID 676, 672 in msauth_rules.xml (mstarks01)
* Contributions + zeromq_pubsub.py (jrossi) + ossec-eps.sh, a script to calculate events-per-second (mstarks01)- update ossec-zlib.patch- fix how {mysql,pg}.ossec-dbd are handled during build- removed ossec-remoted.patch, fixed upstream- removed old .spec and .changes
* Wed Jan 29 2014 darin.perusichAATTctg.com- Updated packaging to use /var/lib/ossec as the basedir- add sysconfig.ossec-hids, replacing /etc/ossec-init.conf, patched init/systemd scripts accordingly
* Wed Jan 15 2014 darin.perusichAATTctg.com- add %pre for systemd in client and server packages- moved rids to %files server as it requires the ossecr user- fixed ossec-hids.service, can\'t use env variables
* Tue Jan 14 2014 darin.perusichAATTctg.com- add support for systemd- much rpmlint cleanup
  
ICM