SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ossec-hids-client-3.6.0-1.227.x86_64.rpm :

* Sun May 17 2020 larsAATTlinux-schulserver.de- update to 3.6.0 + Its that time of year again, our annual independent security audit! Joining our previous two years auditors, Apple Security and OVH Internet is security researcher Daniel McCarney (AATTcpu) who performed a very in depth analysis on our IDS engine updates (PCRE2, and more). With a project as critical as OSSEC in securing cloud and enterprise assets its very important to us to have independent assessments of the framework. So again we want to thank all of our auditors, old and new for their contribution to the project.- from 3.5.0 + This would have been a minor 3.4.1 update if it wasnt for Boris Lukashev of https://www.sempervictus.com contributing a much needed update to multi-line log analysis. Previous usage of multi-line in OSSEC in the past was limited in processing events that did not use indentiation, a fairly common modern practice for readability. This update adds a new type: multi-line_indented to handle this condition (Example: postgresql). + Maintenance fixes in this release also address issue #1781, which affected maild when calling an external program, and add support for Fedora 31- from 3.4.0 Big changes in this release add support for the following new platforms: + Debian buster + Fedora 30 + RHEL 8 + (Much awaited!) Centos 8 AATTjubois has completed the first round of pcre2 rule updates. This is a very exciting change to the overall IDS engine in OSSEC and opens the platform up to much more complex (and faster!) search functionality. + Last but not least, AATTddpbsd has a long awaited fix for agentd/maild when ipv6 is disabled and/or hostnames are used instead of IPs in PR#1698. Thanks again to all our community contributors, and dedicated team members for their work on this release!- from 3.3.0 + PCRE2, Jubois made a major update to the IDS foundation in OSSEC 3.3.0 with PCRE2 (https://www.pcre.org/current/doc/html/pcre2.html) library. This is an extremely powerful update to the overall pattern analysis functionaility in OSSEC. In order to build this with the native distribution pcre2 packages (pcre2-devel, etc), you will need to use: export PCRE2_SYSTEM=yes. This adds several new xml tags: o pcre2 (to replace regex) o match_pcre2 o program_name_pcre2 o prematch_pcre2 o srcgeoip_pcre2 o dstgeoip_pcre2 o srcport_pcre2 o dstport_pcre2 o user_pcre2 o url_pcre2 o id_pcre2 o status_pcre2 o hostname_pcre2 o extra_data_pcre2 + Dynamic Decoders, discussed in the \"Beyond Security\" talk at OSSECCON 2019, this allows for user-defined keys in decoders. These are exposed in JSON output for inclusion with other data analytics tools. This adds a new internal option: analysisd.decoder_order_size to define the maximum number keys allowed in a single decoder.- additional BuildRequires: libevent-devel & pcre2-devel- refreshed ossec-hids-location.patch- small spec file cleanup (removed commented out paths)- added ossec-hids-rpmlintrc
* Wed Feb 13 2019 tuukka.pasanenAATTilmi.fi- update to 3.2.0 The great JSON-in-ing has begun! New features in this release focus on extending JSON output support to control commands like agent_control, syscheck_control, and rootcheck_control. Additional extensions add support for archives.log in native json format, and improving the alert.json output. This release also also brings some much needed enhancements to ossec-authd to streamline the agent registration experience (thanks nhatking16591!), Bob-Andrews continues on major auditing improvements plus support for Solaris 11.- See rest releases: https://github.com/ossec/ossec-hids/releases- Update build process to new build system- Update patch \'ossec-hids-suse.init.patch\'.- Added GPG signature to verify source
* Thu Feb 07 2019 tuukka.pasanenAATTilmi.fi- openSUSE 15.0 and above doesn\'t use \'/var/adm/fillup-template\' They use %{_fillupdir}. Make chage to use macro not direct directory- Add fallback define %{_fillupdir} for openSUSE 42.3
* Mon Aug 01 2016 borisAATTsteki.net- update to 2.8.3 + \"This should fix eventchannel and hybrid.\" + update to 2.8.2
* Fix for CVE-2015-3222 which allows for root escalation via syscheck
* Tue Nov 25 2014 darinAATTdarins.net- update to 2.8.1
* NOTE: In terms of features this release is the same as OSSEC 2.8,
*EXCEPT
* it includes a fix for CVE-2014-5284 vulnerability discovered by Jeff Petersen of Roka Security LLC. Go to https://github.com/ossec/ossec-hids/releases/tag/2.8.1 for more information regarding this issue.
* Installation + Server - Avoided a crash of agentd on Solaris (danpop60) + Agent - Fixed manage_agents -f potential infinite loop (awiddersheim) - Added manage_agents -r to remove an agent (awiddersheim) - Allow NIX agents to use \"-f\" option and run in forground (awiddersheim) - Windows agent install/uninstall GUI enhancements (awiddersheim) - Windows agent_config profile fixed (gaelmuller) - Added eventchannel support for Windows agent on Vista or later (gaelmuller) - Many Windows agent bug fixes (awiddersheim)
* Syscheck + Extended filesize from an integer to a long integer + Make syscheck/analysisd/remoted.debug in internal_options.conf work (awiddersheim)
* ActiveResponse + Fix active-response on MAC OS Firewall (jknockaert)
* Log monitoring/analysis + Add option to allow the outputing of all alerts to a zeromq PUB socket in JSON format, using cJSON library (jrossi, justintime32). New Config: yes|no tcp://localhost:11111 + Add TimeGenerated to the output of Windows Event logs (awiddersheim) + os_net fixes, and code clean up in general (cgzones) + os_regex unit test cases added (cgzones) + os_xml review and fixes (cgzones)
* Rules and Decoders + Added some additional sshd rules in sshd_rules.xml (joshgarnett) + Removed bro-ids rules (ddpbsd) + Removed event ID 676, 672 in msauth_rules.xml (mstarks01)
* Contributions + zeromq_pubsub.py (jrossi) + ossec-eps.sh, a script to calculate events-per-second (mstarks01)- update ossec-zlib.patch- fix how {mysql,pg}.ossec-dbd are handled during build- removed ossec-remoted.patch, fixed upstream- removed old .spec and .changes
* Wed Jan 29 2014 darin.perusichAATTctg.com- Updated packaging to use /var/lib/ossec as the basedir- add sysconfig.ossec-hids, replacing /etc/ossec-init.conf, patched init/systemd scripts accordingly
* Wed Jan 15 2014 darin.perusichAATTctg.com- add %pre for systemd in client and server packages- moved rids to %files server as it requires the ossecr user- fixed ossec-hids.service, can\'t use env variables
* Tue Jan 14 2014 darin.perusichAATTctg.com- add support for systemd- much rpmlint cleanup
* Mon Jan 13 2014 darin.perusichAATTctg.com- Fix %post and %postun to use macro\'s and not call chkconfig, etc directly- Add su to logrotate- Add logrotate depend- moved update-alt to %post server- fix license
* Wed Dec 04 2013 darin.perusichAATTctg.com- install proper zlib-devel package for sles
* Mon Dec 02 2013 darinAATTdarins.net- patch for remoted segfault- set correct ownership of rids directory- bring back zlib patch
* Tue Nov 26 2013 darinAATTdarins.net- remove the zlib patch, ossec-remoted needs it
* Mon Nov 25 2013 darinAATTdarins.net- update to 2.7.1- significant reworking of .spec- add packaging for server-mysql and server-postgresql, using update-alternatives to switch between them
* Tue Oct 15 2013 ericAATTnixwizard.net- Updated to OSSEC 2.7 release
* Tue Jun 12 2012 ericAATTnixwizard.net- First OSSEC build hosted on the OpenSUSE build service
* Tue Jul 19 2011 frizAATTgodshell.com- Update to official 2.6.0 release
* Thu Jul 07 2011 frizAATTgodshell.com- Added cmoraes patch- - Adds config options for enabling/disabling rootkit/syscheck options- - Add support for agent config profiles
* Tue Jul 05 2011 frizAATTgodshell.com- Update to latest 2.6.0 from Mercurial
* Tue Jun 07 2011 frizAATTgodshell.com- Update to 2.6.0 Beta 1- - Added IPv6 support- - Lots of new rules (OpenBSD, Clamav, BRO-ids, active response logs, etc, etc)- - Added os-authd – Automatically creating and setting up the agent keys- - Added CEF support to client syslog- - Improved reporting for file changes- - Added option to Block repeated offenders with OSSEC
* Mon Feb 21 2011 frizAATTgodshell.com- Rebuild because I\'m an idiot
* Wed Oct 13 2010 frizAATTgodshell.com- Update to 2.5.1 Release- - Bugfixes
* Mon Oct 11 2010 frizAATTgodshell.com- Inadvertantly removed manage_client. This restores that.
* Tue Sep 28 2010 frizAATTgodshell.com- Update to 2.5 Release- 1. Added support for “report_changes” on syscheck to show what was- changed in the file modification alert.- 2. Added support for cdb lists inside the rules.- 3. Added support for drop-in rules and decoders directory.- 4. Added a Rule unit testing framework (in python) and inside logtest- 5. Added support for a generic multi-line log reader.- 6. Added granular Windows rules.- 7. Added option to restrict integrity checking to a set of files.- 8. Added alias option to the command monitoring.- 9. Added silent switch for windows installer.- 10. Added variable expansion in command output monitoring.- 11. Fixed several windows installer bugs.
* Fri Sep 10 2010 frizAATTgodshell.com- Update to 2.5 beta (100907)
* Wed Aug 18 2010 frizAATTgodshell.com- re-establish client-specific logcollector and syscheckd
* Thu Apr 29 2010 scottAATTatomicorp.com- Updated init and ossec-server scripts to support the new reload feature.
* Tue Apr 20 2010 scottAATTatomicrocketturtle.com- Update to 2.4.1
* Fri Apr 09 2010 scottAATTatomicrocketturtle.com- Added zabbix reporting active response
* Thu Apr 01 2010 scottAATTatomicrocketturtle.com- Update to 2.4 final- Lowered courier rule 3910 (failures) from 6 over 240 to 10 over 10- Lowered courier rule 3911 (success) from 10 over 60 to 30 over 20
* Tue Mar 23 2010 scottAATTatomicrocketturtle.com- Rebuilt for atomic repo
* Mon Mar 22 2010 scottAATTatomicrocketturtle.com- Update to CVS 100317
* Thu Mar 11 2010 scottAATTatomicrocketturtle.com- Update to CVS 100311- Add decoder for denyhosts- Update asl_rules.xml to include denyhosts rules
* Tue Mar 09 2010 scottAATTatomicrocketturtle.com- Update to CVS 100309
* Fri Mar 05 2010 scottAATTatomicrocketturtle.com- Added new decoder for smtp_auth- Added rules to detect smtp_auth brute force attempts- Added rules to detect imap/pop brute force attempts
* Mon Dec 07 2009 scottAATTatomicrocketturtle.com- Updated ossec-server.conf to be in parity with the ASL config- Added templates dir for generating configs
  
ICM