Atomicorp

Security for Everyone
https://forums.atomicorp.com/

OSSEC 2.9.2 Released!

https://forums.atomicorp.com/viewtopic.php?t=8585

Page 1 of 1

OSSEC 2.9.2 Released!

Posted: Wed Aug 09, 2017 7:21 pm
by scott
https://github.com/ossec/ossec-hids/releases/tag/2.9.2

Changelog

Release Maintainers

Dan Parriott
Scott R. Shinn (Atomicorp, Inc.)

Whats New

New Rules / Decoders (Leo Feyer)
OpenBDS decoder
Exim decoder
Dovecot Rules
Exim Rules
Chrome remote Desktop Rules (Kevin Branch)
Netscreen Firewall Rules
OpenBSD rules

Updated Rules / Decoders (Leo Feyer)
ssh decoder
dropbear decoder
su decoder
vsftpd decoder
dovecot decoder
postfix decoder
pix decoder
apache decoder
windows decoder
Dovecot Rules
SSHd Rules
Syslog Rules

Re: OSSEC 2.9.2 Released!

Posted: Tue Aug 15, 2017 8:02 pm
by micoots
Hi,

I downloaded the latest ossec-hids 2.9.2 for CentOS 7 and after configuring it didn't work out of the box.

There's syntax errors in /var/ossec/etc/ossec.conf on these lines:

<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt</system_audit>

ie. I had to change the three lines above to "/system_audit" as they were misspelled and stopped the agent from starting up due to the syntax errors.

Re: OSSEC 2.9.2 Released!

Posted: Mon Aug 21, 2017 5:46 pm
by scott
Thanks for the report, we should have an update out for this one soon!

Re: OSSEC 2.9.2 Released!

Posted: Sun Oct 08, 2017 6:00 pm
by bchill
The el6 versions of the ossec-* rpms are not being seen by createrepo (el7 is ok).

The el6 hosts won't update to 2.9.2 from 2.9.0 via yum from a local yum repo with the ossec-* rpms.

I'll admit that I cannot quite figure out why.

Is there possibly a problem with the way the rpms have been built?

Brian

Re: OSSEC 2.9.2 Released!

Posted: Tue Oct 10, 2017 7:40 am
by scott
Could be an epoch tag that slipped in on an older version. I seem to recall that happened when some branch packages were published for a day or so to the repo.

Re: OSSEC 2.9.2 Released!

Posted: Tue Oct 31, 2017 2:19 pm
by jeffb255
Hi Scott,

I am having trouble updating with ossec-hids-server_2.9.2-2154xenial_amd64.deb

root@OSSEC-Server:~# dpkg -i ossec-hids-server_2.9.2-2154xenial_amd64.deb
(Reading database ... 110592 files and directories currently installed.)
Preparing to unpack ossec-hids-server_2.9.2-2154xenial_amd64.deb ...
Unpacking ossec-hids-server (2.9.2-2154xenial) ...
dpkg: error processing archive ossec-hids-server_2.9.2-2154xenial_amd64.deb (--install):
trying to overwrite '/var/ossec/rules/vsftpd_rules.xml', which is also in package ossec-hids 2.8.3-4trusty
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
ossec-hids-server_2.9.2-2154xenial_amd64.deb

Thanks.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited