Page 1 of 1
OSSEC 2.9.2 Released!
Posted: Wed Aug 09, 2017 7:21 pm
by scott
https://github.com/ossec/ossec-hids/releases/tag/2.9.2
Changelog
Release Maintainers
Dan Parriott
Scott R. Shinn (Atomicorp, Inc.)
Whats New
New Rules / Decoders (Leo Feyer)
OpenBDS decoder
Exim decoder
Dovecot Rules
Exim Rules
Chrome remote Desktop Rules (Kevin Branch)
Netscreen Firewall Rules
OpenBSD rules
Updated Rules / Decoders (Leo Feyer)
ssh decoder
dropbear decoder
su decoder
vsftpd decoder
dovecot decoder
postfix decoder
pix decoder
apache decoder
windows decoder
Dovecot Rules
SSHd Rules
Syslog Rules
Re: OSSEC 2.9.2 Released!
Posted: Tue Aug 15, 2017 8:02 pm
by micoots
Hi,
I downloaded the latest ossec-hids 2.9.2 for CentOS 7 and after configuring it didn't work out of the box.
There's syntax errors in /var/ossec/etc/ossec.conf on these lines:
<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt</system_audit>
ie. I had to change the three lines above to "/system_audit" as they were misspelled and stopped the agent from starting up due to the syntax errors.
Re: OSSEC 2.9.2 Released!
Posted: Mon Aug 21, 2017 5:46 pm
by scott
Thanks for the report, we should have an update out for this one soon!
Re: OSSEC 2.9.2 Released!
Posted: Sun Oct 08, 2017 6:00 pm
by bchill
The el6 versions of the ossec-* rpms are not being seen by createrepo (el7 is ok).
The el6 hosts won't update to 2.9.2 from 2.9.0 via yum from a local yum repo with the ossec-* rpms.
I'll admit that I cannot quite figure out why.
Is there possibly a problem with the way the rpms have been built?
Brian
Re: OSSEC 2.9.2 Released!
Posted: Tue Oct 10, 2017 7:40 am
by scott
Could be an epoch tag that slipped in on an older version. I seem to recall that happened when some branch packages were published for a day or so to the repo.
Re: OSSEC 2.9.2 Released!
Posted: Tue Oct 31, 2017 2:19 pm
by jeffb255
Hi Scott,
I am having trouble updating with ossec-hids-server_2.9.2-2154xenial_amd64.deb
root@OSSEC-Server:~# dpkg -i ossec-hids-server_2.9.2-2154xenial_amd64.deb
(Reading database ... 110592 files and directories currently installed.)
Preparing to unpack ossec-hids-server_2.9.2-2154xenial_amd64.deb ...
Unpacking ossec-hids-server (2.9.2-2154xenial) ...
dpkg: error processing archive ossec-hids-server_2.9.2-2154xenial_amd64.deb (--install):
trying to overwrite '/var/ossec/rules/vsftpd_rules.xml', which is also in package ossec-hids 2.8.3-4trusty
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
ossec-hids-server_2.9.2-2154xenial_amd64.deb
Thanks.