OSSEC 2.9.2 Released!

Support/Development for OSSEC
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

OSSEC 2.9.2 Released!

Unread post by scott »

https://github.com/ossec/ossec-hids/releases/tag/2.9.2

Changelog

Release Maintainers

Dan Parriott
Scott R. Shinn (Atomicorp, Inc.)

Whats New

New Rules / Decoders (Leo Feyer)
OpenBDS decoder
Exim decoder
Dovecot Rules
Exim Rules
Chrome remote Desktop Rules (Kevin Branch)
Netscreen Firewall Rules
OpenBSD rules

Updated Rules / Decoders (Leo Feyer)
ssh decoder
dropbear decoder
su decoder
vsftpd decoder
dovecot decoder
postfix decoder
pix decoder
apache decoder
windows decoder
Dovecot Rules
SSHd Rules
Syslog Rules
micoots
Forum User
Forum User
Posts: 5
Joined: Thu Dec 01, 2016 4:46 am
Location: Sydney

Re: OSSEC 2.9.2 Released!

Unread post by micoots »

Hi,

I downloaded the latest ossec-hids 2.9.2 for CentOS 7 and after configuring it didn't work out of the box.

There's syntax errors in /var/ossec/etc/ossec.conf on these lines:

<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt</system_audit>

ie. I had to change the three lines above to "/system_audit" as they were misspelled and stopped the agent from starting up due to the syntax errors.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: OSSEC 2.9.2 Released!

Unread post by scott »

Thanks for the report, we should have an update out for this one soon!
bchill
New Forum User
New Forum User
Posts: 1
Joined: Sun Oct 08, 2017 5:49 pm
Location: Novato

Re: OSSEC 2.9.2 Released!

Unread post by bchill »

The el6 versions of the ossec-* rpms are not being seen by createrepo (el7 is ok).

The el6 hosts won't update to 2.9.2 from 2.9.0 via yum from a local yum repo with the ossec-* rpms.

I'll admit that I cannot quite figure out why.

Is there possibly a problem with the way the rpms have been built?

Brian
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: OSSEC 2.9.2 Released!

Unread post by scott »

Could be an epoch tag that slipped in on an older version. I seem to recall that happened when some branch packages were published for a day or so to the repo.
jeffb255
New Forum User
New Forum User
Posts: 1
Joined: Tue Oct 31, 2017 2:06 pm
Location: NY

Re: OSSEC 2.9.2 Released!

Unread post by jeffb255 »

Hi Scott,

I am having trouble updating with ossec-hids-server_2.9.2-2154xenial_amd64.deb

root@OSSEC-Server:~# dpkg -i ossec-hids-server_2.9.2-2154xenial_amd64.deb
(Reading database ... 110592 files and directories currently installed.)
Preparing to unpack ossec-hids-server_2.9.2-2154xenial_amd64.deb ...
Unpacking ossec-hids-server (2.9.2-2154xenial) ...
dpkg: error processing archive ossec-hids-server_2.9.2-2154xenial_amd64.deb (--install):
trying to overwrite '/var/ossec/rules/vsftpd_rules.xml', which is also in package ossec-hids 2.8.3-4trusty
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
ossec-hids-server_2.9.2-2154xenial_amd64.deb

Thanks.
Post Reply