https://github.com/ossec/ossec-hids/releases/tag/2.9.2
Changelog
Release Maintainers
Dan Parriott
Scott R. Shinn (Atomicorp, Inc.)
Whats New
New Rules / Decoders (Leo Feyer)
OpenBDS decoder
Exim decoder
Dovecot Rules
Exim Rules
Chrome remote Desktop Rules (Kevin Branch)
Netscreen Firewall Rules
OpenBSD rules
Updated Rules / Decoders (Leo Feyer)
ssh decoder
dropbear decoder
su decoder
vsftpd decoder
dovecot decoder
postfix decoder
pix decoder
apache decoder
windows decoder
Dovecot Rules
SSHd Rules
Syslog Rules
OSSEC 2.9.2 Released!
Re: OSSEC 2.9.2 Released!
Hi,
I downloaded the latest ossec-hids 2.9.2 for CentOS 7 and after configuring it didn't work out of the box.
There's syntax errors in /var/ossec/etc/ossec.conf on these lines:
<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt</system_audit>
ie. I had to change the three lines above to "/system_audit" as they were misspelled and stopped the agent from starting up due to the syntax errors.
I downloaded the latest ossec-hids 2.9.2 for CentOS 7 and after configuring it didn't work out of the box.
There's syntax errors in /var/ossec/etc/ossec.conf on these lines:
<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt</system_audit>
ie. I had to change the three lines above to "/system_audit" as they were misspelled and stopped the agent from starting up due to the syntax errors.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: OSSEC 2.9.2 Released!
Thanks for the report, we should have an update out for this one soon!
Re: OSSEC 2.9.2 Released!
The el6 versions of the ossec-* rpms are not being seen by createrepo (el7 is ok).
The el6 hosts won't update to 2.9.2 from 2.9.0 via yum from a local yum repo with the ossec-* rpms.
I'll admit that I cannot quite figure out why.
Is there possibly a problem with the way the rpms have been built?
Brian
The el6 hosts won't update to 2.9.2 from 2.9.0 via yum from a local yum repo with the ossec-* rpms.
I'll admit that I cannot quite figure out why.
Is there possibly a problem with the way the rpms have been built?
Brian
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: OSSEC 2.9.2 Released!
Could be an epoch tag that slipped in on an older version. I seem to recall that happened when some branch packages were published for a day or so to the repo.
Re: OSSEC 2.9.2 Released!
Hi Scott,
I am having trouble updating with ossec-hids-server_2.9.2-2154xenial_amd64.deb
root@OSSEC-Server:~# dpkg -i ossec-hids-server_2.9.2-2154xenial_amd64.deb
(Reading database ... 110592 files and directories currently installed.)
Preparing to unpack ossec-hids-server_2.9.2-2154xenial_amd64.deb ...
Unpacking ossec-hids-server (2.9.2-2154xenial) ...
dpkg: error processing archive ossec-hids-server_2.9.2-2154xenial_amd64.deb (--install):
trying to overwrite '/var/ossec/rules/vsftpd_rules.xml', which is also in package ossec-hids 2.8.3-4trusty
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
ossec-hids-server_2.9.2-2154xenial_amd64.deb
Thanks.
I am having trouble updating with ossec-hids-server_2.9.2-2154xenial_amd64.deb
root@OSSEC-Server:~# dpkg -i ossec-hids-server_2.9.2-2154xenial_amd64.deb
(Reading database ... 110592 files and directories currently installed.)
Preparing to unpack ossec-hids-server_2.9.2-2154xenial_amd64.deb ...
Unpacking ossec-hids-server (2.9.2-2154xenial) ...
dpkg: error processing archive ossec-hids-server_2.9.2-2154xenial_amd64.deb (--install):
trying to overwrite '/var/ossec/rules/vsftpd_rules.xml', which is also in package ossec-hids 2.8.3-4trusty
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
ossec-hids-server_2.9.2-2154xenial_amd64.deb
Thanks.