It looks like I did a big mistake by releasing the web ui and not providing any screenshots of it. So, here they are (better later than never).
Main page of the UI:
Search options:
Integrity checking options:
If you want to share your screenshots, just send them to us and we will publish them here too. PHP developers to help with the project are also welcome!
I love OSSEC. Its just very cool software, I’ve got it running here, reading the logs from my centralized syslog-ng server, and I love it. I’m not overwhelmed (yet!) with alerts, but at the same time, they are there if I need them, and the Web UI seems to expose them very nicely.
Have you ever thought of using a real SQL database for storage? For tons of alerts it seems like the way to go, especially for the web UI as well, this would also mean you could run the Web UI from another system, and just have it us a connection (encrypted) to the database …
Also, regarding the file integrity monitor, it looks like it doesn’t check the permissions as part of its check? This would be useful for security as well as letting me keep myself in check, if i change permission on some files just to test something, its nice to know something is checking that.
Also, whats the procedure to tell OSSEC that a file system change is OK, and how to make stay an alert? If a file changes, and it should have, it seems like I just wait 3 checks, and then that becomes the new database. It would be more helpful (especially now with the web UI) to be able to maybe click something that says “these changes are ok” and let me keep the others until I either reverse them, or do some investiating, then add them to the baseline database. As it stands now, if something is OK, I’m forced to wait a few checks until OSSEC thinks its ok, but if something is not OK, after a few checks OSSEC thinks its ok too …. I’d like a little more flexibility
Again, with a SQL database, or possibly even something like bdb, it becomes a little easier to maintain state, as well as the stats OSSEC collects for the average number of logs in a day (which i think is very cool, and suprised me quite a bit the first time I saw it!).
I would be happy to help collaborate with anything I mentioned too!
I guess I should clarify, unfortunately, I’m not much of a programmer, but I do know my way around a database, and I’ve worked with quite a bit of different types of security programs, and databases.
Oops, disregard again, OSSEC does permissions, D’oh!
So you’re looking for php developers. Could you publish, or mail me a roadmap for the UI ?
I certainly have some ideas myself, but alas. I am short on time though, but well if i could see something like planned features and such I could at least take a look at what is do-able in my spare time.
Cheers,
Martijn
Ernie:
Thanks for all the suggestions. OSSEC does check the permissions, but the ui does not displays them (it also hides the file owner and group owner). It is mainly for “space” purposes, since I couldn’t fit it all on one line… Help is appreciated to fix that.
Martijn (and Ernie):
I posted our TODO list for the UI in the following link:
http://www.ossec.net/wiki/index.php/OSSECWUI#TODO_list
Any other suggestion can be added to that list. If you start working on something, feel free to modify the list and set the item as “under work”.
Thanks,
–
Daniel B. Cid
Very impressed with OSSEC but would like to see it support IDMEF a bit better.