Monthly Archives: July 2008

OSSEC on the OLPC

Posted on July 29, 2008 by danielcid

For those looking to install OSSEC on the OLPC (One Laptop per Child), I was able to do it without major issues. Their system is based on the Fedora 7, so I just had to install make, gcc and the … Continue reading →

Posted in olpc, ossec | Leave a comment

Sending OSSEC alerts via syslog

Posted on July 25, 2008 by danielcid

This is a feature that was constantly asked and just now I was able to include it. Basically, it allows you to send the OSSEC alerts to one or more syslog servers (granularly). First, make sure to get the latest … Continue reading →

Posted in ossec, v16 | 4 Comments

OSSEC on Microsoft Vista/Server 2008

Posted on July 21, 2008 by danielcid

I just finished adding support for Vista/Server 2008 on OSSEC. We had some server(manager)-side changes to understand the new events ids and lots of changes on the agent side. If you have any Vista or Server 2008, please help us … Continue reading →

Posted in log analysis, ossec, v16, vista | 2 Comments

CIS benchmark tests

Posted on July 10, 2008 by danielcid

We just included support in the OSSEC Policy monitor to audit if a system is in compliance with the CIS Security Benchmarks (as of right now, only RHEL2-5, Fedora 1-5 and Debian/Ubuntu are supported – the other versions will be … Continue reading →

Posted in cis, ossec, v16 | 4 Comments

Testing OSSEC rules

Posted on July 4, 2008 by danielcid

When you are troubleshooting OSSEC or trying to write new rules/decoders, the first problem most people have is how to test them. In the past, it would require manually restarting or creating a testing installation for it, but as from … Continue reading →

Posted in ossec, v16 | 4 Comments

OSSEC v1.5.1 released

Posted on July 4, 2008 by danielcid

A bit of late news, but OSSEC version 1.5.1 was released last week. More information at http://www.ossec.net/main/ossec-v151-released

Posted in ossec | Leave a comment