Monthly Archives: July 2008

OSSEC on the OLPC

For those looking to install OSSEC on the OLPC (One Laptop per Child), I was able to do it without major issues. Their system is based on the Fedora 7, so I just had to install make, gcc and the … Continue reading

Posted in olpc, ossec | Leave a comment

Sending OSSEC alerts via syslog

This is a feature that was constantly asked and just now I was able to include it. Basically, it allows you to send the OSSEC alerts to one or more syslog servers (granularly). First, make sure to get the latest … Continue reading

Posted in ossec, v16 | 4 Comments

OSSEC on Microsoft Vista/Server 2008

I just finished adding support for Vista/Server 2008 on OSSEC. We had some server(manager)-side changes to understand the new events ids and lots of changes on the agent side. If you have any Vista or Server 2008, please help us … Continue reading

Posted in log analysis, ossec, v16, vista | 2 Comments

CIS benchmark tests

We just included support in the OSSEC Policy monitor to audit if a system is in compliance with the CIS Security Benchmarks (as of right now, only RHEL2-5, Fedora 1-5 and Debian/Ubuntu are supported – the other versions will be … Continue reading

Posted in cis, ossec, v16 | 4 Comments

Testing OSSEC rules

When you are troubleshooting OSSEC or trying to write new rules/decoders, the first problem most people have is how to test them. In the past, it would require manually restarting or creating a testing installation for it, but as from … Continue reading

Posted in ossec, v16 | 4 Comments

OSSEC v1.5.1 released

A bit of late news, but OSSEC version 1.5.1 was released last week. More information at http://www.ossec.net/main/ossec-v151-released

Posted in ossec | Leave a comment