Author Archives: danielcid

OSSEC v2.6 is out!

OSSEC v2.6 was just released (finally :)) and you can get more details here: http://www.ossec.net/main/ossec-v2-6-released We are very happy to announce the availability of OSSEC version 2.6. This has been a long release cycle, but it is here now with … Continue reading

Posted in ossec, v2.6 | Tagged , | 3 Comments

OSSEC 2.6 beta-1 available

This has been a long release cycle, but OSSEC 2.6 BETA1 is now available. Helping us out testing the beta version is a great way to contribute back to the project and the best way to get started on it. … Continue reading

Posted in beta, ossec | 7 Comments

Improved reporting for file changes (OSSEC)

One that that always annoyed me on OSSEC was that ossec-reported didn’t list the file changes (from syscheck) and that I couldn’t use the filtering options in there for them. Well, that’s solved now :) On the latest OSSEC snapshot … Continue reading

Posted in ossec | 2 Comments

Running multiple OSSEC decoders on the same event

If you need to run multiple decoders on the same log to extract additional pieces of information (and at the same time do not affect the original decoder), we have a simple way to do so. Just create multiple child … Continue reading

Posted in ossec, v2.6 | 2 Comments

Blocking repeated offenders with OSSEC

By default OSSEC has a static timeout on our active response scripts. You specify the action and how long to block the IP Address: <active-response> <command>host-deny</command> <location>local</location> <level>6</level> <timeout>600</timeout> </active-response> Which works well for most of the time. However, if … Continue reading

Posted in ossec, v2.6 | 4 Comments

Automatically creating and setting up the agent keys

The complain I hear more often about OSSEC is related to how hard it is to setup the authentication keys between the agents and the manager. Each agent share a key-pair with the manager, so if you have a thousand … Continue reading

Posted in ossec | 15 Comments

OSSEC Award daemon

I just got that via the mail today: If you can’t see well from the image, it is a beautiful plaque from the OSSEC community (Michael Starks, I know it was your idea :)) and it says (in the OSSEC … Continue reading

Posted in ossec | Leave a comment

2WoO: Day 3: Contributing to OSSEC

There are many types of open source projects out there. Many have the code base open (GPL, BSD, etc), but not all of them have an open culture. On OSSEC, we try to be fully open. Not only the source … Continue reading

Posted in ossec | 2 Comments

Week of OSSEC (2WoO) – Oct 17-23

Taken from: http://www.ossec.net/main/week-of-ossec-2woo-oct-17-23 Week of OSSEC: Day -2 Michael Starks had the great idea to get everyone together and organize the second annual week of ossec. Last year he was the only one participating, but this year we hope to … Continue reading

Posted in ossec | Leave a comment

OSSC v2.5.1 released

Early this week we pushed OSSEC v2.5.1 out, but forgot to mention here in the blog. If you had issues with v2.5, you can download the new version here: http://www.ossec.net/main/downloads/ Some of the things we fixed/added: -Logcollector crashing when using … Continue reading

Posted in ossec, v2.5 | Leave a comment