2016-Feb-03 - OSSEC v2016-02: New rules options + GeoIP by defaultΒΆ

One more release to keep the momentum going. Included the last work with the different_* option in the rules, along with MaxMind by default and new rules.

Changelog:

Changes with 2016-02
-Feature: Added different_geoip and different_srcip rule types.
-Feature: Started to properly track the different_* usage so all logs have to be different.
-Feature: Added sshd rules using different_geoip to track some types of behaviour anomalies.
-Feature: Added rules to flag on shellshock activity.
-Feature: Added frequency option to logcollector commands. You can now specify hourly, or daily or any number of seconds.
-Feature: Added libgeoip from MaxMind by default and changed installation script to auto download the latest DB from them.
-Bug fixed: Multiple signatures cleanup and more sane defaults chosen.
-Deprecated: if_matched_regex as it was barely used and very slow.

You can download this release from: http://dcid.me/ossec

Full changelog: http://dcid.me/ossec-packages/CHANGELOG.txt

Enjoy!


By Daniel B. Cid - Tags: ossec - Notes index.

Quick Links

Social

External Projects