Category Archives: v16

OSSEC v1.6.1 released

From http://www.ossec.net/main/ossec-v161-released: ” We are pleased to announce the general availability of OSSEC version 1.6.1. This is a small version with bug fixes for some issues found on v1.6. For a list of features in the version 1.6, please visit: … Continue reading

Posted in ossec, v16 | Leave a comment

OSSEC v1.6 released

Direct from: http://www.ossec.net/main/ossec-v16-released ” We are pleased to announce the general availability of OSSEC version 1.6. This new version delivers the most comprehensive update to OSSEC in its history, with numerous new features and bug fixes, including: New multi-server architecture … Continue reading

Posted in ossec, v16 | Leave a comment

v1.6 BETA2 begins

If you would like to contribute to the project and don’t know how, beta testing our version 1.6 might be a good way to get started. The list of new features, bug fixes and packages to use are all available … Continue reading

Posted in ossec, v16 | 1 Comment

v1.6 Beta testing begins

If you would like to contribute to the project and don’t know how, beta testing our version 1.6 might be a good way to get started. The list of new features, bug fixes and packages to use are all available … Continue reading

Posted in ossec, v16 | 1 Comment

Active response on Windows

Another big feature that we never got around to implement until now. For version 1.6, OSSEC will come with the route-null.cmd script to block an IP address on Windows by modifying the route to it. To get started, you will … Continue reading

Posted in ossec, v16, windows | Leave a comment

Multi-server architecture

This is another feature that has been asked constantly for a long time and just now we got around to implement it. The idea is to allow one OSSEC server (manager) to parse the alerts from another one, creating a … Continue reading

Posted in ossec, v16 | Leave a comment

New tool: syscheck_control

Recently I have been focused on trying to make OSSEC more friendly and easier to manage. Last version (1.5) we added the agent_control tool (to manage the agents remotely), and for the v1.6, one of the new features is the … Continue reading

Posted in ossec, v16 | Leave a comment

Sending OSSEC alerts via syslog

This is a feature that was constantly asked and just now I was able to include it. Basically, it allows you to send the OSSEC alerts to one or more syslog servers (granularly). First, make sure to get the latest … Continue reading

Posted in ossec, v16 | 4 Comments

OSSEC on Microsoft Vista/Server 2008

I just finished adding support for Vista/Server 2008 on OSSEC. We had some server(manager)-side changes to understand the new events ids and lots of changes on the agent side. If you have any Vista or Server 2008, please help us … Continue reading

Posted in log analysis, ossec, v16, vista | 2 Comments

CIS benchmark tests

We just included support in the OSSEC Policy monitor to audit if a system is in compliance with the CIS Security Benchmarks (as of right now, only RHEL2-5, Fedora 1-5 and Debian/Ubuntu are supported – the other versions will be … Continue reading

Posted in cis, ossec, v16 | 4 Comments