OSSEC v2016-02: New rules options + GeoIP by default

One more release to keep the momentum going. Included the last work with the different_* option in the rules, along with MaxMind by default and new rules.

Key ones from Changelog:

Changes with 2016-02
-Feature: Added different_geoip and different_srcip rule types.
-Feature: Started to properly track the different_* usage so all logs have to be different.
-Feature: Added sshd rules using different_geoip to track some types of behaviour anomalies.
-Feature: Added rules to flag on shellshock activity.
-Feature: Added frequency option to logcollector commands. You can now specify hourly, or daily or any number of seconds.
-Feature: Added libgeoip from MaxMind by default and changed installation script to auto download the latest DB from them.
-Bug fixed: Multiple signatures cleanup and more sane defaults chosen.
-Deprecated: if_matched_regex as it was barely used and very slow.

You can download this release from: https://dcid.me/ossec

Full changelog: http://dcid.me/ossec-packages/CHANGELOG.txt

Posted in   ossec   releases     by Daniel Cid (dcid)

Coding for fun and profit. Often fun and little profit.