Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: OSSEC Version 2 available! - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OSSEC Version 2 available!

A reader wrote in to inform us that OSSEC version 2.0 has been released.  I haven't had a chance to play around with it yet, but I am looking forward to it.  It appears there is a bunch of new functionality.

From the OSSEC website...

"* Compiled Rules - Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
* Agentless Monitoring - Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
* New Language Support - We added support for the Dutch language in the install
* New Log Rules Support - We added support for Yum logs and fixed/improved many of the other rules for different messages.
* New reporting tool - We added a new tool to create and help generate reports"

For those of you who are not aware of OSSEC it is an open source log analysis tool that runs on Linux and provides file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

-- Rick Wanner rwanner at isc dot sans dot org


324 Posts
ISC Handler
Feb 28th 2009

Sign Up for Free or Log In to start participating in the conversation!