OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
New in this release:
- Added support for Windows firewall logs
- Improved pix rules
- More named rules
- Fixed description with typos
- Fixed command line options for list_agent
- Changed logcollector behavior for checking file rotation
- Changed logcollector behavior for checking if the file has more data. We are now forcing an fgetc and looking for EOF (old method using stats was broken on some Windows versions)
- Fixed problem with Endianess on some platforms (specially Linux sparc)
- Fixed rotation issue for log files with a variable name
- Windows agent should not exit if syscheck is disabled
- Fixed alert level on e-mail messages
- Added more modsecurity rules
- Added support for HP-UX
- Added support for Microsoft FTP logs
- Added support for Microsoft Exchange logs (IIS SMTP)
- More rules for sendmail (rejected due to pre-greeting)
To download the new version:
http://www.ossec.net/en/downloads.html
More information at:
http://www.ossec.net