Dragan on Security

Availability of new version of OSSEC (Open Source Host-based Intrusion Detection System) has been announced today at SecurityFocus mail list dedicated to intrusion detection systems.

OSSEC performs log analysis, file integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

This new version comes with lots of new features, including:

• Support for OpenBSD PF logs.
• Support for compiled (c-based) decoders.
• New options for composite rules.
• Additional granular e-mail options: http://www.ossec.net/dcid/?p=75
• Option of SMS format in the e-mail output. 
• Support for Zeus WebServer logs.
• Support for daily/chained checksum of alert logs: http://www.ossec.net/wiki/index.php/Know_How:LogSign

A large re-design of the internal architecture of analysisd (ossec process responsible for decoding and analysis) has been completed, greatly improving performance and organization.

• More information at: http://www.ossec.net/wiki/index.php/News
• Changelog: http://www.ossec.net/announcements/v1.2-2007-05-16.txt
• Download the new version: http://www.ossec.net/en/downloads.html