All notable changes to this project will be documented in this file.
- Rules/decoders:
- Switch HP 5500.
- Chrome Remote Desktop.
- Fortigate.
- OpenVPN.
- ModSecurity for Nginx.
- OpenSCAP.
- Rootchecks:
- CIS SLES 11 and 12.
- ossec_ruleset.py. JSON output.
- ossec_ruleset.py.
- Minor fixs in decoders/rules.
- RH7 rootchecks.
- Improved getgetawslog.py.
- Decoders and rules for Amazon
- Amazon directory structure.
- Minor changes:
- Apache and Nginx rules.
- RH7 rootchecks.
- Redis decoders and rules.
- Rootchecks for RedHat 7.
- SUDO and SSH decoders.
- SSH and OSSEC rules.
- Minor changes in ossec_ruleset.py.
- Decoders and rules:
- ossec-auth
- OpenBSD SMTP
- SSH
- Postfix
- ossec_ruleset.py: Option -d to update the ruleset from local files.
- Apache Decoders
- getawslogs.py: Executing with standard users.
- Rules for Amazon VPC
- USB Decoder and Rules
- PCI Tagging for SSH rootchecks
- ossec_ruleset.py: New interface.
- Directory structure of Rootcheck
- Netscreen Firewall decoder
- Syntax error in rootchecks.
- ossec_ruleset.py:
- Problem with installation path
- New path: /var/ossec/**update/ruleset/**ossec_ruleset.py
- New Rootcheck: SSH Hardening
- New rules: ossec_ruleset.py rules
- Alerts related to the execution of script ossec_ruleset.py
- New rules and PCI Tagging for:
- Amazon IAM
- Amazon EC2
- ossec_ruleset.py:
- New format for ossec_ruleset.log
- New path: /var/ossec/updater/ruleset
- All files generated by the script are stored in this directory.
- We recommend this path to the script: /var/ossec/updater/ruleset/ossec_ruleset.py
- Amazon Decoders & Rules:
- EC2
- IAM
- Auditd Rules
- Shellshock rules
- New rules for sudo
- New rules for system
- New decoder: web-accesslog-iis-default decoder
- Folder tools:
- amazon: Script getawslog.py to download the JSON file from S3 Bucket.
- file-testing: Script file_test.py to check if a log file generates alerts
- rules-testing: Script runtests.py to run unitary tests. Created by OSSEC.
- Auditd Decoders
- Minor changes in some decoders and rules.
- Netscaler updated
- ossec_ruleset.py fixes
- Serv-U Decoders & Rules.
- Directory structure: Decoders have been split.
- Script ossec_ruleset.py v2:
- Bug fixes.
- Python 2.6 compatibility.
- OSSEC 2.8.x compatibility.
- Restore backups automatically.
- Some issues with windows decoder have been solved.
- All sysmon decoders have windows as parent.
- Puppet Decoders & Rules.
- Compliance mapping with PCI DSS v3.1.
- Netscaler Decoders & Rules.
- ClamAV:
- New decoder: Extract main fields (path, virus name, hash) when a virus is detected.
- New rule: ClamAV Stopped.
- New rule: Virus detected multiple times.
- Sysmon decoders:
- Decoder for the new log format of Event 1
- Decoders for Events 2 - 8.
- Script ossec_ruleset.py for installing and updating rules, decoders and rootcheck.
- SSH Decoder modified to extract user name when invalid/illegal users trying to log in.
- Sysmon Decoder for Event 1 modified (It allows use the new decoder added for this event).
- Inital version: OSSEC out-of-the-box rules, decoders and rootchecks.