Skip to content

Latest commit

 

History

History
161 lines (129 loc) · 3.68 KB

CHANGELOG.md

File metadata and controls

161 lines (129 loc) · 3.68 KB
Raw

Change Log

All notable changes to this project will be documented in this file.

[v1.10] - 2016-??-??

Added

  • Rules/decoders:
  • Switch HP 5500.
  • Chrome Remote Desktop.
  • Fortigate.
  • OpenVPN.
  • ModSecurity for Nginx.
  • OpenSCAP.
  • Rootchecks:
  • CIS SLES 11 and 12.
  • ossec_ruleset.py. JSON output.

Changed

  • ossec_ruleset.py.

Fixed

  • Minor fixs in decoders/rules.
  • RH7 rootchecks.
  • Improved getgetawslog.py.

[v1.09] - 2016-05-12

Added

  • Decoders and rules for Amazon

Changed

  • Amazon directory structure.
  • Minor changes:
  • Apache and Nginx rules.
  • RH7 rootchecks.

[v1.08] - 2016-05-05

Added

  • Redis decoders and rules.
  • Rootchecks for RedHat 7.
  • SUDO and SSH decoders.

Changed

  • SSH and OSSEC rules.
  • Minor changes in ossec_ruleset.py.

[v1.07] - 2016-04-05

Added

  • Decoders and rules:
  • ossec-auth
  • OpenBSD SMTP
  • SSH
  • Postfix
  • ossec_ruleset.py: Option -d to update the ruleset from local files.

Changed

  • Apache Decoders
  • getawslogs.py: Executing with standard users.

[v1.06] - 2016-02-12

Added

  • Rules for Amazon VPC
  • USB Decoder and Rules
  • PCI Tagging for SSH rootchecks

Changed

  • ossec_ruleset.py: New interface.
  • Directory structure of Rootcheck
  • Netscreen Firewall decoder

Fixed

  • Syntax error in rootchecks.

[v1.05] - 2016-01-27

Fixed

  • ossec_ruleset.py:
    • Problem with installation path
    • New path: /var/ossec/**update/ruleset/**ossec_ruleset.py

[v1.04] - 2016-01-25

Added

  • New Rootcheck: SSH Hardening
  • New rules: ossec_ruleset.py rules
    • Alerts related to the execution of script ossec_ruleset.py
  • New rules and PCI Tagging for:
    • Amazon IAM
    • Amazon EC2

Changed

  • ossec_ruleset.py:
    • New format for ossec_ruleset.log
    • New path: /var/ossec/updater/ruleset
      • All files generated by the script are stored in this directory.
      • We recommend this path to the script: /var/ossec/updater/ruleset/ossec_ruleset.py

[v1.03] - 2016-01-08

Added

  • Amazon Decoders & Rules:
    • EC2
    • IAM
  • Auditd Rules
  • Shellshock rules
  • New rules for sudo
  • New rules for system
  • New decoder: web-accesslog-iis-default decoder
  • Folder tools:
    • amazon: Script getawslog.py to download the JSON file from S3 Bucket.
    • file-testing: Script file_test.py to check if a log file generates alerts
    • rules-testing: Script runtests.py to run unitary tests. Created by OSSEC.

Changed

  • Auditd Decoders
  • Minor changes in some decoders and rules.
  • Netscaler updated
  • ossec_ruleset.py fixes

[v1.02] - 2015-12-09

Added

  • Serv-U Decoders & Rules.

Changed

  • Directory structure: Decoders have been split.
  • Script ossec_ruleset.py v2:
    • Bug fixes.
    • Python 2.6 compatibility.
    • OSSEC 2.8.x compatibility.
    • Restore backups automatically.

Fixed

  • Some issues with windows decoder have been solved.

[v1.01] - 2015-11-24

Fixed

  • All sysmon decoders have windows as parent.

[v1.00] - 2015-11-21

Added

  • Puppet Decoders & Rules.
  • Compliance mapping with PCI DSS v3.1.
  • Netscaler Decoders & Rules.
  • ClamAV:
    • New decoder: Extract main fields (path, virus name, hash) when a virus is detected.
    • New rule: ClamAV Stopped.
    • New rule: Virus detected multiple times.
  • Sysmon decoders:
    • Decoder for the new log format of Event 1
    • Decoders for Events 2 - 8.
  • Script ossec_ruleset.py for installing and updating rules, decoders and rootcheck.

Changed

  • SSH Decoder modified to extract user name when invalid/illegal users trying to log in.
  • Sysmon Decoder for Event 1 modified (It allows use the new decoder added for this event).

[v0.00] - 2015-08-24

  • Inital version: OSSEC out-of-the-box rules, decoders and rootchecks.