Availability of new version of OSSEC (Open Source Host-based Intrusion Detection System) has been announced today at SecurityFocus mail list dedicated to intrusion detection systems.
OSSEC performs log analysis, file integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
This new version comes with lots of new features, including:
- Support for OpenBSD PF logs.
- Support for compiled (c-based) decoders.
- New options for composite rules.
- Additional granular e-mail options: http://www.ossec.net/dcid/?p=75
- Option of SMS format in the e-mail output.
- Support for Zeus WebServer logs.
- Support for daily/chained checksum of alert logs: http://www.ossec.net/wiki/index.php/Know_How:LogSign
A large re-design of the internal architecture of analysisd (ossec process responsible for decoding and analysis) has been completed, greatly improving performance and organization.
- More information at: http://www.ossec.net/wiki/index.php/News
- Changelog: http://www.ossec.net/announcements/v1.2-2007-05-16.txt
- Download the new version: http://www.ossec.net/en/downloads.html