-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathCHANGELOG
69 lines (57 loc) · 2.96 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
OSSEC dcid-fork changelog. This are the changes I have been pushing live
to my personal OSSEC fork. It is also integrating some changes we have done
for Sucuri's internal use.
Every few months we create a stable release with these changes mostly for
internal use, but it is open for anyone to get as well.
More details: https://dcid.me/ossec
Changes on Development branch
* Bug fix: Missing option on agent-auth help message and authentication.
* Feature: Logentries integration.
* Bug fix: Memory leak on read-alert (affecting maild, client-syslog and
integratord).
Changes with 2016-04
* Feature: Added a default temp (shared) password for os_authd
* Feature: Added detection of outdated CMSs on rootcheck: WordPress,
Joomla & Drupal.
* Feature: Added geoip change alerts by default on SSHD/WordPress rules.
* Feature: Added signatures to detect Darkleech, Cdorked and some common
web backdoors and linux malware.
* Feature: Added option to negate a pattern when using the OSMatch
library. Usage of ! at the beginning of the pattern will change the
behavior to return true when not found. Useful when writing subrules
when something is not present on the log.
* Bug fix: Glob() implementation on logcollector. Was very very slow if
you have a few hundred entries.
* Bug fix: Rootcheck sigs causing false positives on cpanel servers.
* Bug fix: Finding right OpenSSL path on Debian.
Changes with 2016-02
* Feature: Added different_geoip and different_srcip rule types.
* Feature: Started to properly track the different_* usage so all
logs have to be different.
* Feature: Added sshd rules using different_geoip to track some
types of behaviour anomalies.
* Feature: Added rules to flag on shellshock activity.
* Feature: Added frequency option to logcollector commands.
You can now specify hourly, or daily or any number of seconds.
* Feature: Added libgeoip from MaxMind by default and changed
installation script to auto download the latest DB from them.
* Bug fix: Multiple signatures cleanup and more sane defaults chosen.
* Deprecated: if_matched_regex as it was barely used and very slow.
Changes with 2015-12
* Feature: Added integratord
* Feature: Added slack and pagerduty support to integratord
* Feature: New signature for the Joomla RCE
* Bug fix: WordPress decoder to work with the latest plugin.
Changes with 2015-11
* Feature: Added GeoIP support by default
* Bug fix: Cleaned up noisy rules
* Bug fix: Segfault on reported when srcip filter was being used.
* Deprecated: Host deny active response.
Changes with 2015-04
* Feature: Added syslog-sources to agent control
* Bug fix: Cleaned up storage format from ossec decoder.
* Bug fix: Broken memory management on the ossec decoder.
* Bug fix: Removing noisy/useless web-based rules.
Changes with 2013-07
* Feature: Added hybrid mode to allow a install to be running in
local + agent mode.