OSSEC HIDS 1.6 Released
On September 1, OSSEC announced the release of the latest version of the OSSEC-HIDS tool (version 1.6). This release includes many notable new features including:
- Support for Microsoft Vista/Server 2008
- Performance and stability enhancements on Windows
- Active response on windows
- Upgraded rootkit checking
- Added support for more log formats
For a full list of upgrades and enhancements check out the change log. OSSEC can be downloaded from http://www.ossec.net/main/downloads.
This is the first major release since Third Brigade acquired OSSEC and it looks to be a pretty major upgrade. Third Brigade now provides commercial support for OSSEC, but the project remains free and open source software (FOSS).
OSSEC is an open source host based intrusion detection system. It is completely cross platform and works on Unix, Linux, Windows and Mac OS. For more information about OSSEC refer to my earlier blog post about it.
Lots of Bugs Reported
The OSSEC mailing list has been quite actively with reports of bugs in the new 1.6 release. The loudest complaint was that active response wasn't working properly in the Windows version. Daniel Cid wrote on Friday, September 5th:
Hi all,
I think I figured out what was going on. Depending on the argument (if
it had spaces),
the command to block would not be called properly. I am pretty sure it is fixed
on the following snapshot:http://www.ossec.net/files/snapshots/ossec-win32-080904.exe
Can you try with this version? You don't need to update the server,
just the agent side.*I will release a v1.6.1 soon with the fixes for some of the reported
bugs so far.Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
Looks like version 1.6.1 is going to be the "stable" release and perhaps 1.6 should have been listed as public beta.
Post new comment
All information copyright ©2007-8 Justin C. Klein Keane <justin@madirish.net>
