OSSEC v3.4.0 Release Notes
Release Date: 2019-10-18 // over 4 years ago-
OSSEC changelog (3.4.0) [email protected]
🚀 Release Maintainers
Dan Parriott
Scott R. Shinn (http://www.atomicorp.com)
Dominik Lisiak🚀 Contributors on this release
- (@ddpbsd) Dan Parriot - OSSEC Foundation
- (@bchavet) Ben Chavet - Community
- (@binrush) Rushan Shaymardanov - Community
- (@mikeroyal) Michael Royal - Community
- (@iasdeoupxe) - Community
- (@aquerubin) Antonio Querubin - Community
- (@Varstahl) Bruno Passeri - Community
- (@atomicturtle) Scott Shinn - OSSEC Foundation
- (@jubois) - Community
- (@almirb) Almir Bolduan - Community
🚀 Release notes
🚀 Big changes in this release add support for the following new platforms:
- Debian buster
- Fedora 30
- RHEL 8
- (Much awaited!) Centos 8
⚡️ @jubois has completed the first round of pcre2 rule updates. This is a very exciting change to the overall IDS engine in OSSEC and opens the platform up to much more complex (and faster!) search functionality.
🐧 Snapcraft.io universal linux packaging support (aka Snaps) allow for a universal OSSEC package across multiple linux distributions.
🚀 Last but not least, @ddpbsd has a long awaited fix for agentd/maild when ipv6 is disabled and/or hostnames are used instead of IPs in PR#1698. Thanks again to all our community contributors, and dedicated team members for their work on this release!
🆕 New Rules / Decoders
- ⚡️ (@aquerubin) Updated IPv4-dependent regexp in ownCloud decoders. PR#1697
- (@jubois) Fix Issue #1708 (Incorrect regex match) PR#1710
- (@jubois) PCRE2 rulefiles conversion PR#1711
- (@jubois) PCRE2 decoders conversion PR#1712
- (@aquerubin) Fix owncloud decoder PR#1724
- (@iasdeoupxe) Additional ownCloud decoder fix PR#1725
- (@iasdeoupxe) Second ownCloud decoder fix PR#1726
- (@ddpbsd) Adjust pix decoder and a firewall rule PR#1749
- (@binrush) Fixed missing same_source_ip in rule 11306 PR#1751 pureftpd
- (@ddpbsd) Addition to sshd rule, new ntpd rule PR#1757,
- (@ddpbsd) Fix rule IDs PR#1760 - openbsd_rules
General
- (@ddpbsd) syscheck, Try to silence the "Attempted to check FS status for" message. PR#1701
- (@ddpbsd) syscheck, Add some basic error handling to syscheck_control PR#1702
- (@ddpbsd) core, More unlink and fopen error handling in src/util PR#1703
- (@almirb) active-response,Added Cloudflare active-response script. PR#1709
- 🚚 (@Varstahl) cyslogd, csyslogd CEF – Remove duplicate parameters and fix discarded hashes PR#1713
- ⚡️ (@atomicturtle) - docs, Updating links, using https, conference links PR#1714
- (@Varstahl) cyslogd, Fix: csyslogd – CEF escaping / multi-line syslog
- (@ddpbsd) core, Check return values for unlink(2) calls PR#1733
- 🏗 (@mikeroyal) packaging, snap build support PR#1737
- 0️⃣ (@ddpbsd) core, Set PCRE2_SYSTEM to no by default. PR#1738
- 🚚 (@ddpbsd) logtest, Remove leading space from field names PR#1741
- (@bchavet) analysisd, Verify Googlebot PR#1752 , this is a code function in generic_samples.c
- 🛠 (@ddpbsd) analysisd, Free the lf->fields memory. PR#1758, fixes issue #1727
- ⚡️ (@ddpbsd) testing, Update some travis-ci bits PR#1759 - travis fixes