OSSEC v3.6.0 Release Notes

Release Date: 2020-02-14 // over 4 years ago
  • OSSEC changelog (3.6.0) [email protected]

    ๐Ÿš€ Release Maintainers

    Dan Parriott

    Scott R. Shinn (http://www.atomicorp.com)

    ๐Ÿš€ Contributors on this release

    ๐Ÿš€ Release Notes

    ๐Ÿš‘ Its that time of year again, our annual independent security audit! Joining our previous two years auditors, Apple Security and OVH Internet is security researcher Daniel McCarney (@cpu) who performed a very in depth analysis on our IDS engine updates (PCRE2, and more). With a project as critical as OSSEC in securing cloud and enterprise assets its very important to us to have independent assessments of the framework. So again we want to thank all of our auditors, old and new for their contribution to the project.

    โœ… Coder? Tester? Enthusiast? If you're interested in joining our team, or just interacting with the OSSEC community , email us for a slack invite at: [email protected]

    General

    • @ddpbsd - ossec-dbd, Add help output to dbd, #1833
    • โšก๏ธ @NicolasCARPi - INSTALL, updating depenency list,
      #1832
    • @cpu - PCRE2, refuse to compile empty PCRE2 patterns, fix for Issue #1811, #1826
    • @cpu, analysisd, resolves CVE-2020-8442 Issue #1820, #1825
    • @cpu, analysisd, resolves CVE-2020-8443 Issue #1816, #1824
    • @cpu, analysisd, resolves CVE-2020-8448 Issue #1815, #1823
    • @cpu, Makefile, fix for DEBUGAD, #1822
    • @jknockaert - dropbear rules, limit brute force rule to dropbear, #1803
    • @mwidman, analysisd, Added non-standard Sophos UTM syslog timestamp format to pre-decoding. , #1794
    • ๐ŸŒฒ @drsjb80 - configs, Added authentication log file location for debian-based systems , #1784
    • @ddpbsd - maild, Fix using a program to send mail, #1783

Previous changes from v3.5.0

  • OSSEC changelog (3.5.0) [email protected]

    ๐Ÿš€ Release Maintainers

    Dan Parriott
    Scott R. Shinn (http://www.atomicorp.com)
    Dominik Lisiak

    ๐Ÿš€ Contributors on this release

    ๐Ÿš€ Release notes:

    โšก๏ธ This would have been a minor 3.4.1 update if it wasnt for Boris Lukashev of https://www.sempervictus.com
    โšก๏ธ contributing a much needed update to multi-line log analysis. Previous usage of multi-line in OSSEC in
    the past was limited in processing events that did not use indentiation, a fairly common modern practice
    โšก๏ธ for readability. This update adds a new type: multi-line_indented to handle this condition (Example: postgresql).

    ๐Ÿš€ Maintenance fixes in this release also address issue #1781, which affected maild when calling an external program, and add support for Fedora 31

    Whats New:

    • ๐Ÿ‘ (@atomicturtle) - Fedora 31 Support
    • ๐Ÿ”Š (@sempervictus) - Implement multi-line collection for indented logs #1780
    • ๐ŸŒฒ (@drsjb80) - Added authentication log file location for debian-based systems #1784

    General

    • (@ddpbsd) - Fix for Issue #1781, corrects issues with program sending mail