Friday, July 11, 2014

OSSEC pull requests

Since switching to github OSSEC has made some decent progress. Changes big and small have been submitted, and most of them were accepted. It's been great so far.

The biggest problem I've noticed is that I see the same names over and over. There aren't a lot of users submitting patches or issues (especially without prompting). I definitely don't see a lot of users commenting on issues and pull requests, and I think that needs to change.

The OSSEC development team is very small, and we have limited access to resources (especially time). It would be great if other users started testing out some of these changes, and report successes and failures. I've started posting links to some pull requests on twitter in the hopes of interesting people who use those bits of OSSEC.

The ones I pointed out are:

I know everyone has limited time, but it would benefit a lot of people to get some testing done. Not testing the bits you use can hurt you down the road. I hope to see some new usernames in the future!

Thursday, June 5, 2014

OSSEC 2.8 was released

It was kinda quiet, but OSSEC 2.8 was released.

Check the release notes here.

The only thing I want to point out with this release is the removal of rules/bro-ids_rules.xml. It was incomplete, old, and incorrect. Unfortunately, removing the file was probably the wrong way to move on. If you have problems starting OSSEC after an upgrade, make sure that file exists or isn't mentioned in etc/ossec.conf.

A big thanks to all of the contributors, new and old. There's a lot of interest in OSSEC, and it's great to see.

If anyone sees any issues with the documentation, let me know (on the mailing list or create an issue/pull request on ).

Download 2.8 here