Commits

Author Commit Message Labels Comments Date
Daniel Cid
Merged in joaorossifilho/ossec-hids (pull request #14) Reduced some code and added a 1 ip cache to avoid analysing repeated logs with same ip.
Joao...@gmail.com)
Reduced some code and added a 1 ip cache to avoid analysing repeated logs with same ip.
rmcapovilla
Merged dcid/ossec-hids into default
rmcapovilla
fixed OS version position
Daniel Cid
Merged in joaorossifilho/ossec-hids (pull request #13) Compiled rule "is_valid_search_box".
Joao...@gmail.com)
Compiled rule "is_valid_search_box". Checks if a search engine bot has compatible useragent and hostname.
rmcapovilla
Fix to prevent failures on adding/deleting IPs on active response on busy boxes
Daniel Cid
syslog-based sources on agent-control.
sucuri
Fixing agent-control to list syslog-based sources.
Daniel Cid
Fixing storage format. Removing duplicated entries.
Daniel Cid
Missing fp def.
Daniel Cid
Creating a agent-id file for remote syslog ossec msgs. Will have to add a config option to enable/disable it later.
Daniel Cid
Adding a sleep on the real time file mon. Was triggering too many FP's on vim editor.
Daniel Cid
Fixing broken memory management.
Daniel Cid
Fixing GEOIP error on servers without it installed.
Daniel Cid
Ignoring spam+ssh rule without an IP. Duplicated from the log already created by ssh.
Daniel Cid
Adding ngin emerg errors. Cleaning up old rules with very low freqs/timeframes.
Daniel Cid
Removing silly web-based detections. Too old and dont find anything useful.
Daniel Cid
1- Adding pagerduty notification. 2- Fixing yum rules that were not working. 3- Adding yum.log to be added by default.
Daniel Cid
Bumping v.
sucuri
Adding GeoIP support for rules/alerts. It also modifies the alerts to have: SRCIP: IP / Country / Region You can use srcgeoip and dstgeoip in the signatures to match a ip or region. *been using a modified versiob of it in production and handling a 10k+ events per second. So should be good to go live.
Daniel Cid
Cleaning up firewall-drop and removing host-deny (should not be used anymore).
Daniel Cid
Removing sql injection checks that cause too many FP.
Daniel Cid
Removing joomla from cms login. Too many fp.
Daniel Cid
Setting the proper return code for read-ossecalert.
Daniel Cid
Adding support for hybrid from preloaded-vars.
Daniel Cid
Allowing @ on agent names.
Daniel Cid
Fixing segfault on 64bit servers when syscheck is disabled.
Daniel Cid
Small changes to rules.
Daniel Cid
Removing rule that causes too many fp. And cleaning up firewall-drop for linux. If iptables fails is because of mem/cpu issues and keeping firewall-drop running only causes more usage there.
  1. Prev
  2. Next