Download sections

Author: Jeremy Rossi

Diff for: Trend-Micro-Logo.jpg

@@ -0,0 +1,13 @@
+
+<ul class="nav nav-list">
+  <li>
+    <a href="http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/index.html">Deep Security</a> provides 
+    comprehensive agentless and agent-based data security across physical, virtual and cloud servers, as well as virtual desktops.
+
+    <a href="http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/index.html">
+      <img title="TrendMicro" src="Trend-Micro-Logo.jpg">
+    </a>
+
+    <p>Proud sponsor of the OSSEC Project</p>
+  </li>
+</ul>

Diff for: _templates/deepsecurity.html

@@ -240,7 +240,7 @@
     'blog*': ['recentposts.html', 'categories.html', 'archives.html', 'searchbox.html'],
     'docs/**': ['localtoc.html', 'searchbox.html'],
     'downloads*': ['localtoc.html'],
-    'index.html': [],
+    'index': ['recentposts.html'],
     '': [],
 }
 

Diff for: conf.py

@@ -2,24 +2,30 @@
 Downloads
 =========
 
+Source Downloads
+~~~~~~~~~~~~~~~~
 
 +--------------+-----------------------------------------------+-------+
 | latest development snapshots                                         |
 +==============+===============================================+=======+
-| server/agent | https://github.com/ossec/ossec-hids                   |
+| server/agent | https://github.com/ossec/ossec-hids/releases          |
 +--------------+-----------------------------------------------+-------+
-| web ui       | https://github.com/ossec/ossec-wui                    |
+| web ui       | https://github.com/ossec/ossec-wui/release            |
 +--------------+-----------------------------------------------+-------+
 | docs         | https://github.com/ossec/ossec-docs                   |
 +--------------+-----------------------------------------------+-------+
-| Latest Stable Release (2.8.1)                                        |
-+--------------+-----------------------------------------------+-------+
-| Server/Agent | https://github.com/ossec/ossec-hids           | CRC   |
-+--------------+-----------------------------------------------+-------+
-| Agent Windows| https://github.com/ossec/ossec-wui            | CRC   |
-+--------------+-----------------------------------------------+-------+
-| Virtual Appl | https://github.com/ossec/ossec-docs           | CRC   |
-+--------------+-----------------------------------------------+-------+
+
++--------------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------+
+| Latest Stable Release (2.8.1)                                                                                                                                               |
++===================+================================================================================================+========================================================+
+| Server/Agent Unix | `2.8.1.tar.gz <https://github.com/ossec/ossec-hids/archive/2.8.1.tar.gz>`_                     | `Checksum <files/ossec-hids-2.8.1-checksum.txt>`_      |
++-------------------+------------------------------------------------------------------------------------------------+--------------------------------------------------------+
+| Agent Windows     | `ossec-agent-win32-2.8.exe`_                                                                   | `Checksum <files/ossec-agent-win32-2.8-checksum.txt>`_ |
++-------------------+------------------------------------------------------------------------------------------------+--------------------------------------------------------+
+| Virtual Appl      | `ossec-vm-2.8.1.ova <http://www.ossec.net/files/ossec-vm-2.8.1.ova>`_                          | `Checksum <files/ossec-vm-2.8.1-checksum.txt>`_        |
++-------------------+------------------------------------------------------------------------------------------------+--------------------------------------------------------+
+
+.. _ossec-agent-win32-2.8.exe: https://github.com/ossec/ossec-hids/releases/download/v2.8.0/ossec-agent-win32-2.8.exe
 
 RPMs for RHEL, CentOS, Fedora and others
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -52,22 +58,6 @@ Available in the `AtomiCorp repository <http://www5.atomicorp.com/channels/ossec
 | All          | `6 - 20 <http://www5.atomicorp.com/channels/ossec/fedora/>`_               |
 +--------------+----------------------------------------------------------------------------+
 
-DEBs for Debian Wheezy, Jessie and Sid
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Available in the `AlienVault repository <http://ossec.alienvault.com/repos/apt/debian/pool/main/o/>`_.
-
-
-+-------------------------------------------------------------------------------------------+
-| Debian                                                                                    |
-+==============+============================================================================+
-| OSSEC Server | `Wheezy, Jessie, Sid <http://ossec.alienvault.com/repos/apt/debian/pool/main/o/ossec-hids/>`_ |
-+--------------+----------------------------------------------------------------------------+
-| OSSEC Agent  | `Wheezy, Jessie, Sid <http://ossec.alienvault.com/repos/apt/debian/pool/main/o/ossec-hids-agent/>`_ |
-+--------------+----------------------------------------------------------------------------+
-
-
-
 RPM Installation
 ================
 
@@ -79,6 +69,21 @@ To install with yum do the following:
     # yum install ossec-hids ossec-hids-server (or ossec-hids-client for the agent)
 
 
+DEBs for Debian Wheezy, Jessie and Sid
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Available in the `AlienVault repository <http://ossec.alienvault.com/repos/apt/debian/pool/main/o/>`_.
+
+
++--------------------------------------------------------------------------------------------------------------------+
+| Debian                                                                                                             |
++==============+=====================================================================================================+
+| OSSEC Server | `Wheezy, Jessie, Sid <http://ossec.alienvault.com/repos/apt/debian/pool/main/o/ossec-hids/>`_       |
++--------------+-----------------------------------------------------------------------------------------------------+
+| OSSEC Agent  | `Wheezy, Jessie, Sid <http://ossec.alienvault.com/repos/apt/debian/pool/main/o/ossec-hids-agent/>`_ |
++--------------+-----------------------------------------------------------------------------------------------------+
+
+
 DEB Installation
 ================
 
@@ -92,8 +97,9 @@ To install with apt-get do the following:
     # apt-get update
     # apt-get install ossec-hids  (or ossec-hids-agent)
 
+
 PGP key
-=======
+~~~~~~~
 
 Before you install any package from our project, we recommend that you
 verify it using our PGP key. Follow these two steps if you are not used
@@ -124,7 +130,7 @@ warning saying “gpg: Note: This key has expired!”, make sure to update
 the key and run the “import” command again (as specified above).
 
 Contribute back!
-----------------
+~~~~~~~~~~~~~~~~
 
 If you find ossec useful and would like to contribute back to the
 community, please contact us. We have a lot of work to do and any help

Diff for: downloads.rst

@@ -0,0 +1,53 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQINBE4bYxIBEAC296jKikGNwTq43gYNh/jD0J9DJbIULkUnxqPc9mGjn4zSqd4S
+vqPunLEQWZTGupNkW6xlty6MM5hXwFLJCGuoMqa8Ad+AS8ovf+Tf8+fjAzDOqrJH
+Yo8aeAnwvLxOQugKvT1qIImoOIU6CbvlZsl9kSTsrejVJ8tU+g7EYLx3cKHU4wJL
+iKJ6tpcxIwaXb0YTqtJHnoNIA20PKiTsXT5onQNX0xJfzYBbb+veJ8kVJ7jorPoH
+3epiSbDHppliyF1D+cJgfxPthAXdYWITl5jAcdlshaqopssJkWUyiDxL63ZGY9rM
+/pGQxQKydWAcMo64OAunlbXCT9x5IaVcVfM7TUw0hDv45QRMSnSMC0f7VrZENpcM
+nzxil1Y4AhaKKcmyIRxE1cKijm+CYf9bmArRsebiJiHP6K93iryOUfwNyPPNl5iG
+qWi1A7Kf2r8Q30feEHU//ySN/yeSP55nEV2MEkEDEUG6wctIbb0nl4lgK+5kMXmi
+4/C111DU4h8L/x4z2hfNXV6wfCq0mWzXDHGvGiHdaYypSwD8ny6qb8BnT/uLttUs
+eTClanJTnSKZQsTC0HWhZ8LEIIXLV64LB+vbj9nDx8YkEasxdNDFE5uw0l/7lwuM
+H6q6OWnQBdpELio93KCiWVUIkABK1YIjg1GicPaAhv48ZiSVPfnvDOR9jQARAQAB
+tB5EYW5pZWwgQi4gQ2lkIDxkY2lkQG9zc2VjLm5ldD6JAj4EEwECACgFAk4bYxIC
+GwMFCQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEEVrF8+jkBNRwPUP
+/Ryl+wNOQXt3DAmKV4EKbL52W2xhciePw3fHPjePRMQNrHw6zt4d16TulebLDhyJ
+tCM2RbH2WlHk2gUJvM2ItEdi+FFh5MYjfgjAzCqqE6+TmxBPA3NRWYBLLp/zUcDZ
+vhxWgiU0+Uj6M4DkeKu3M0LgG8JdWl3WzyvSYupOMnme7BSoQU4ctv41jCnEAlUb
+UA422Tzi3tWMUIqeGdUbdG92riu32s4E6zBcxUMNErVvTSPxWe1/FpVR/ckptCum
+wj+x2xMjtSexEAja6mXa3Iz02JFpYU4CgYNEepwAelH5duuOuFMrH+jeRrgsfeIm
+JKWdipzwyvea8WrXx7q4X3+2LskXp4QwwyxYjtZJmQoz1DSJHWtzd0Wxik1UuZPa
+Lpm8PtmlJYXuYCB2kWUEMX3/lNyZMtpbt2wDqAaHn2/4NF6gkC0DzDi9mLscBJDV
+lZL8C6aBPxQByFMpIVuhKlAjJe3PrpY1/oUs8JDwcCAqXpA3VA0NjLyLQi4aJQ2G
+Fy6p+lPMxo6qVe4OpJ+2yZuH2CAY5gDojca/TJRMdfsDBU1ZYfcyf4CmmvH/SesD
+j+7NS1ENR4Ujt5oVjHs0ApMebn/R1oR2M21YZVjrBv6B44Q8OL8b6A9Db0L2Q3nP
+3KUlX0g1SE7WRM8e7vL5bDD+/TILQc1ZxZyxMBSP9ovhuQINBE4bYxIBEADNCre/
+3Z9nnxIukzMj6PqZnsNU57dhUrvvujxieJa9wgm9h8c0fADn5UbxyEzQexMP4i7A
+voTrDKNZikuQyWK8BEtd5esyCUV5kgBF0u9x/KCZrto03/5uvZG2PNz5kUrO18fP
+AU/62P7epRl55lyPwYWGSVpMlsysmuu5SMW57JrXHgCSFqC8Kz3/3Qtfx2RfSkJD
+xZFH5BrThtvBvB36Ek4I105tfn7cF6OsgZxrkeRS56ZNmDJIOTF+Z/gRKmohPKQV
+jaADCOzInV9n0opyRtH3POghoDiDv35ecZpRGvSxuU5TizXJrJs7tF2IOL8nqCU/
+F0DZAczYSrRugfPX0Hx2s6+j+Rf8ElYxR/1YqJ57egMm6kloeOTRtGGfooCox0ZP
+2pdPT5mOiYucEWAw1L5OWcyXVO9cQ158NPcsTPTQEHZecRCQTHk2S1EvZ82SiiAL
+7QZ7feoSJNCv/+i5YAVHnuP8KNdz5575f5YKMhhUmVokXLl2HQhlGqmVNedfgyD2
+mZ6jT7h+v012kM4TGBPhZGVXoQjoPnzlFqQhovg/IrXKvs12/LyLkQhHR3XZqede
+3zesF1tbQluXmssnAWSWIrE3q+QoT22av4P3GxSabZYu1BooC7oI3rqXubFjwi7R
+oAu7CqYjRPDU5MbFIsjNC/BiCVbQQ2xMIaTZvwARAQABiQIlBBgBAgAPBQJOG2MS
+AhsMBQkJZgGAAAoJEEVrF8+jkBNRvMwQAI70gTIbmhEuz0D89pV9QD2b40d2TVuJ
++jeQChtD++5p73llavM9P4TNY+FSEbTFxXEl1hVFEdvJZAlpva0gWphjSSmVIUr5
+YSpFwp/MUpysLmHgVlVMQNukDBqULG+60BvPGWq5LeausmFcXC27AzxRR2F3/XKN
+8eV+eAH5Uqy8dRiMMAn86x0PB0A2xyjBZGsH769ucJgXYQIRRZ8wn/ol/imGlMfT
+5VdQ5fa8PwXFKnqYAWtMQafkafoYlKGvUS3hPJki/e/SCPjLLZXX8Xc/XgSYQu97
+UezZFJ0Km2lM5pwOu0d86WmiMnOA6GmIBg3wLBNR1kdccGF82z+EEWxA0Hh7hwxd
+U1ZhqeLUK71M95xZiq9Q+aXrJVs4eqtIFXRr1YAcfBkhiTDM5Vq936Ja7cxys6Nx
+HvL6Mkh//nRwfT8PufHPjZGAt+5OB37jLTOwQn6XZhXOIBVp/r3ezrVdrxbkiqTk
+YuypHZxt7csc4dFfMY4ZYQ2MWPHR+v0OJc63/gtP98/7TJjdx1BPEAYcfi7feRv6
+H2v0PtbKsgo1PRC+g/6LbHouBjXEEf7orrPzKxwNTLAno6rzFwlEYTLSqyGHBGpV
+OMTkBnvf7OQyMDtSnET66wgrgu1eS9eFGdftyYHjuSWBZJsHfwrlsQJz9z9fM6/p
+E3Tntif/Eivx
+=jcBw
+-----END PGP PUBLIC KEY BLOCK-----
+

Diff for: files/OSSEC-PGP-KEY.asc

@@ -0,0 +1,2 @@
+MD5(ossec-agent-win32-2.8.exe)= a699117d0ed77f88b3a8661644ee3efd
+SHA1(ossec-agent-win32-2.8.exe)= 5b8759b555c56c3ed8f360f2abccd69e3c097c2f

Diff for: files/ossec-agent-win32-2.8-checksum.txt

@@ -0,0 +1,2 @@
+MD5(ossec-hids-2.8.1.tar.gz)= c2ffd25180f760e366ab16eeb82ae382
+SHA1(ossec-hids-2.8.1.tar.gz)= 0ecf1df09558dc8bb4b6f65e1fb2ca7a7df9817c

Diff for: files/ossec-hids-2.8.1-checksum.txt

@@ -0,0 +1,87 @@
+Trend Micro, Inc.                                                  Sept 9, 2014
+--------------------------------------------------------------------------------
+                       OSSEC "v2.8.1" Release Note
+--------------------------------------------------------------------------------
+
+Summary of changes in v2.8.1
+
+=== NOTE: In terms of features this release is the same as OSSEC 2.8, *EXCEPT*
+          it includes a fix for CVE-2014-5284 vulnerability discovered by Jeff
+          Petersen of Roka Security LLC. 
+
+          Go to https://github.com/ossec/ossec-hids/releases/tag/2.8.1 for more
+          information regarding this issue. 
+
+=== Installation
+    == Server 
+	 - Avoided a crash of agentd on Solaris (danpop60)
+	 
+    == Agent 
+	 - Fixed manage_agents -f potential infinite loop (awiddersheim)
+	 - Added manage_agents -r <id> to remove an agent (awiddersheim)
+	 - Allow NIX agents to use "-f" option and run in forground (awiddersheim)
+	 
+     - Windows agent install/uninstall GUI enhancements (awiddersheim)
+	 - Windows agent_config profile fixed (gaelmuller)
+	 - Added eventchannel support for Windows agent on Vista or later (gaelmuller)
+	 - Many Windows agent bug fixes (awiddersheim)
+
+=== Syscheck
+    == Extended filesize from an integer to a long integer 
+	== Make syscheck/analysisd/remoted.debug in internal_options.conf work (awiddersheim)
+
+=== ActiveResponse 
+    == Fix active-response on MAC OS Firewall (jknockaert)
+
+=== Log monitoring/analysis
+	== Add option to allow the outputing of all alerts to a zeromq PUB socket 
+		in JSON format, using cJSON library (jrossi, justintime32). New Config:
+		<ossec>
+			<global>
+				<zeromq_output>yes|no</zeromq_output>
+				<zeromq_uri>tcp://localhost:11111</zeromq_uri>
+    == Add TimeGenerated to the output of Windows Event logs (awiddersheim)
+	== os_net fixes, and code clean up in general (cgzones)
+	== os_regex unit test cases added (cgzones)
+	== os_xml review and fixes  (cgzones)
+
+=== Rules and Decoders
+    == Added some additional sshd rules in sshd_rules.xml (joshgarnett)
+	== Removed bro-ids rules (ddpbsd)
+    == Removed event ID 676, 672 in msauth_rules.xml (mstarks01)
+
+=== Contributions 
+    == zeromq_pubsub.py (jrossi)
+	== ossec-eps.sh, a script to calculate events-per-second (mstarks01)
+
+
+OSSEC 2.8 CONTRIBUTORS (GitHub usernames in alphabetical order): 
+awiddersheim 
+Brad Lhotsky
+cgzones
+ChristianBeer
+danpop60 (Solaris fix)
+ddpbsd
+denied39
+dopefish
+gaelmuller 
+harshilmathur
+jbcheng
+jknockaert
+justintime32 
+Joshua Garnett
+harshilmathur
+hexinglun
+jrossi 
+labrown
+Micha Nasriachi
+mstarks01
+northox
+pdrakeweb
+reyjrar
+Santiago Bassett
+
+
+                               === END ===
+
+ 

Diff for: files/ossec-hids-2.8.1-release-note.txt

@@ -0,0 +1,2 @@
+MD5(ossec-vm-2.8.1.ova)= bf3a01045e81b407d4c284e82e5bbeb2
+SHA1(ossec-vm-2.8.1.ova)= fda0b8b8d13a91b7fc42ca14c4af47e6feb09215

Diff for: files/ossec-vm-2.8.1-checksum.txt

@@ -0,0 +1,59 @@
+OSSEC Virtual Appliance 2.8.1
+=============================
+
+1.  This virtual appliance contains the following facilities:
+   
+    - CentOS 6.5
+    - OSSEC 2.8.1
+    - OSSEC WebUI 0.8 Beta
+    - Elasticsearch 1.3.1
+    - Logstash 1.4.2
+    - Kibana 3.1.0 
+    - ElasticHQ monitoring plugin
+    - XAMPP 1.8.1
+
+2.  The virtual appliance is provided as an OVA which you can import into
+    most virtual systems.  We recommend using VirtualBox which can import
+    the OVA image directly.  We used VirtualBox to create this appliance 
+    and the OVA. 
+
+    NOTE: The VM can only be run on 64 bit systems.
+
+3.  To open the appliance, unzip the package with gunzip then open the 
+    ossec-virtual-appliance.ova in VirtualBox.  
+
+4.  The password for all the accounts on this system including root, user, 
+    OSSEC Web UI and phpMyAdmin is "_0ssec_". Note that the user name for 
+    the OSSEC Web UI is just "user" and for phpMyAdmin is "root".
+
+5.  Firefox is installed on this VM which includes links to the following:
+
+    - OSSEC Documentation 
+    - OSSEC Web UI
+    - OSSEC Logs (Kibana console to Elasticsearch)
+    - ElastiHQ managment console
+
+6.  OSSEC, OSSEC WebUI, and the ELK (Elasticsearch-Logstash-Kibana) stack
+    are all configured to work out of the box.  There are copies of OSSEC
+    agent for Linux and Windows that you can push out to systems that you
+    want to monitor.
+
+7.  Before installing an OSSEC agent, make sure you change the VM network
+    interface from NAT - the factory default - to bridged so that you will 
+    get an IP address from you network's DHCP server or set a static IP in 
+    the VM by configuring the network files on the CentOS system as you 
+    would any other Redhat derived Linux system.    
+
+8.  Although you don't have to change any ELK configuration settings, if
+    you feel the need to explore, the Elasticsearch system is installed 
+    in /usr/share/elasticsearch and the main configuration files are 
+    /etc/elasticsearch/elasticsearch.yml and /etc/sysconfig/elasticsearch. 
+    Similarly, Logstash is installed in /usr/share/logstash. 
+
+9.  XAMPP is installed in /opt/lampp. 
+
+10. OSSEC WebUI is installed in /opt/lampp/htdocs/ossec-wui and Kibana is 
+    installed in /opt/lampp/htdocs/kibana.
+
+11. You can start and stop ossec, elasticsearch, logstash, and xampp with
+    the 'service' command.