í«îÛ    ossec-hids-agent-0:2.9.3-3861.el7.art                                               Ž­è          $   >           è            ì           n\òhwÎæs[Üî!í   >   ÿÿÿÐ       Ž­è       =  V<   ?     V,      d            è           é           ê           ë      (     ì   	   ,     í   	   B     î      À     ï      Ä     ñ      è     ó      ì     ö          ÷          ø   	  (     ü     C     ý     Y     þ     _           f          Ì                     Œ      	     Ì      
                Œ           ì                      Œ           -           Ñ          ø           x          ¤          Ð          Š          Ä          È          Ú     (     Û     8     ä   ’  9     ,   ’  :     .×   ’  >     P—     ?     PŸ     B     P§     G     P¼      H     Q<      I     Q¼      X     QÜ     Y     Qä     Z     R     [     R     \     R      ]     R˜      ^     Tê     b     Un     d     V     e     V
     f     V     l     V     “     V(   C ossec-hids-agent 2.9.3 3861.el7.art       The OSSEC HIDS Client The ossec-hids-agent package contains the agent part of the
OSSEC HIDS. Install this package on every system to be
monitored. Z©wï69ac4b58b6bb4f718069763b829a4ce8     http://www.ossec.net AGPL Atomicorp <support@atomicorp.com> System Environment/Daemons http://www.ossec.net/ linux x86_64 if [ $1 = 1 ]; then
	/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi

echo "TYPE=\"agent\"" >> /etc/ossec-init.conf

if [ ! -f  /var/ossec/etc/ossec.conf ]; then
  ln -sf ossec-agent.conf /var/ossec/etc/ossec.conf
fi

ln -sf /var/ossec/bin/ossec-client.sh /var/ossec/bin/ossec-control

# daemon trickery
ln -sf /var/ossec/bin/client-logcollector  /var/ossec/bin/ossec-logcollector 
ln -sf /var/ossec/bin/client-syscheckd  /var/ossec/bin/ossec-syscheckd 

touch /var/ossec/logs/ossec.log
chown ossec:ossec /var/ossec/logs/ossec.log
chmod 0664 /var/ossec/logs/ossec.log


#/sbin/service ossec-hids restart || : if [ $1 = 0 ]; then
  /sbin/chkconfig ossec-hids off
  /sbin/chkconfig --del ossec-hids

  /sbin/service ossec-hids stop || :

  rm -f /var/ossec/etc/localtime
  rm -f /var/ossec/etc/ossec.conf
  rm -f /var/ossec/bin/ossec-control
  rm -f /var/ossec/bin/ossec-logcollector 
  rm -f /var/ossec/bin/ossec-syscheckd 
fi       K  	Ë -  L˜ Ø |è ­(    ÛP    ê    *A  /å  Ò  'R  Šý  ƒ†  ¦  D2  †t  ˆA  >ø  a  ˆ    '  ¦  á   (   (   (€íhhhhhhh¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤AhAýAh                                                                Z©wÔZ©wÔZ©w×Z©w×Z©w×Z©w×Z©w×Z©wÔZ©w×Z©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔZ©wÔb33596fde2a4ad6430fc202553a8705a71e2f6a2f0ac4b4256a04f5f09bb3724 21630d0d8054768ffe6cb4463be91bb22a434cf8cecca98ac17506b0cb36b4cb bd0467eadc335241d3c45ebed110329e656eec9929af2122c1c6f06dbab6b748 c8f6e7355ed4bb8805b5a5d6aa3b5d7453a0ec62d3e2038aa1fae3c19ec086aa 568a58895ea9e8587df82dddcbe670bdb8156cc206822a1a34fc668e12a6e781 2487dcc42ce906d58af7c600dd8b5a1623bdda1c9d00fca77885905ac91d2d31 318199cad039bd743a7832a5998fd229d21a3d8e17530705924cf9347aa4b4fd 41af621f8bf01e37df8459853e6e8cf3ce5b46d2bc1ce1b57bf17ad27526d3ad 91149019f3100e3dfd9645df8c731b6833c044ef2b40cc37438272e527379a1a 92570e800098240e860ee952cc7855ec266c17e8b2238bb3871364bd31280cb8 31aabae3bfdebd4bb15344d2fde8a4397749d03f291d49c0dddb51fb0a22c5c7 e86acfd633f5293a39512002cb01fa175675abe9ad96f99df331444fd02c0f23 c1030b917aba0bc42b21ebb829eaa3cafb9081d55f533c676bf8708c0376bbeb b9303f2e8b46eb8c5ad7971e5f8a26ec5a2eefd3690989bcbeeab43ccb75a511 c6b5792d079a7569dadf04e66d749df8568ba9ba70607b392e126d389cf7741c ae8475d53363afa5a92cba7e4aef1d5470a0b7b2a2ac9a0978a012c0e3619d8f 85abbfeca400f7729195446af9ae8e80d8bf7d3c8bb56e6230bb2277808123ed 99e3972a8ecd98d9659a1086b2b0edcfc02a1f4f16e28550d3ef2517fe282e92 3471d91a28848f050cc940638f7aa21c60854610addc8aee44198ba37a62f11b 9b45b745cebb493c1c632de26cc6c6cdbe9294f6e04e09058ffdabb766b84a82 47fb6fdf6a9b880ed642356f284d1f6e828440502037890af53a020f8e2f723f 104fb993865c504a918d3016f14171369e90fc423f26b804b7f22c0868fc5ee5 7363a2dfd764883f5dd22c85c956f1352da1f8a562d91aa7e4a2d58973470610 8d133b8ff2bcb65bb139e742a7f72aa54236fd1602305a17b26ea0618d821d7d 03dc13aeb48ba253d9d4ac7bc05fa1d79cc2ae0bfb2b874a72a0e1e32ebb3a9f 067bdbfaa05b45c727a25e20a17409b06ef0e2db5059456a0abcc2e48581b820 7c0677b19985b30ca49d181b193e18cd8dfb66970b706d961745fba0a0217fca 34115106b827d27fe853daa0884e32c7f3936af3192a4a0a61f2811999678f00 96a357ae4c4871307da26f0649ada7e7c35b33d4ed08f9215790f3900eb207cf                                                                                                                                                                 root root root root root root root root root root root root ossec root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root ossec root root root root root root root root root root root root root root root root ossec ossec ossec ossec-hids-2.9.3-3861.el7.art.src.rpm  ÿÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿossec-hids-agent ossec-hids-agent(x86-64)                       	   
  
  
  
ossec-hids /sbin/chkconfig /sbin/chkconfig /sbin/service /sbin/service /bin/sh /bin/sh rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(CompressedFileNames) rpmlib(PayloadIsXz) 0:2.9.3-3861.el7.art       4.6.0-1 4.0-1 3.0.4-1 5.2-1        ossec-hids-server  4.11.3   XÑÀXœYÀXˆ“@TëÀTš@SêÀS¨ÀS[ÀS©@RðÖ@RËì@RÊšÀR±Ž@R®ë@RrF@RiÀRR¢@QûŸ@QöY@QÄ@@Q­ÖÀQ¬…@Q¬…@Qu&@Qu&@QkëÀQg÷@Q\ÀPõDÀPÅÎÀP¤Ù@P£‡ÀP@OàiÀOß@OÐ—ÀOÐ—ÀOŒ	ÀO„ ÀOpZ@N»¼ÀNS–@NK­@N;Û@N;Û@N6•@N-ZÀNåÀMõûÀMðµÀMìÁ@MäØ@MÞ@ÀMÁ?ÀM®ÊÀM¤>ÀMœUÀM›@MPÀLû~ÀLö8ÀLÎ«ÀLÎ«ÀLÊ·@LÉeÀLµŸ@L¤{ÀL¡ØÀLä@L›A@L—LÀL‡zÀL~@@L|îÀLvW@LmÀLa?@LR¾ÀL4l@LT@KÙtÀKÍ—@K¿ÀK´ŠÀK¨­@K§[ÀK˜Û@K–8@Kò@Kî@Kî@Jø@JÁöÀJÁöÀJ›»@J’€ÀJ‚®ÀJnè@JL¡@JIþ@J2C@J2C@J/ @J&eÀIõž@Ièo@Iã)@Iß4ÀIÜ‘ÀI¯¾ÀI§ÕÀI¦„@Iž›@IŒ&@IŠÔÀI‚ëÀI~÷@Híò@H¾|@Hc„ÀHM@H2½@H)‚ÀGJµ@GAzÀGV@Gm@FÞš@FÁ™@F¹°@F³ÀF®@Fr@Fq-ÀFI ÀF-ñ@EíWÀE®ÀEySÀEIÝÀE
ÀE 	ÀDí”ÀDÇY@D·‡@D®LÀSupport <support@atomicorp.com> - 2.9.0-50 Support <support@atomicorp.com> - 2.9.0-49 Support <support@atomicorp.com> - 2.9.0-48 Support <support@atomicorp.com> - 2.8.1-47 Support <support@atomicorp.com> - 2.8.0-46 Support <support@atomicorp.com> - 2.8.0-45.1 Support <support@atomicorp.com> - 2.8.0-45 Support <support@atomicorp.com> - 2.7.1-44 Support <support@atomicorp.com> - 2.7.1-43 Support <support@atomicorp.com> - 2.7.1-42 Support <support@atomicorp.com> - 2.7.1-41 Support <support@atomicorp.com> - 2.7.1-40 Support <support@atomicorp.com> - 2.7.1-36 Support <support@atomicorp.com> - 2.7.1-35 Support <support@atomicorp.com> - 2.7-34 Support <support@atomicorp.com> - 2.7-33 Support <support@atomicorp.com> - 2.7-32 Support <support@atomicorp.com> - 2.7-31 Support <support@atomicorp.com> - 2.7-30 Support <support@atomicorp.com> - 2.7-29 Support <support@atomicorp.com> - 2.7-28 Support <support@atomicorp.com> - 2.7-27 Support <support@atomicorp.com> - 2.7-26 Support <support@atomicorp.com> - 2.7-25 Support <support@atomicorp.com> - 2.7-24 Support <support@atomicorp.com> - 2.7-23 Support <support@atomicorp.com> - 2.7-22 Support <support@atomicorp.com> - 2.7-21 Support <support@atomicorp.com> - 2.7-20 Support <support@atomicorp.com> - 2.7-19 Support <support@atomicorp.com> - 2.7-17 Support <support@atomicorp.com> - 2.6-16 Support <support@atomicorp.com> - 2.6-15 Support <support@atomicorp.com> - 2.6-14 Support <support@atomicorp.com> - 2.6-13 Support <support@atomicorp.com> - 2.6-12 Support <support@atomicorp.com> - 2.6-11 Support <support@atomicorp.com> - 2.6-10 Support <support@atomicorp.com> - 2.6-9 Support <support@atomicorp.com> - 2.6-8 Support <support@atomicorp.com> - 2.6-7 Support <support@atomicorp.com> - 2.6-6 Support <support@atomicorp.com> - 2.6-5 Support <support@atomicorp.com> - 2.6-4 Support <support@atomicorp.com> - 2.6-3 Support <support@atomicorp.com> - 2.6-2 Support <support@atomicorp.com> - 2.6-1 Support <support@atomicorp.com> - 2.6.0-0.10 Support <support@atomicorp.com> - 2.6.0-0.9 Support <support@atomicorp.com> - 2.6.0-0.8 Support <support@atomicorp.com> - 2.6.0-0.7 Support <support@atomicorp.com> - 2.6.0-0.6 Support <support@atomicorp.com> - 2.6.0-0.5 Support <support@atomicorp.com> - 2.6.0-0.4 Support <support@atomicorp.com> - 2.6.0-0.3 Support <support@atomicorp.com> - 2.6.0-0.1 Support <support@atomicorp.com> - 2.5.1-10 Support <support@atomicorp.com> - 2.5.1-9 Support <support@atomicorp.com> - 2.5.1-8 Support <support@atomicorp.com> - 2.5.1-7 Support <support@atomicorp.com> - 2.5.1-6 Support <support@atomicorp.com> - 2.5.1-5 Support <support@atomicorp.com> - 2.5.1-4 Support <support@atomicorp.com> - 2.5.1-3 Support <support@atomicorp.com> - 2.5.1-2 Support <support@atomicorp.com> - 2.5.1-1 Support <support@atomicorp.com> - 2.5-1 Support <support@atomicorp.com> - 2.5-0.9 Support <support@atomicorp.com> - 2.5-0.8 Support <support@atomicorp.com> - 2.5-0.7 Support <support@atomicorp.com> - 2.5-0.6 Support <support@atomicorp.com> - 2.5-0.1 Support <support@atomicorp.com> - 2.4.1-11.2 Support <support@atomicorp.com> - 2.4.1-11.1 Support <support@atomicorp.com> - 2.4.1-10 Support <support@atomicorp.com> - 2.4.1-9 Support <support@atomicorp.com> - 2.4.1-8 Support <support@atomicorp.com> - 2.4.1-7 Support <support@atomicorp.com> - 2.4.1-6 Support <support@atomicorp.com> - 2.4.1-5 Support <support@atomicorp.com> - 2.4.1-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-0.2 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-0.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-8 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-7 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-6 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2.0.beta2.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2.0.beta1.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1.1-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1.1-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-11 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-10 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-9 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-8 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-7 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-6 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090225.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090220.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090206.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090205.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.99-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.99-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.6.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.6-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.4-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.4-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-8 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-7 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.0-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.0 Scott R. Shinn <scott@atomicrocketturtle.com> peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org - Change labels in alert mail headers to "ASL" - Update to Ossec 2.9.0 Final - Update to Ossec 2.9.0 - Update to 2.8.1. This is identical to 2.8.0-46, the only change is the hosts.deny CVE-2014-5284 is merged in. - Revert BR#1596
- Add Bugfix for hosts.deny race condition (CVE-2014-5284) - BR #1596, Add fork limiting patch (max 10) for execd to prevent DoS conditions - Upgrade to 2.8.0 - Feature Request #1512,  speed up shuns in execd, move sqlite down - Relink against native mysql - Add ar-tracking active response - Placeholder for null exclusion rules.  Legacy support - ASL 4 version with new database format - Add support for Fedora 20
- Modify optimization flags for FORTIFY - Update to 2.7.1
- Add independent rules.d/decoders.d ossec-rules package - FR#772, add rule 3360 for postfix slow brute force
-   add dovecot-decoder.patch for cpanel dovecot
-   Update 9702, 9753 for dovecot brute force
- FR#773, add rule 11308 for pure-ftp slow brute force
- FR#1347, Update for courier v4 decoder (pop3s)
- FR#1359, Update horde decoder for v5 - Disable ossec-dbd signature table (replaced by aslw_rules). This was very slow - Break ossec-dbd into separate package
- FR#1321, update courier-imap decoder for version 4.0 - Bugfix #XXX, prevent truncating last character on ossec-dbd database inserts on the alerts/data table - Add tld column to alert table w/ index - Deprecate internal id generation in dbd
- update schema to autoincrement, increase id space to int - Add is_hidden to mysql schema - Add if exists to mysql schema - Add os_dbd-mysql-replace-query.patch to consolidate SELECT/UPDATE into REPLACE sql - Consolidate alert & data into a common table
- Add ossec-authd init script - Add sqldelete command  to execd
- Update to clear sqlite db at startup - More minor updates to GeoIP tracking - Minor update to GeoIP tracking - Bugfix on permissions for files in shared/ directory for client installs
- Add GeoIP support
- Remove dependency on perl-DBD-SQLite
- Update asl-shun to new non-perl based version.
- Deprecate firewall-drop-update.patch
- Add sqlite support to execd (/var/ossec/var/execd.sqlite) - Update to 2.7 final - Feature Request #XXX, revert duplicate detection in log events to help detect extremely fast brute force attacks
- Add FORTIFY_SOURCE, PIE, and relro (full) - Update to 2.7-rc2 - Update to 2.7-rc1 - Move active response components under the common package - bugfix #xxx, correct ownership permissions on fts dir - Update to init script to suppress spurious execd output
- Add alerts queue to server package with ossec/ossec permissions - Bugfix #XXX, correct any/agentd condition - Moved agentless packages under server - Drop timeid and cat_id indexes from schema - Add new index, timeid to alerts table. - Add cmoraes patch, Adds config options for enabling/disabling rootkit/syscheck options, and agent config profiles
- Add ossec-memleaks patch
- Add agentless directories, and agent.conf
- Bugfix #XXX, ossec-hids.init will now return an exit code on status - Add prelink_cmd support - Bugfix #XXX, display multi-line events in data table correcty - Update to asl-shun.pl purge event to default to 24 hours. - Update to asl-shun.pl to change ordering of block rules
- Revert from 0805 snapshot - Update to 0805 snapshot - Update to 0801 snapshot
- Update asl-shun.pl to log to active-responses.log, blocks now go to the named chain ASL-ACTIVE-RESPONSE, and delete events are more redundant. - Update to OSSEC 2.6 Final - Update to snapshot 110711 - Update to snapshot 110613 - Update to snapshot 110609 - Update to snapshot 110606
- Moved ossecr user creation event to the ossec-hids core package - Update to snapshot 110531 - Update to snapshot 110526 - Update to snapshot 110504 - Bugfix #536, Increase the default sleep time for syscheck - Renamed to 2.6 branch - Add support for the rules/decoders dir system - Update to snapsot 110405
- Update asl-shun to support ossec alert ids - Changed asl-shun sqlite database to /var/ossec/var/blocklist3.sqlite
- asl-shun database format now stores the full alertid - Update to snapshot 101203 - Update to snapshot 101125 - Added alertid support to os_dbd, this involves a schema update - Added dst ip, src prt, and dst prt capture support to os_dbd - Bugfix #XXX, manage_agents was built in client mode for the server package. - Add clamav decoder & ruleset - Update to 2.5.1 final - Update to 2.5 final - Update to 0928 snapshot - Extended no_ar into ossec-dbd - Add no_ar option to disable active response per rule - Update to snapshot 100920 - Update snapshot to 100907 - Snapshot 100901 - Added test fix for os_dbd - Bugfix #376, ossec-control will now properly stop and reload - Update to 0809 snapshot - Relink against native mysql - Add minicon decoder from les fenison - Update to 100707 snapshot
- Feature Request #371, add ossec.log to logrotate - Updated to 100615 snapshot - Updated init and ossec-server scripts to support the new reload feature. - Update to 2.4.1 - Added zabbix reporting active response - Update to 2.4 final
- Lowered courier rule 3910 (failures) from 6 over 240 to 10 over 10
- Lowered courier rule 3911 (success) from 10 over 60 to 30 over 20 - Rebuilt for atomic repo - Update to CVS 100317 - Update to CVS 100311
- Add decoder for denyhosts
- Update asl_rules.xml to include denyhosts rules - Update to CVS 100309 - Added new decoder for smtp_auth
- Added rules to detect smtp_auth brute force attempts
- Added rules to detect imap/pop brute force attempts - Updated ossec-server.conf to be in parity with the ASL config
- Added templates dir for generating configs - Update to 2.3 release - Update to snapshot 091109 - Update to snapshot 091008 - Update to snapshot 090925
- Added timestamp field to the mysql schema
- Bugfix #XXX, for the ossec-client.init script to call the correct (renamed) ossec syscheckd/logcollector daemons
- Appologies for not updating the previous changelogs. Missed a few updates! - Update to snapshot 090827
- Feature Request #225, Added logrotate event to active-response log
- Updated system_audit_rcl.txt to look for the correct php.ini file - Update to 090824, beta 1 release - Update to 090812 snapshot - Rebuild agent daemons with -DCLIENT, added symlink trickery - update to 2.1.1 - update to 090630 snapshot, this has fixes for CentOS/RHEL 4 64-bit environments - update to 2.1 final - update to snapshot 090612 - update to snapshot 090610 - update to snapshot 090603 - Disable postgresql support, to get around an undesirable dependency on EL4 - Update to snapshot 090417 - Update to snapshot 090413 (this adds in inotify support) - Update to snapshot 090410 (this adds in inotify support) - Update to snapshot 090408 - Added authpsa rules back in, this is used to detect brute force attacks
- Added conditional building support for ASL modifications - Update to 2.0 official release - update to snapshot 090225 - update to snapshot 090220 - update to snapshot 090206 - update to snapshot 090205 - update to CVS code 090129, this is not an offical release. Its for testing only - update to CVS code 090126, this is not an offical release. Its for testing only - update to 1.6.1 - update to 1.6 - update to 1.5.1 - added mysql support - Added Stanislaw Polak's excellent ban-hackers script to manage shunning more intelligently. - update to 1.5 - fix on active-response locking bug that prevented some rules from expiring. - update to ossec 1.4 - update snapshot to ossec-hids-071011.tar.gz
- relinked C4, FC4, FC5 against mysql4 - update to snapshot ossec-hids-071006.tar.gz - update to shun blocklist tracking used by ASL
- added authpsa rules + decoder - update to 1.3 - minor adjustment in post, to check for config file before overwriting it - v6 was first version of the patch.
- added in logging in active-response for better ASL support
- Disabled conf event in post, to keep from overwriting config files. - changed permissions on queue/syscheck so it can be read by the ossec group (tweak for web gui) - removed the noreplace settings from decoder and the rules
- patch for a more ASL friendly client config - release -2 had a bug. 
- added ASL rules (asl_rules.xml)
- added decoder for the asl style modsecurity logging
- adjusted syslog_rules for qmail-scanner issue (BUG #ASL-18)
- Added http index in asl_rules.xml (BUG #ASL-7) - update to 1.2 - update to 1.1 - configuration change for ASL - updated to 1.0 - import into ART
- changed their naming conventions a bit, 0.9-3 to 0.9.3. Please dont be cross with me. - new version (0.9-3) - new version (0.9-2) - new version (0.9-1a) - new version (0.9-1) - new version (0.9) - some bugfixes - created /bin/sh /bin/sh ossec-hids-client                                                                                                                               	   
                                                                                                         0:2.9.3-3861.el7.art 0:2.9.3-3861.el7.art                                                                                                            ossec-init.conf ossec-hids agent-auth client-logcollector client-syscheckd manage_agent ossec-agentd ossec-client.sh ossec-execd internal_options.conf ossec-agent.conf ossec.conf.sample agent.conf cis_debian_linux_rcl.txt cis_mysql5-6_community_rcl.txt cis_mysql5-6_enterprise_rcl.txt cis_rhel5_linux_rcl.txt cis_rhel6_linux_rcl.txt cis_rhel7_linux_rcl.txt cis_rhel_linux_rcl.txt cis_sles11_linux_rcl.txt cis_sles12_linux_rcl.txt rootkit_files.txt rootkit_trojans.txt system_audit_rcl.txt system_audit_ssh.txt win_applications_rcl.txt win_audit_rcl.txt win_malware_rcl.txt alerts rids syscheck /etc/ /etc/rc.d/init.d/ /var/ossec/bin/ /var/ossec/etc/ /var/ossec/etc/shared/ /var/ossec/ossec-agent/etc/shared/ /var/ossec/queue/ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic drpm xz 2 x86_64-redhat-linux-gnu        ?   ÿÿü0   ý7zXZ  
áû¡ !   #¸‡,à8ˆè] "ÌkÀ%¥§lìÓ¥{ËØlså&ï²›Í:Py…¼j¸.óñ¹µ'€e#.spq—ìÃ.È¬?ÞÅBn¢jØ²Ó°âcƒ™
²\•7ò™'Ã íi$Ð´uÔ>©Ðé¾ª1‡>©ŒG(pH-Ø)Ž¶Ö³„k`Ýø´í“wi–=ã;‚¡/?h/6Sôa<—V¸ø=8ñœe NÒbé¨RÁÌ±(Ø>b¨YY|Y§ÀYÁJ6vr”ña…C–šöÂ|™¹ø–Ä+røy=%u™‚kË  q¶2c¯‹—[¹FÔ#õµÁ{HßV÷]}´o)¬Ò8v$úâlqRp:'hZ’ÌWÇöøŸ@Ânq
 ¯z÷æÊï¸¿èfÁqb). i¾Þ¸œk}8¥-—ô*e!ËQØà•R¢Ý•ÃÖb³§ªº¤ Ò©!ë–XC2…RXÅ¾(±›1ÜÖ±|‹$öÌX«åQ(OâÅgÝ^H·þQÄäLRó)VÔì5w®R)U÷ÿß.Š*AMÙ¾ÇNç1î†¿2‰H1"*!”]g=ÕlYäª59-7§"|qd¶YM÷CC*e‚yÈ4;nØóhgïŽÐªÁ«x£‡J3<‰“¡2Ô ˆŽCH%>€(aSxwÄÂQCÄCƒAÕÄÆ>Y_©spÇÿ‡´! —ä?0 È´iQë62£¯Zo$8³g?¾ñÑYäVÐÎÎó&Nyxÿ4>Z²9}¢ãÛ½ëVw±Ò•)j'Ï=.>4[DhÎ7’+b¥¦xàùy3P¦) 3–LŠ8´’BÂÇ5”&e‡ËMËýf›	VóPlýùË),*móPu•*„2âÏ©iJA(ŠKkg‹üì\¬s—I«A†xŠ,íÊvã ífUÒ¸‰XpC–õ:þ”O‘»½`Ô˜›ƒ"O@Ú=wP"g‡8³‘!å™Œk2ÿèñ2áÅèfPž	€)çšÊ¶ÿöÜrèOœí4o6›U½ÞÖÃ€qÞFïmöTJâ5h¾Ä"ÐKêz¿•7agðå}(håÑ¡$P)ÝŠ
~ßiÙHM¬+yÜäGX.”›sÇ?q0”g~áš‡ÑÓÃŠƒ?PgD‚o}(]L«Žƒõ1­þk>’iìºuQ+-Mx7IÆcöùÅŒ.¾D|Ší"" ÛiÃGA’CÄÔw^ª°[Ž¬Àúôˆ´r
rž!¤ãžE¤Þü"2‹*ZõŒÑEÚSQD”26Xo¿³F>-€º>ÀÏ5h´¶ô«™‡õVÿP]±t¨o
ê°Å_*ŒJRáRs¡Ê¼SÓÃýê
Ô°x©FôPÿô¬Y$Ú&LÿB5µ.&×•´™JeX,†ç e,v¢Í¢[g×éºžKµ}þý/& 8q›þQšMÏ±\¢cV9p§!†vúÝ\@ÁÉ¸eÓOPP¿v¢æ]lÂ¶g`\qÌQ+Ov*AÚÆ!ºWþ“ÀîHÒêé–Õ§VJ—¦»?h¯?žš»„p_3bÔ•¼áÜb?u`º±ŠƒbÀ	NÈ«y¢~u€±h¨‰—+“£þ1Öû8ÄU½zŸæ_ÈÓ%ïc€Î 8Gßû»#Å£ÑådUˆ¹sd¸×Ÿ:1Àz¤–RÀ¡¤#¿ühèH¨‡Â#Šæ?¤.˜%‡`VK_ähÈôáôÃ3²º¥(Aß”è‰%Dœ680·Þñ*¥“{p0ù”c–òµ*WHíb>Œ@T÷ŒçÔ=@OñÆZR¯,ªê žòPt„ðìveø b¥wù«§ùåª”8‰‘HÍÑ¢´¬~Îq.°¾q>1a!`GÒæ’\Ÿ‘vÞ ks°¢\ó»x_• ˆ¹LÉ âàµrµtaH£º0&ŸÐE„—‘n²Þœu±l6p‡=ºG€™-Ñêü	ó_q4’áºFÛ‰’ùÀ>ØzÃ…4À„â=yúñÎ|6Æ¢ðŠä¿n4¿¦“ˆx‰Ü¬Î³FýŒeDEö«te©¥‡‰±XP·¦$mÕ!j}˜9=wMØ×Ú¨:UËñ© ‹6Î¼Ô0óû¾ÔMâï¤wVø­	€öïãG¨u—jö5ÔT7©ägì$…öŒ­ö>é”!ç¤É[k’¿Ÿ`*yÂÀ] ¸Èh5:‘Iãã4±+ÜØ?ZäBôzì{Îl¿ßeuM¦°­xIÈ^ã«¾Øð)gß¡~é‚¨•f\ZÅ*Mp²5£N~Ú)w¸Ül¥ŠHýüp‚9)Ól¾Àq­¶ÐŒšj]@ 6ýul<è.- âÆÃ4.`’é$
PRœ÷¾v-«r†:`\ãÞüH´Rç[©óMÏyW‡84ØšcÃ€kDÍ©»~cì*RdÍ§ÄaY—<fú¯¿In¿JYH“×=þö(ŠhË2ÎßùL}Ä-]dÖ#ÍŒô!Œ^kóNŒÐ Jýã¬â£~Ï/ó×J¢«>cé½ß@ÃÊ0Ty2DNs‰J…ø*˜	&ýx]/[´_çG®S1Ñâ(<×ëê+Ê•":vuzˆ"jéÉå	¥eåD(û-}€˜qóØ¾&]W0—¤€ù%@“-È;¥u%¥ËI8'bgÑŸ²ÜÇ£¶Ôiƒ…|2%.l<«Pl"5ü™7F|)ÎÞ’òð¼9kïç¸¦»ï!ÂiÏ¯3SŸT_,
X‹f%D~!%øø!©³œ•=í$Ç_wž_XÂ­§u$Ý¯ðM cøaŸ¹_m€¥´Ü™½cÿwU£ŒlOkÓ§@•„ÉÜÊæÓoê½$H{Ö@B‚9î¸€¹F]+¹NÄzõœ\¶«ÂìÚ±þš÷[ü^î¼lùìWõË¶oG&‹`Va¾ˆûeq¦ÿ{AÅcâ%]K9E$"Ó«0ÏáˆXIë`ÛÁôõö¹yj¡@›Œ¢­•è1¾ç”Î0²Iuã ,Þû§‘^ÿjL$Ç¬ÀŠâ%qp+Éïtæ†“·F
„aXÊ!@lÀ•h¬'‘{¬O<Â¬¼³s‰X$l²-°&h#ØI56’TO‹TÓf;½_ÈZêØ?¬ù/°”FXûàâMãŽ&¼Q£¢¢ÙLgU:TÂÛ¹+mÓß˜†<NNÖè_éŒ9¬¥
epÝÄóXºO`²4´4‡¾­À
˜ŸAÚ€p(™X”Cd±JÅ•Ó¦‹2ìNno¦±n%›Éh 8eƒY3mCNð±§G±+™k•fvrž¯qN˜=ÜÞ’ëœ1ÖÁ*•C…î²L·>20^¯³RTáÎíN *ˆÐ3³ðxùñf¢¤¸§ÊØ¯®vÞ†KÞmlÙôÍpÍ[…UˆºGƒz*ð|Yñp)ÿ<éSítæ:ØÂ€Œ5=`'¼ÚY| Xð|»×Co]‰1Øú¦a630ÜK²2E§`è¡`ŽË/o™Ïncäà“{áµÇnÈ0Üí4Èai¢ND„•!Ó=%@â×”/ÈÓÍ©+f˜Ï"­XôÕ”K¯ŽŽô(émÏ9¹¼TÚü£ícØ –‹~"òñ ÔÒÉ¹wa’—Jçži?CÒÁ—`2àö·ûl0[ë¢çl^Ù~¥ïcu›,aS[•xÍ¼ËfÃ…ÆÒ ‡åŠ?4S‹uó™®qWçÀóeqQkðÿË—2R(·nTûŠ‘=s¿4gÅ{úHWCÈh)àü”`áŽŠ½VîÃÇðÕü5ÂÀ|L¶ÄôþÌadÌ|ncxbF–7Ï¹îò÷
Ò\ÈebÂdÆ(0WÄö3”{LzÌ	~w­ÿ09ãŽ`®@KÆ`~ì]¤Rã÷PÎC4J*¡ué?*sØ_Æ9@œòE9R"ÿM03”d¡û=SVkÍ5zAÚ|$.s÷×ö„Zä!‚]>C¡ÃwÃšœ‚§½d~Þòú]é0P~ä\LLB¬òã¹Çïãsë WÍHm?öN6]„˜œ¾¬Jy×r‚äËî¤©B‹%(~›ühéF£ÿAç\0>žÆy$-—y”ÍÃèjUÝÄ‡SJ?TB²ü\ï__º”kâOÃæ¿0·Ôw¯PzŸÞO´&n»+ýìÆGl‘N_bÑºÐQ¦ÅýÎŠ >.Ç½˜Óû¸Ž·™Y·þ<t`€y	z@#¬rk/·ð(WCqå°”qGLüùdNæW)ê™JV,†Öa"ÀŸè|×÷èµ @Ès~êêaSÙC[³(’NŸpoðN¯m(÷Âd¯1V»|ßíT´à?1o™|jø(å’üT6i/îˆâK"‡Áõš¤ZÇDFêåœÝéhðÌ¯œÎrùOsJ’ôÑCvª8…ÅÚ£«ì`÷´ÆÌ'®ÿáe$bã:J”/š+«IŠàýRÛjCœ‚Ûl‘ÌzÒk]’àÓZEÎ#ïQ}‹ç«ÂCPcc®¿õ¯ƒ)Ý¼íM<ºÝ›Áìõ'…l¼2¯Eƒ†FßÙòQBÇ¥Œw¯Åt6pº†ˆ¡Cý÷Ø2¬(í…W\}wûúìÕ†ðàöŒ$t{Vì6¬ÆÃDŸ+|¡8Bßk¢Òj{jH5uµºþŒï÷èÔ¹>W¨~Å(É„j ”kÚ«ÇŸEÎ²±j "Ù±ìwô¸]dd.ñª¢`ažq÷TâÒ„Z²©!wŸÓ%"­Â;r–êO¯ÓS˜18¹ÕÂXwaµËEfa2—²ÕvÅ·×áÈ³¨õ6:'ƒñ¢'¸Dy¯MnNkŸu¡%ÏÕ_WT	.ŸuuÌ#”,Û¶4eehâó_jB´8«
_þÛ4škŸ$üqLÎ­r(³­~Ü×§Qôo\gã¨5hÐû–[Õ¥{²§áÑó)F¿À6wä0¿*þ,chc	^@)vž¾mfô sV.<'žØ¾Oa”;‡&àôãñƒ‰kŸò¨‰¹(+Å•˜äzP”½<b®TN’ÉpŸŸÆšëÛv½‡D‰i‹ËÑ°î®ß7‹^1þ€®L€}m£,R•w)Ïi4>¸UXm:Â)k¤c¿ µø»¨úæ¨¡˜)kV_`ÏæÇŒïâÀiÖŠ
ôŒM2ò.:¹/ðÑqÐ]DÚ$*ŒÒSÃ°+£YÕÜm Zp’_KÅ …Ýfî¶h*¼hÃ× ³&>Ëë1 uuÄdàWÂÏª„,Í=Ï¸Çµþ¢÷‹¹îå#n•]ÔT¹%qju ÿÂ¿ RC˜<Ò„ôòŽéà
÷s¤¥¨n©|hd¸Ò%gQ‹'Š8/p-èNzoÂð…(’Vòð²àI|½­(ƒÇîKÇBX—è3Â¾}Ä¯å6\”¤Äþ9úz<+=ÜàI÷lÙ‘p°MU;+vŽ_üË]‚&BÚbu)!•Âã›|Î•ŒÿV9~¶ÐÚá_5šÊtÑáb€<‰îÿdXUÚa÷ÛL'¼ßî4¯i“Mù‘#À„¢ûÐÇx3®¨-";ß‘–‹Te„H0“<ç‘‘ÎÅ­>©)cþfpò£–»Iu~ÅÉÄþy7¤µ}ñm¶‰TðH"‡q´!W2LFßÊÙÌ,ûª’¶m¸õK\HÞPç­‚mš¤Äú«ž°¡$Û=Ïì‰&ä‚¡7ª†6žsãXôw9ø)Q]”ï€7Î»Å–]i?®Äß_B9Ú­üÎÆsÝ´@î—ú•ÓØþ!hR²Š0äÍ&ii`3uÉ>¼àX…?9yˆœ%Âë×a Èo“ÀÂàq— Dgø*e’¶Â#&B]²„¡å”>#a¥é—új¡{i¹3†#ÆŽWÛZ]~šÉcFÖB¸%vápM‘€ÿ´„Úd+´aþÛ”{Û0ëˆ+ÒäÇäiÉévø9ÝÛÖÂþvZòž¾ÒmÈv³ÕZ
7GÍÛþßåp2Žt2œô¬xPÂ)£'éždß—fâúª7õ>¶µ¿!™5xwÇ—®#ØŒïö®¹ô]äý¢ëºG>TCˆæ2³ÿ· '×–ì„DÐ”	¹›´ê+!¶³¥p¢Lž…ºåj	Y{O kååšŸ%YV—A ¢Ñ‹êm:L‹Ú¾´Eð7W)‘iãI×’MÔÎ¼^ïŸ¶×ÜöYªÝ{×ÖÒ8dlx¾ >c}ºñXíþ¹¿3„@2pKâO“L¡b#v*ÍÓ ´ÝÎõ én¹0eÐF
š/Óñ$“-ødu‰ºý-–W»!%aÚ†xz³DÈ9~“¢I"íZ«Ãßò-K!.ä˜ìì°ûL	)ð‘y~jS{ÞË›¨…
Oî%UMý=0œ]=4®e“è±BÂ'£Wn`oXöñtL-í·ÂvIxéGh+lâÚ©
´×Ž²â5KÙËÝX¡éßþ·{ƒ±?ÒJÁÄïÆDQÁ¶ö¿¶W–à¡?à	4»î•/¡µ<ûó…T‹Hiœ­ÿ'¼Zº°÷<*®=Íå6|)I|i*”£øGzzµ¹6~IýøõI(•2tß´PVMb˜U©‹{îóFŽù”PqŒ0Ó›‰Ç¥ŒP|•E®Ë“â0M‡³'@3ŸÌDù^bÃ ¿ÆÕÏQ¸KQŒò Wÿ-  ÈVÒ·kºÔâ²^- :×úâ^Ýä&‹])Úºæ‹ÍâT œ(‰q  ö"¶éß    
YZ