ossec-hids-2.8.2-49.suse12.3.art$>ZG)B=$`1vtr4>>N?Nd  # X8<X\qu :: `: : :  V:  : x::(:`  H ({)*+,-8m9m:'m=BDBGB:HC:IDl:XDYD\D:]E:^I bJdJeJfJlJuJ:vK wL:xMp:yNXCossec-hids2.8.249.suse12.3.artAn Open Source Host-based Intrusion Detection SystemOSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. This package contains common files required for all packages.Ux leatherback.atomicorp.comApplications/Systemhttp://www.ossec.net/linuxi386if ! id -g ossec > /dev/null 2>&1; then groupadd -r ossec fi if ! id -u ossec > /dev/null 2>&1; then useradd -g ossec -G ossec \ -d /var/ossec \ -r -s /sbin/nologin ossec fi if ! id -u ossecr > /dev/null 2>&1; then useradd -g ossec -G ossec \ -d /var/ossec \ -r -s /sbin/nologin ossecr fi! |8`d  c ?  }P'8AO {A큤AhAhAhhhhhhhhhhhAhhhhhhhhhhhhhAhAhAA聠AAhAAAhAUx Ux UxYUx UxYUxYUxYUxYUxYUx Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux bcd6e512c9627c6d09a2e852db43a1aadd96f5ec41c601c09f99252272c38aac9e7417e6440f786de46b42cd31eee384f18762365fcf687764a89f4126dd7a9db4318998d4d34431f536824bee4dc7663a3fca440e5142141f75613396dc55be0d7fd090a120b378bd44a18319085d88620bb7958e0665fa9dd3a544ae944a1525887bdd240bc502c80c970a926132bcac2254ffe808f2e1e6a2059f7b6b70d66696d5e6b1464d63569507419a7b3582b18f166b9aa7abfbd0500b75c6ace41d46b0e3782179474d80c2d51cc0c18ea191819d33fc1831c33090e6f12634c4464cbab6aeb963b00fec11fb2c4367ff5154265163fd59969371516ae7cf4024ee8038838ce614839b69607b0c8d3dcd952eb0f40856189205d103e3116389cf548de9f76b53e3d931ca91b5b30e93e30d3837e5b595795be4a4b7ab8a686419fc151469d3db7b9984f283b3db84bd4805c4686eb10052796a091cc2631cc2606637bedae6ed6bb5f7b4a81b05d111110c01998b783ae3e744910ca5fa48284e15607f15a31477667a929b39fe93fd0ef35153a546ff0b249f5e5fad73368647533029b1c8b4452e9220e1dd0d5e3d1146e970334d6ed40cec19ed160e0edd9503afd8198e717c69712a39abf88d737bfdf96dec8e2bbbbba81547d8a8ca5f1f4e0a925a9273f76d0c11923f81b3a3f1668bbb43059e784bc7897d8afa91db442087a3dacc9168f4bcb24de133d93f3d258b01dd3679f38c62cd275c72cdf5f88d4fb4e5adb8b146c8c1661b026c4ccec3c305bfe360442ace1a893b033da10ababc0ae4fa2bc3aa0359da50cfc5dc60ae1ab23dcbf166a3d52088d6880adac31b137905d4645eb4a91764e1fde96bdbcd10b8dc27d937b26821fda7f91e2e281f821a6d25c7871410bc13a1c995cfbb132db61ae3efd9250fe63cdac8579d005fbb55cdd41f77ea7a53c5f7b50fc2dbc7rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecrootossecossecrootrootrootrootrootrootrootrootrootrootrootossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecrootossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossecossec-hids-2.8.2-49.suse12.3.art.src.rpmconfig(ossec-hids)ossec-2.8.2-49.suse12.3.artossec-hidsossec-hids(x86-32)@@   /bin/sh/bin/sh/bin/sh/usr/bin/env/usr/sbin/groupadd/usr/sbin/useraddconfig(ossec-hids)inotify-toolsrpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.8.2-49.suse12.3.art3.0.4-14.0-14.4.6-14.10.2[ -r /etc/localtime ] && cp -fpL /etc/localtime /var/ossec/etcglibcUx&Uv@TT @SSS[S@R@R@RʚR@R@RrF@Ri RR@Q@QY@Q@@QQ@Q@Qu&@Qu&@QkQg@Q\PDPP@PP@OiO@OЗOЗO O OpZ@NNS@NK@N;@N;@N6@N-ZNMMM@M@M@M?MM>MUM@M PL~L8LΫLΫLʷ@LeL@L{LL@LA@LLLzL~@@L|LvW@LmLa?@LRL4l@LT@KtK͗@KKK@K[K@K8@K@K@K@J@JJJ@JJJn@JL@JI@J2C@J2C@J/@J&eI@Io@I)@I4IܑISupport - 2.8.2-49Support - 2.8.1-48Support - 2.8.1-47Support - 2.8.0-46Support - 2.8.0-45.1Support - 2.8.0-45Support - 2.7.1-44Support - 2.7.1-43Support - 2.7.1-42Support - 2.7.1-41Support - 2.7.1-40Support - 2.7.1-36Support - 2.7.1-35Support - 2.7-34Support - 2.7-33Support - 2.7-32Support - 2.7-31Support - 2.7-30Support - 2.7-29Support - 2.7-28Support - 2.7-27Support - 2.7-26Support - 2.7-25Support - 2.7-24Support - 2.7-23Support - 2.7-22Support - 2.7-21Support - 2.7-20Support - 2.7-19Support - 2.7-17Support - 2.6-16Support - 2.6-15Support - 2.6-14Support - 2.6-13Support - 2.6-12Support - 2.6-11Support - 2.6-10Support - 2.6-9Support - 2.6-8Support - 2.6-7Support - 2.6-6Support - 2.6-5Support - 2.6-4Support - 2.6-3Support - 2.6-2Support - 2.6-1Support - 2.6.0-0.10Support - 2.6.0-0.9Support - 2.6.0-0.8Support - 2.6.0-0.7Support - 2.6.0-0.6Support - 2.6.0-0.5Support - 2.6.0-0.4Support - 2.6.0-0.3Support - 2.6.0-0.1Support - 2.5.1-10Support - 2.5.1-9Support - 2.5.1-8Support - 2.5.1-7Support - 2.5.1-6Support - 2.5.1-5Support - 2.5.1-4Support - 2.5.1-3Support - 2.5.1-2Support - 2.5.1-1Support - 2.5-1Support - 2.5-0.9Support - 2.5-0.8Support - 2.5-0.7Support - 2.5-0.6Support - 2.5-0.1Support - 2.4.1-11.2Support - 2.4.1-11.1Support - 2.4.1-10Support - 2.4.1-9Support - 2.4.1-8Support - 2.4.1-7Support - 2.4.1-6Support - 2.4.1-5Support - 2.4.1-4Scott R. Shinn - 2.4.1-1Scott R. Shinn - 2.4-5Scott R. Shinn - 2.4-4Scott R. Shinn - 2.4-1Scott R. Shinn - 2.4-0.2Scott R. Shinn - 2.4-0.1Scott R. Shinn - 2.3-8Scott R. Shinn - 2.3-7Scott R. Shinn - 2.3-6Scott R. Shinn - 2.3-1Scott R. Shinn - 2.2-5Scott R. Shinn - 2.2-4Scott R. Shinn - 2.2-3Scott R. Shinn - 2.2.0.beta2.1Scott R. Shinn - 2.2.0.beta1.1Scott R. Shinn - 2.1.1-5Scott R. Shinn - 2.1.1-3Scott R. Shinn - 2.1.1-1Scott R. Shinn - 2.1-3Scott R. Shinn - 2.1-1Scott R. Shinn - 2.0-11Scott R. Shinn - 2.0-10Scott R. Shinn - 2.0-9Scott R. Shinn - 2.0-8Scott R. Shinn - 2.0-7Scott R. Shinn - 2.0-6Scott R. Shinn - 2.0-5Scott R. Shinn - 2.0-4Scott R. Shinn - 2.0-2- Update to 2.8.2, this release just inclused the -48 versions fix- Security fix for CVE-2015-3222- Update to 2.8.1. This is identical to 2.8.0-46, the only change is the hosts.deny CVE-2014-5284 is merged in.- Revert BR#1596 - Add Bugfix for hosts.deny race condition (CVE-2014-5284)- BR #1596, Add fork limiting patch (max 10) for execd to prevent DoS conditions- Upgrade to 2.8.0- Feature Request #1512, speed up shuns in execd, move sqlite down- Relink against native mysql- Add ar-tracking active response- Placeholder for null exclusion rules. Legacy support- ASL 4 version with new database format- Add support for Fedora 20 - Modify optimization flags for FORTIFY- Update to 2.7.1 - Add independent rules.d/decoders.d ossec-rules package- FR#772, add rule 3360 for postfix slow brute force - add dovecot-decoder.patch for cpanel dovecot - Update 9702, 9753 for dovecot brute force - FR#773, add rule 11308 for pure-ftp slow brute force - FR#1347, Update for courier v4 decoder (pop3s) - FR#1359, Update horde decoder for v5- Disable ossec-dbd signature table (replaced by aslw_rules). This was very slow- Break ossec-dbd into separate package - FR#1321, update courier-imap decoder for version 4.0- Bugfix #XXX, prevent truncating last character on ossec-dbd database inserts on the alerts/data table- Add tld column to alert table w/ index- Deprecate internal id generation in dbd - update schema to autoincrement, increase id space to int- Add is_hidden to mysql schema- Add if exists to mysql schema- Add os_dbd-mysql-replace-query.patch to consolidate SELECT/UPDATE into REPLACE sql- Consolidate alert & data into a common table - Add ossec-authd init script- Add sqldelete command to execd - Update to clear sqlite db at startup- More minor updates to GeoIP tracking- Minor update to GeoIP tracking- Bugfix on permissions for files in shared/ directory for client installs - Add GeoIP support - Remove dependency on perl-DBD-SQLite - Update asl-shun to new non-perl based version. - Deprecate firewall-drop-update.patch - Add sqlite support to execd (/var/ossec/var/execd.sqlite)- Update to 2.7 final- Feature Request #XXX, revert duplicate detection in log events to help detect extremely fast brute force attacks - Add FORTIFY_SOURCE, PIE, and relro (full)- Update to 2.7-rc2- Update to 2.7-rc1- Move active response components under the common package- bugfix #xxx, correct ownership permissions on fts dir- Update to init script to suppress spurious execd output - Add alerts queue to server package with ossec/ossec permissions- Bugfix #XXX, correct any/agentd condition- Moved agentless packages under server- Drop timeid and cat_id indexes from schema- Add new index, timeid to alerts table.- Add cmoraes patch, Adds config options for enabling/disabling rootkit/syscheck options, and agent config profiles - Add ossec-memleaks patch - Add agentless directories, and agent.conf - Bugfix #XXX, ossec-hids.init will now return an exit code on status- Add prelink_cmd support- Bugfix #XXX, display multi-line events in data table correcty- Update to asl-shun.pl purge event to default to 24 hours.- Update to asl-shun.pl to change ordering of block rules - Revert from 0805 snapshot- Update to 0805 snapshot- Update to 0801 snapshot - Update asl-shun.pl to log to active-responses.log, blocks now go to the named chain ASL-ACTIVE-RESPONSE, and delete events are more redundant.- Update to OSSEC 2.6 Final- Update to snapshot 110711- Update to snapshot 110613- Update to snapshot 110609- Update to snapshot 110606 - Moved ossecr user creation event to the ossec-hids core package- Update to snapshot 110531- Update to snapshot 110526- Update to snapshot 110504- Bugfix #536, Increase the default sleep time for syscheck- Renamed to 2.6 branch- Add support for the rules/decoders dir system- Update to snapsot 110405 - Update asl-shun to support ossec alert ids- Changed asl-shun sqlite database to /var/ossec/var/blocklist3.sqlite - asl-shun database format now stores the full alertid- Update to snapshot 101203- Update to snapshot 101125- Added alertid support to os_dbd, this involves a schema update- Added dst ip, src prt, and dst prt capture support to os_dbd- Bugfix #XXX, manage_agents was built in client mode for the server package.- Add clamav decoder & ruleset- Update to 2.5.1 final- Update to 2.5 final- Update to 0928 snapshot- Extended no_ar into ossec-dbd- Add no_ar option to disable active response per rule- Update to snapshot 100920- Update snapshot to 100907- Snapshot 100901- Added test fix for os_dbd- Bugfix #376, ossec-control will now properly stop and reload- Update to 0809 snapshot- Relink against native mysql- Add minicon decoder from les fenison- Update to 100707 snapshot - Feature Request #371, add ossec.log to logrotate- Updated to 100615 snapshot- Updated init and ossec-server scripts to support the new reload feature.- Update to 2.4.1- Added zabbix reporting active response- Update to 2.4 final - Lowered courier rule 3910 (failures) from 6 over 240 to 10 over 10 - Lowered courier rule 3911 (success) from 10 over 60 to 30 over 20- Rebuilt for atomic repo- Update to CVS 100317- Update to CVS 100311 - Add decoder for denyhosts - Update asl_rules.xml to include denyhosts rules- Update to CVS 100309- Added new decoder for smtp_auth - Added rules to detect smtp_auth brute force attempts - Added rules to detect imap/pop brute force attempts- Updated ossec-server.conf to be in parity with the ASL config - Added templates dir for generating configs- Update to 2.3 release- Update to snapshot 091109- Update to snapshot 091008- Update to snapshot 090925 - Added timestamp field to the mysql schema - Bugfix #XXX, for the ossec-client.init script to call the correct (renamed) ossec syscheckd/logcollector daemons - Appologies for not updating the previous changelogs. Missed a few updates!- Update to snapshot 090827 - Feature Request #225, Added logrotate event to active-response log - Updated system_audit_rcl.txt to look for the correct php.ini file- Update to 090824, beta 1 release- Update to 090812 snapshot- Rebuild agent daemons with -DCLIENT, added symlink trickery- update to 2.1.1- update to 090630 snapshot, this has fixes for CentOS/RHEL 4 64-bit environments- update to 2.1 final- update to snapshot 090612- update to snapshot 090610- update to snapshot 090603- Disable postgresql support, to get around an undesirable dependency on EL4- Update to snapshot 090417- Update to snapshot 090413 (this adds in inotify support)- Update to snapshot 090410 (this adds in inotify support)- Update to snapshot 090408- Added authpsa rules back in, this is used to detect brute force attacks - Added conditional building support for ASL modifications/bin/sh/bin/sh  !"#$%&'()*+,-./0123456789:2.8.2-49.suse12.3.art2.8.2-49.suse12.3.art2.8.2-49.suse12.3.art   ossec-hidsossec-hidsBUGSCHANGELOGCONFIGCONTRIBUTORSINSTALLLICENSEREADME.mdossecactive-responsebinar-tracking.shasl-shun.pldisable-account.shfirewall-drop.shhost-deny.ship-customblock.shossec-tweeter.shrestart-ossec.shroute-null.shzabbix-alert.shagentlessmain.expregister_host.shssh.expssh_asa-fwsmconfig_diffssh_foundry_diffssh_generic_diffssh_integrity_check_bsdssh_integrity_check_linuxssh_nopass.expssh_pixconfig_diffsshlogin.expsu.expbinossec-configureetcsharedtemplatesactive-response.templateapache-logs.templatear-disable-account.templatear-firewall-drop.templatear-host-deny.templatear-routenull.templatepgsql-logs.templaterootcheck.templaterules.templatesnort-logs.templatesyscheck.templatesyslog-logs.templatelogsqueuediffossecvarrun/etc/logrotate.d//usr/share/doc/packages//usr/share/doc/packages/ossec-hids//var//var/ossec//var/ossec/active-response//var/ossec/active-response/bin//var/ossec/agentless//var/ossec/bin//var/ossec/etc//var/ossec/etc/templates//var/ossec/queue//var/ossec/var/-O2 -g -m32 -march=i486 -fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tablesdrpmlzma5i386-suse-linuxASCII textPOSIX shell script, ASCII text executablePascal source, ASCII textUTF-8 Unicode textUTF-8 Unicode text, with very long linesa /usr/bin/env expect script, ASCII text executabledirectoryexported SGML document, ASCII text RRRRRRRRRRRRRRRRRRRRRRR? ]"k%M{Usg`Y{ e[_kkG,9st=5$ Pi"NBgOr}\ˉÏď(%w:yQ"@-##.ѢFCo+WvlU kQB/mym HO^oLo &aC'EOݜѴy >ݛeKOX@ KХm<ޣ2ӫ2dMGPڋ9٤t PN ry ,rؑ v=pjsz `I~UzK#bq daί@F2sFP> wLau&F{D.@ O30s/jhX/Và\k>jqV$ntǚ sXPE5A @iAwN$HPBVrCer8<*R9mg$  %&.v[H9gtpW-hS@*Qc^ +1 m` O.zTŨXtQ"&>EXf/ZwYG:3:ӄ)h71ky}.A:o:jUR7wz#!Ocw>o4D'Vt|2}% a޴bWoSkI\9M.KM0Ls٬iVÝH¥YQ?)=].A_!]Þ{Ѳx}J|P#h>kLTf}hyCH| {t,e+T;Uf|JGn#~#g~Q9ӫnqJ_DU1>p Ta;%J/^!ȬQsȤk?#K?Gi/{3Sș uQX tT- cڷW=qTgI&wZ2 reȉZTBJw(Ymo!z5*}.f yoՃ#:SY;Rk6ZG ΅vODsAd r:^9"ӄ+o fTb̫#&?jR#U)e-Q*sը,>d,- tS~GM-*ğE':%8D.],7k^bvb$ JzKRdǍ8ި3E^%TbǴv\?[>oF%f*ph•xZvxߧ-5iv^w&V%dDž+C BP]6rSA41{4tgcWp<)f؞v(o|ߔ 1RZ_Np/FhXw"QEjM5C=8}:eeH