í«îÛ    ossec-hids-agent-0:2.9.3-2912.el6.art                                               Ž­è          $   >           è            ì           ppæå)/juoÛ%9°À¿+   >   ÿÿÿÐ       Ž­è       =  XL   ?     X<      d            è           é           ê           ë      (     ì   	   ,     í   	   B     î      À     ï      Ä     ñ      à     ó      ä     ö      ù     ÷      þ     ø   	        ü     ;     ý     Q     þ     W           ^          Ò                           	     Ð      
                           ð                                 1           Õ          ü           |          ¨                     ª          ô          ø          
     (          8        ’  9     \   ’  :     1   ’  >     RÇ     ?     RÏ     B     R×     G     Rì      H     Sl      I     Sì      X     T     Y     T     Z     T@     [     TD     \     TH      ]     TÈ      ^     W     b     Wž     d     X     e     X     f     X     l     X      “     X8   C ossec-hids-agent 2.9.3 2912.el6.art       The OSSEC HIDS Client The ossec-hids-agent package contains the agent part of the
OSSEC HIDS. Install this package on every system to be
monitored. Z)¤leatherback.atomicorp.com    L…http://www.ossec.net AGPL Atomicorp <support@atomicorp.com> System Environment/Daemons http://www.ossec.net/ linux x86_64 if [ $1 = 1 ]; then
	/sbin/chkconfig --add ossec-hids
	/sbin/chkconfig ossec-hids on
fi

echo "TYPE=\"agent\"" >> /etc/ossec-init.conf

if [ ! -f  /var/ossec/etc/ossec.conf ]; then
  ln -sf ossec-agent.conf /var/ossec/etc/ossec.conf
fi

ln -sf /var/ossec/bin/ossec-client.sh /var/ossec/bin/ossec-control

# daemon trickery
ln -sf /var/ossec/bin/client-logcollector  /var/ossec/bin/ossec-logcollector 
ln -sf /var/ossec/bin/client-syscheckd  /var/ossec/bin/ossec-syscheckd 

touch /var/ossec/logs/ossec.log
chown ossec:ossec /var/ossec/logs/ossec.log
chmod 0664 /var/ossec/logs/ossec.log


#/sbin/service ossec-hids restart || : if [ $1 = 0 ]; then
  /sbin/chkconfig ossec-hids off
  /sbin/chkconfig --del ossec-hids

  /sbin/service ossec-hids stop || :

  rm -f /var/ossec/etc/localtime
  rm -f /var/ossec/etc/ossec.conf
  rm -f /var/ossec/bin/ossec-control
  rm -f /var/ossec/bin/ossec-logcollector 
  rm -f /var/ossec/bin/ossec-syscheckd 
fi     K  	Ë <¸ [È  |  À     Û    ê    *A  /å  Ò  'R  Šý  ƒ†  ¦  D2  †t  ˆA  >ø  a  ˆ    '  ¦  á   (   (   (€íhhhhhhh¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤AhAýAh                                                                Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤Z)¤dfe58f05e3a1cef9cf14ab4bd0aedbc982646527d044dda4213711a0b688fb6a 21630d0d8054768ffe6cb4463be91bb22a434cf8cecca98ac17506b0cb36b4cb 4bdf40b6425e4b033822fb0beca75720c9a691efe87f57ad38217b2a446fbba2 5391f89491820bc3240df4f5484ed8d80f01d912f3bdb64acac51461be694e5a 2d5c1cb7886661c8fa2aaf096b9a7bec4817b437a79c42b51db2624b62bec130 f6db40baac8e04ab9622578a8037954228cdf82da8dee0c67f85c09dea592c6d 28136424b04150c85b780b46004467007ffe49b90f59fccaab7987e1bb5b8a82 41af621f8bf01e37df8459853e6e8cf3ce5b46d2bc1ce1b57bf17ad27526d3ad 77cdb2dc54aa7f3b473779b976753342ebd16a80f7848f3b8057d5e58be4b51a 92570e800098240e860ee952cc7855ec266c17e8b2238bb3871364bd31280cb8 31aabae3bfdebd4bb15344d2fde8a4397749d03f291d49c0dddb51fb0a22c5c7 e86acfd633f5293a39512002cb01fa175675abe9ad96f99df331444fd02c0f23 c1030b917aba0bc42b21ebb829eaa3cafb9081d55f533c676bf8708c0376bbeb b9303f2e8b46eb8c5ad7971e5f8a26ec5a2eefd3690989bcbeeab43ccb75a511 c6b5792d079a7569dadf04e66d749df8568ba9ba70607b392e126d389cf7741c ae8475d53363afa5a92cba7e4aef1d5470a0b7b2a2ac9a0978a012c0e3619d8f 85abbfeca400f7729195446af9ae8e80d8bf7d3c8bb56e6230bb2277808123ed 99e3972a8ecd98d9659a1086b2b0edcfc02a1f4f16e28550d3ef2517fe282e92 3471d91a28848f050cc940638f7aa21c60854610addc8aee44198ba37a62f11b 9b45b745cebb493c1c632de26cc6c6cdbe9294f6e04e09058ffdabb766b84a82 47fb6fdf6a9b880ed642356f284d1f6e828440502037890af53a020f8e2f723f 104fb993865c504a918d3016f14171369e90fc423f26b804b7f22c0868fc5ee5 7363a2dfd764883f5dd22c85c956f1352da1f8a562d91aa7e4a2d58973470610 8d133b8ff2bcb65bb139e742a7f72aa54236fd1602305a17b26ea0618d821d7d 03dc13aeb48ba253d9d4ac7bc05fa1d79cc2ae0bfb2b874a72a0e1e32ebb3a9f 067bdbfaa05b45c727a25e20a17409b06ef0e2db5059456a0abcc2e48581b820 7c0677b19985b30ca49d181b193e18cd8dfb66970b706d961745fba0a0217fca 34115106b827d27fe853daa0884e32c7f3936af3192a4a0a61f2811999678f00 96a357ae4c4871307da26f0649ada7e7c35b33d4ed08f9215790f3900eb207cf                                                                                                                                                                 root root root root root root root root root root root root ossec root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root ossec root root root root root root root root root root root root root root root root ossec ossec ossec ossec-hids-2.9.3-2912.el6.art.src.rpm  ÿÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿossec-hids-agent ossec-hids-agent(x86-64)                       	   
  
  
  @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
ossec-hids /sbin/chkconfig /sbin/chkconfig /sbin/service /sbin/service /bin/sh /bin/sh rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(CompressedFileNames) /bin/bash /bin/sh libcrypto.so.10()(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libdl.so.2()(64bit) libGeoIP.so.1()(64bit) libm.so.6()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) librt.so.1()(64bit) libssl.so.10()(64bit) libssl.so.10(libssl.so.10)(64bit) libz.so.1()(64bit) rpmlib(PayloadIsXz) 0:2.9.3-2912.el6.art       4.6.0-1 4.0-1 3.0.4-1                    5.2-1     ossec-hids-server  4.8.0    XÑÀXœYÀXˆ“@TëÀTš@SêÀS¨ÀS[ÀS©@RðÖ@RËì@RÊšÀR±Ž@R®ë@RrF@RiÀRR¢@QûŸ@QöY@QÄ@@Q­ÖÀQ¬…@Q¬…@Qu&@Qu&@QkëÀQg÷@Q\ÀPõDÀPÅÎÀP¤Ù@P£‡ÀP@OàiÀOß@OÐ—ÀOÐ—ÀOŒ	ÀO„ ÀOpZ@N»¼ÀNS–@NK­@N;Û@N;Û@N6•@N-ZÀNåÀMõûÀMðµÀMìÁ@MäØ@MÞ@ÀMÁ?ÀM®ÊÀM¤>ÀMœUÀM›@MPÀLû~ÀLö8ÀLÎ«ÀLÎ«ÀLÊ·@LÉeÀLµŸ@L¤{ÀL¡ØÀLä@L›A@L—LÀL‡zÀL~@@L|îÀLvW@LmÀLa?@LR¾ÀL4l@LT@KÙtÀKÍ—@K¿ÀK´ŠÀK¨­@K§[ÀK˜Û@K–8@Kò@Kî@Kî@Jø@JÁöÀJÁöÀJ›»@J’€ÀJ‚®ÀJnè@JL¡@JIþ@J2C@J2C@J/ @J&eÀIõž@Ièo@Iã)@Iß4ÀIÜ‘ÀI¯¾ÀI§ÕÀI¦„@Iž›@IŒ&@IŠÔÀI‚ëÀI~÷@Híò@H¾|@Hc„ÀHM@H2½@H)‚ÀGJµ@GAzÀGV@Gm@FÞš@FÁ™@F¹°@F³ÀF®@Fr@Fq-ÀFI ÀF-ñ@EíWÀE®ÀEySÀEIÝÀE
ÀE 	ÀDí”ÀDÇY@D·‡@D®LÀSupport <support@atomicorp.com> - 2.9.0-50 Support <support@atomicorp.com> - 2.9.0-49 Support <support@atomicorp.com> - 2.9.0-48 Support <support@atomicorp.com> - 2.8.1-47 Support <support@atomicorp.com> - 2.8.0-46 Support <support@atomicorp.com> - 2.8.0-45.1 Support <support@atomicorp.com> - 2.8.0-45 Support <support@atomicorp.com> - 2.7.1-44 Support <support@atomicorp.com> - 2.7.1-43 Support <support@atomicorp.com> - 2.7.1-42 Support <support@atomicorp.com> - 2.7.1-41 Support <support@atomicorp.com> - 2.7.1-40 Support <support@atomicorp.com> - 2.7.1-36 Support <support@atomicorp.com> - 2.7.1-35 Support <support@atomicorp.com> - 2.7-34 Support <support@atomicorp.com> - 2.7-33 Support <support@atomicorp.com> - 2.7-32 Support <support@atomicorp.com> - 2.7-31 Support <support@atomicorp.com> - 2.7-30 Support <support@atomicorp.com> - 2.7-29 Support <support@atomicorp.com> - 2.7-28 Support <support@atomicorp.com> - 2.7-27 Support <support@atomicorp.com> - 2.7-26 Support <support@atomicorp.com> - 2.7-25 Support <support@atomicorp.com> - 2.7-24 Support <support@atomicorp.com> - 2.7-23 Support <support@atomicorp.com> - 2.7-22 Support <support@atomicorp.com> - 2.7-21 Support <support@atomicorp.com> - 2.7-20 Support <support@atomicorp.com> - 2.7-19 Support <support@atomicorp.com> - 2.7-17 Support <support@atomicorp.com> - 2.6-16 Support <support@atomicorp.com> - 2.6-15 Support <support@atomicorp.com> - 2.6-14 Support <support@atomicorp.com> - 2.6-13 Support <support@atomicorp.com> - 2.6-12 Support <support@atomicorp.com> - 2.6-11 Support <support@atomicorp.com> - 2.6-10 Support <support@atomicorp.com> - 2.6-9 Support <support@atomicorp.com> - 2.6-8 Support <support@atomicorp.com> - 2.6-7 Support <support@atomicorp.com> - 2.6-6 Support <support@atomicorp.com> - 2.6-5 Support <support@atomicorp.com> - 2.6-4 Support <support@atomicorp.com> - 2.6-3 Support <support@atomicorp.com> - 2.6-2 Support <support@atomicorp.com> - 2.6-1 Support <support@atomicorp.com> - 2.6.0-0.10 Support <support@atomicorp.com> - 2.6.0-0.9 Support <support@atomicorp.com> - 2.6.0-0.8 Support <support@atomicorp.com> - 2.6.0-0.7 Support <support@atomicorp.com> - 2.6.0-0.6 Support <support@atomicorp.com> - 2.6.0-0.5 Support <support@atomicorp.com> - 2.6.0-0.4 Support <support@atomicorp.com> - 2.6.0-0.3 Support <support@atomicorp.com> - 2.6.0-0.1 Support <support@atomicorp.com> - 2.5.1-10 Support <support@atomicorp.com> - 2.5.1-9 Support <support@atomicorp.com> - 2.5.1-8 Support <support@atomicorp.com> - 2.5.1-7 Support <support@atomicorp.com> - 2.5.1-6 Support <support@atomicorp.com> - 2.5.1-5 Support <support@atomicorp.com> - 2.5.1-4 Support <support@atomicorp.com> - 2.5.1-3 Support <support@atomicorp.com> - 2.5.1-2 Support <support@atomicorp.com> - 2.5.1-1 Support <support@atomicorp.com> - 2.5-1 Support <support@atomicorp.com> - 2.5-0.9 Support <support@atomicorp.com> - 2.5-0.8 Support <support@atomicorp.com> - 2.5-0.7 Support <support@atomicorp.com> - 2.5-0.6 Support <support@atomicorp.com> - 2.5-0.1 Support <support@atomicorp.com> - 2.4.1-11.2 Support <support@atomicorp.com> - 2.4.1-11.1 Support <support@atomicorp.com> - 2.4.1-10 Support <support@atomicorp.com> - 2.4.1-9 Support <support@atomicorp.com> - 2.4.1-8 Support <support@atomicorp.com> - 2.4.1-7 Support <support@atomicorp.com> - 2.4.1-6 Support <support@atomicorp.com> - 2.4.1-5 Support <support@atomicorp.com> - 2.4.1-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-0.2 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.4-0.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-8 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-7 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-6 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.3-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2.0.beta2.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.2.0.beta1.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1.1-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1.1-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-11 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-10 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-9 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-8 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-7 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-6 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090225.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090220.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090206.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 2.0.0-0.090205.1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.99-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.99-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.6.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.6-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.5-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.4-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.4-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.3-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-8 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-7 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-5 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-4 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-3 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.2-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.1-1 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.0-2 Scott R. Shinn <scott@atomicrocketturtle.com> - 1.0 Scott R. Shinn <scott@atomicrocketturtle.com> peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org peter.pramberger@member.fsf.org - Change labels in alert mail headers to "ASL" - Update to Ossec 2.9.0 Final - Update to Ossec 2.9.0 - Update to 2.8.1. This is identical to 2.8.0-46, the only change is the hosts.deny CVE-2014-5284 is merged in. - Revert BR#1596
- Add Bugfix for hosts.deny race condition (CVE-2014-5284) - BR #1596, Add fork limiting patch (max 10) for execd to prevent DoS conditions - Upgrade to 2.8.0 - Feature Request #1512,  speed up shuns in execd, move sqlite down - Relink against native mysql - Add ar-tracking active response - Placeholder for null exclusion rules.  Legacy support - ASL 4 version with new database format - Add support for Fedora 20
- Modify optimization flags for FORTIFY - Update to 2.7.1
- Add independent rules.d/decoders.d ossec-rules package - FR#772, add rule 3360 for postfix slow brute force
-   add dovecot-decoder.patch for cpanel dovecot
-   Update 9702, 9753 for dovecot brute force
- FR#773, add rule 11308 for pure-ftp slow brute force
- FR#1347, Update for courier v4 decoder (pop3s)
- FR#1359, Update horde decoder for v5 - Disable ossec-dbd signature table (replaced by aslw_rules). This was very slow - Break ossec-dbd into separate package
- FR#1321, update courier-imap decoder for version 4.0 - Bugfix #XXX, prevent truncating last character on ossec-dbd database inserts on the alerts/data table - Add tld column to alert table w/ index - Deprecate internal id generation in dbd
- update schema to autoincrement, increase id space to int - Add is_hidden to mysql schema - Add if exists to mysql schema - Add os_dbd-mysql-replace-query.patch to consolidate SELECT/UPDATE into REPLACE sql - Consolidate alert & data into a common table
- Add ossec-authd init script - Add sqldelete command  to execd
- Update to clear sqlite db at startup - More minor updates to GeoIP tracking - Minor update to GeoIP tracking - Bugfix on permissions for files in shared/ directory for client installs
- Add GeoIP support
- Remove dependency on perl-DBD-SQLite
- Update asl-shun to new non-perl based version.
- Deprecate firewall-drop-update.patch
- Add sqlite support to execd (/var/ossec/var/execd.sqlite) - Update to 2.7 final - Feature Request #XXX, revert duplicate detection in log events to help detect extremely fast brute force attacks
- Add FORTIFY_SOURCE, PIE, and relro (full) - Update to 2.7-rc2 - Update to 2.7-rc1 - Move active response components under the common package - bugfix #xxx, correct ownership permissions on fts dir - Update to init script to suppress spurious execd output
- Add alerts queue to server package with ossec/ossec permissions - Bugfix #XXX, correct any/agentd condition - Moved agentless packages under server - Drop timeid and cat_id indexes from schema - Add new index, timeid to alerts table. - Add cmoraes patch, Adds config options for enabling/disabling rootkit/syscheck options, and agent config profiles
- Add ossec-memleaks patch
- Add agentless directories, and agent.conf
- Bugfix #XXX, ossec-hids.init will now return an exit code on status - Add prelink_cmd support - Bugfix #XXX, display multi-line events in data table correcty - Update to asl-shun.pl purge event to default to 24 hours. - Update to asl-shun.pl to change ordering of block rules
- Revert from 0805 snapshot - Update to 0805 snapshot - Update to 0801 snapshot
- Update asl-shun.pl to log to active-responses.log, blocks now go to the named chain ASL-ACTIVE-RESPONSE, and delete events are more redundant. - Update to OSSEC 2.6 Final - Update to snapshot 110711 - Update to snapshot 110613 - Update to snapshot 110609 - Update to snapshot 110606
- Moved ossecr user creation event to the ossec-hids core package - Update to snapshot 110531 - Update to snapshot 110526 - Update to snapshot 110504 - Bugfix #536, Increase the default sleep time for syscheck - Renamed to 2.6 branch - Add support for the rules/decoders dir system - Update to snapsot 110405
- Update asl-shun to support ossec alert ids - Changed asl-shun sqlite database to /var/ossec/var/blocklist3.sqlite
- asl-shun database format now stores the full alertid - Update to snapshot 101203 - Update to snapshot 101125 - Added alertid support to os_dbd, this involves a schema update - Added dst ip, src prt, and dst prt capture support to os_dbd - Bugfix #XXX, manage_agents was built in client mode for the server package. - Add clamav decoder & ruleset - Update to 2.5.1 final - Update to 2.5 final - Update to 0928 snapshot - Extended no_ar into ossec-dbd - Add no_ar option to disable active response per rule - Update to snapshot 100920 - Update snapshot to 100907 - Snapshot 100901 - Added test fix for os_dbd - Bugfix #376, ossec-control will now properly stop and reload - Update to 0809 snapshot - Relink against native mysql - Add minicon decoder from les fenison - Update to 100707 snapshot
- Feature Request #371, add ossec.log to logrotate - Updated to 100615 snapshot - Updated init and ossec-server scripts to support the new reload feature. - Update to 2.4.1 - Added zabbix reporting active response - Update to 2.4 final
- Lowered courier rule 3910 (failures) from 6 over 240 to 10 over 10
- Lowered courier rule 3911 (success) from 10 over 60 to 30 over 20 - Rebuilt for atomic repo - Update to CVS 100317 - Update to CVS 100311
- Add decoder for denyhosts
- Update asl_rules.xml to include denyhosts rules - Update to CVS 100309 - Added new decoder for smtp_auth
- Added rules to detect smtp_auth brute force attempts
- Added rules to detect imap/pop brute force attempts - Updated ossec-server.conf to be in parity with the ASL config
- Added templates dir for generating configs - Update to 2.3 release - Update to snapshot 091109 - Update to snapshot 091008 - Update to snapshot 090925
- Added timestamp field to the mysql schema
- Bugfix #XXX, for the ossec-client.init script to call the correct (renamed) ossec syscheckd/logcollector daemons
- Appologies for not updating the previous changelogs. Missed a few updates! - Update to snapshot 090827
- Feature Request #225, Added logrotate event to active-response log
- Updated system_audit_rcl.txt to look for the correct php.ini file - Update to 090824, beta 1 release - Update to 090812 snapshot - Rebuild agent daemons with -DCLIENT, added symlink trickery - update to 2.1.1 - update to 090630 snapshot, this has fixes for CentOS/RHEL 4 64-bit environments - update to 2.1 final - update to snapshot 090612 - update to snapshot 090610 - update to snapshot 090603 - Disable postgresql support, to get around an undesirable dependency on EL4 - Update to snapshot 090417 - Update to snapshot 090413 (this adds in inotify support) - Update to snapshot 090410 (this adds in inotify support) - Update to snapshot 090408 - Added authpsa rules back in, this is used to detect brute force attacks
- Added conditional building support for ASL modifications - Update to 2.0 official release - update to snapshot 090225 - update to snapshot 090220 - update to snapshot 090206 - update to snapshot 090205 - update to CVS code 090129, this is not an offical release. Its for testing only - update to CVS code 090126, this is not an offical release. Its for testing only - update to 1.6.1 - update to 1.6 - update to 1.5.1 - added mysql support - Added Stanislaw Polak's excellent ban-hackers script to manage shunning more intelligently. - update to 1.5 - fix on active-response locking bug that prevented some rules from expiring. - update to ossec 1.4 - update snapshot to ossec-hids-071011.tar.gz
- relinked C4, FC4, FC5 against mysql4 - update to snapshot ossec-hids-071006.tar.gz - update to shun blocklist tracking used by ASL
- added authpsa rules + decoder - update to 1.3 - minor adjustment in post, to check for config file before overwriting it - v6 was first version of the patch.
- added in logging in active-response for better ASL support
- Disabled conf event in post, to keep from overwriting config files. - changed permissions on queue/syscheck so it can be read by the ossec group (tweak for web gui) - removed the noreplace settings from decoder and the rules
- patch for a more ASL friendly client config - release -2 had a bug. 
- added ASL rules (asl_rules.xml)
- added decoder for the asl style modsecurity logging
- adjusted syslog_rules for qmail-scanner issue (BUG #ASL-18)
- Added http index in asl_rules.xml (BUG #ASL-7) - update to 1.2 - update to 1.1 - configuration change for ASL - updated to 1.0 - import into ART
- changed their naming conventions a bit, 0.9-3 to 0.9.3. Please dont be cross with me. - new version (0.9-3) - new version (0.9-2) - new version (0.9-1a) - new version (0.9-1) - new version (0.9) - some bugfixes - created /bin/sh /bin/sh ossec-hids-client                                                                                                                               	   
                                                                                                         0:2.9.3-2912.el6.art 0:2.9.3-2912.el6.art                                                                                                            ossec-init.conf ossec-hids agent-auth client-logcollector client-syscheckd manage_agent ossec-agentd ossec-client.sh ossec-execd internal_options.conf ossec-agent.conf ossec.conf.sample agent.conf cis_debian_linux_rcl.txt cis_mysql5-6_community_rcl.txt cis_mysql5-6_enterprise_rcl.txt cis_rhel5_linux_rcl.txt cis_rhel6_linux_rcl.txt cis_rhel7_linux_rcl.txt cis_rhel_linux_rcl.txt cis_sles11_linux_rcl.txt cis_sles12_linux_rcl.txt rootkit_files.txt rootkit_trojans.txt system_audit_rcl.txt system_audit_ssh.txt win_applications_rcl.txt win_audit_rcl.txt win_malware_rcl.txt alerts rids syscheck /etc/ /etc/rc.d/init.d/ /var/ossec/bin/ /var/ossec/etc/ /var/ossec/etc/shared/ /var/ossec/ossec-agent/etc/shared/ /var/ossec/queue/ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic drpm xz 2 x86_64-redhat-linux-gnu       ?   ÿÿü0   ý7zXZ  
áû¡ !   #¸‡,à8jë] "ÌkÀ%¥§lìÓ¥{ËØlså&ï²›Í:Py…¼j¸.åáHFéð–ø":]œÞÕeJùiYl¾<ñšO1w^…ëk+|öÆwgVN\µåHŠh¯å5N+H&è«"—DÕÅÜ‘%P˜,#Y'bRg=3üsx¼0Q5\ñ”j›MÛ|NÍýù-~#/øíq¶yúù¹ÿ Õo¨åo—$È×EÉâ*#4ˆƒ0ðëÍ&ô'åÉ\ÑÑÒŸÊÂ“F¦°öœ13b"ºÏÂ¼Uóì·ÇÙê¸¢Àók„	RjÙ%ÆV&*û,¨Ù?/%ôaí¾fÿÝ±2>PãÛß6¹éxÿ’Ìk~µ´ñ½‚µS›§ŠVß+¦àl J3ŒþN².¶—Ü8Dþ‘Ì¤4úÿƒD*ãmÀù òFŠ6n1Šq|È?|\JÁÌM(Z;ðöAfèj½*}3´{–©Š #ÇDÄ ¸»àÁ4Ôï•ÝüÙÈC)ê¶8uí¦Å|fK–qm{Ð¼ü‚ñ±Ð&`”³ªü×É·‰!Á©erô5\¢4Ö¿ý&Hsîâ1¦<ý¦ån	‰"a7þyF!Øæ êäD^ÀyŠã|ÑhOf	S§žétÈé}ñËJu]œ0¿ôÞ8–ï)ð¦î‘Ý?a³’OàÂ«42q4c¾‚8o„ºN×vlû2T7ë­&3Â6@àO°õ6Ìa/ó7ÙØ‹ÂIüVD÷ia™5Ëøì—%üÿh«µ›ñ#j˜Ý_{cÞ!°u—kÝ9||ø¢'šX²dë`¼ì—žªØ- ¹·?Gq;Õ¬«°óe”o6Œcîp÷ôw_?WÙD¿-ßÁSÀQæ»ßàÂwö´CfÁO€ žÖZ†–öG¸·YŸ/IÝÀþÓt™mA7VŠ¯â8ŸŒéÑhž¤L'r/_WêÙèäCi*|”´NØS³¨ßMú:ý%½[½w.V_-š&žv7h—ð‘_¤?¥üMÇ]Ä¡†çÝ†'³|
Ä¶üÛ¨¤þ·*›}Ëèì#S ¡OnÉ<’ùéšêV¦S;Ž5¾2¨DÑÆvÀÅÒÜó(Æ¬"‹^¾ÖÆ_õDØFGy•™þ< L¼ú/ó»uòvõÁÀ—&LDò›ƒ³Å¼ïaXmÂ]W¤åJ^rõöÒ6ë^nôLIòìy¤úèF£¥¦zß ið.·‘&eyc_§wâ›¶ˆPö	l}XLâÈ
ÑáÜ¦TtüÛt&ûƒå)2rêÙBxkÁbÒ`_>ëu/@×’Y¿¬<„?(ùúVVN­ž\#‚ï.Ë8ÊC}î9¨(`Rcˆ›£„W²¯¾3UÚˆÌ°("Å†ÌÂúŽÀ*ËN¬­áîF<ÉŸyµXS†µeŠ^òlÑàXk|1•äå×€æ:VÛ—J1i>¸×Q#Í¼Ê³Ïç;·'ÀW=jÈ4%×an•EíkÎ¬UÅ2â—Fµ@ªøHæhNÙ®
¢D&gÜ—wð¸¶Cè*)ëÉç°ìÊ›Òþš&`Õm”à¤z6Ý¤=ìaÿK¼úÃ4Hð^¦%çÅÇ8o¸Ú¹ˆÑH¾)õ¡yºÆ59»åð8ƒ§[ ÂÁÈH£Å®£5Á·ì-ÔO¼’tšëÎrë|Q~ãeôIZ‘á½ëË—sŽWiúTïÁp¿=¯ØÙkÂ—0i[ü3;¢P–´0ÐüR¬ñ‡ßÛcµœ¤Õ¾¿íÙ™D°Â |­0ìÇjšŒZÚDû›íešŒÅÅ…¨¬EÝ¹[ñ-ÃÝÑÿ Ø*{I]qþ™E¦éel-V8ž‰TŒaKui’VƒÙTÛsBMy«ÉÞ‘/V"{7'r¨VÓ\\(g•ƒ‚wÐóÖ¡yUgOêø0E§õË
ŸL®õsIþÎlÅïŽhÍŸlÄ„<¨Ù"ãþ8êLgëßù^(vâžì†c:£Â‘ø‘£÷	êÆËåS¨”±úä‰(«/z›£‡ßÁBŠËêg&˜ˆÂ¡aËÇÒ‹ÛžGø}KÕ´¥sí®y‡âÛSJx£B G*?El˜¨CB{^ññ®À]ñ·°[ä"ß6ú.q•Gõá§ø š5…;lï˜ÅÕ­®8f¼ÿ1÷%²pP4åG,[½çÛ6—iºaÊì®,_á)iÆ^`$NÕ²XÂbvÃ­Ëà"{ßVˆ#{)¶ðDù³üC1ÑM’ ýez9µsc&æK‚·1¦?æ5!Õåyïµëy£5ÊW¿Åà¨\¢»úUâæ•0H™âÁÄOwƒÑ8ešµÊ©Gîl@œØ/9±¸DÿÙ×¿H@ea¯D'}	àÙ¨ê¬?Û«*g‹ù·—+Š™ÙÄGm3Ï	ã ·FYŒ®,¾úsbÜÈ‰55Ü$6% (µ¨}éBê°aÚh·!vDµáy×Œ©ÊíîjŸÅ‹ò!4Ùym'"ÌýÛ÷KüáŒ3b\ÊL¥qœhço&ç5÷ÜðVÆ]×¶¡¸Vm¤R#Åz¤øÎ0d!±?ôÛÉÅ‹Ý‹†ƒÁ7gÇÊ±!|±ùèô¹û+d„J¯Íó‹]O}çHJ÷iKÝ$	cáÉìU½ÜWàÆøbÄÎË˜E§Á­¼I7€××¦‹z‡üúÞp¹>*7ckÈ-‘ÅÚ«_ý»n;¸
‹ƒA¿H£|^ÚÍy3‘°§¯ðÝjw“‹$¸Ø<‡oÛ&*T¡=`ò‘4Ò ôòYýÚrÓ½ý_‡ä‘&±ëÎoB†Ú½S\³çÀ¹àþQš „ëÎN~7ö{vo‘Ïz«ë@9\WGüäÝG‡{ÏìO»Ç¤Íw…ð Â®=xUw´¯)—’ª1•{¹QÐ îgÂ17Ed·`)z±_*²e I»ÄTúÈdàÀr»vËRžÒXü6›ÀåTýõýžR‡gÚ +æ&æ —¥]vF*dÃk¯^&eÉzŒèviíËWð¦úÂ-
K*±ÃNy‚õ:òÅæÏ“ux`•çÈ°óEÃ•]P¯Ãêoyuý=€/‰W^—‘‹Â|ÿª–ŽÎ©KÜ³ÕÊÍQn@2&é9 æ\ÈCŠ6IâÇÁÇr]Qº-¬*ÄU¥í@ÇØ‹d^6˜”D+: ÷ÏTäaòè«²ÓßËïƒæ0ŽÛÑÎuÙÆkIý( º¿Á÷*O. _Ox«#ÙZÛL‘¹LA$	r–%Jm›}fY±~•Š·àŠÕR}Û"c4)X,Ó#Iç&é‚‹6&Í§ ¸ÇÉ+SŒ¡¹¤Â´kîUeQà°T™˜DIì
q/$ü…òÇè„+•´	˜Uow%ºSpŸZEåƒukŽ,u1Œ¶DâpG¼(‡d«›½ð´a¶XÔ8£‰ïE®6‹_ŸÉ{Îÿ#+H?/½˜€Á\Šüa¡—òCƒž²›óŸtÕ­€m¬ ÿø1kwjY\$,ªEŸÇàù¬ké»næø¤L­®n>0Eù€È« Ô±*e/2Â[Ë×GoöÔÙ$žpŒ™Wœ½…‡”í”ò|i	vyW,cXqRj[R£±p²%ô„,v»ðBP×¶M’{ï¿®æj¢—¦£bûbèØh÷b]TcIdßåUòs§I1ä÷TZ.Âœ«eD'Yå6íÅ&Ýï!®±1ß=\»¼hëÑ$%}ÞÑ
»Ä÷`3}Õc~<eÀ„Ù÷˜1kúFC7:Pg2dÛû|Oë5¨=5€ŠÇeZ~U?ÀtYï4»× "«G&˜ ÛÖ¸\Ù}ë~d7ÛÌ>úuVÞäióÂu½Âù}ã‚)||†A8in‡Íxzÿ°–ƒ÷Ä›!—óJÖmÑúÚ~Û~p	§	ðù€ŠŒˆc˜jÚè—\Qv&Ž92“³RâcÕ{šµ1o›8v…º7:¦^ý:þ8:cP?]Kž”À32ßpQ­´j“®0x¢ï„Ãé+ÐˆÕ=“Óxé1Ÿ%©¼³V¤žÌwHÖ{ÙÚr÷“drÜ6}ì ozŒãÂºjrAŽßÞ4šd«5ËÿšÖ‹$ÑeâÏ §xk2„ËîÌ,¬ödrÊ>dñF¹+ø¡;—;”"˜íÅ`T«‹jg©¥­‰VäúOõ^wCþ{ÙL+gÇöï^÷.ÈAHKƒ’ôîÅílÇþŒ?KQÖóV”—ª²~×üºf˜á5­¥Y•Í‰{²z–0 	xð2Ë&`¬0,«ø¤ùE;¤ª8Å#ô¿˜¤î+Òp|ôŸ{…Eªi0§k©ÂuqwxåoÐ[6]+h«ó·Ãd…Î”=€1º5ÁñPZ,WÕ:K†a"=˜nn¬›ÏgÂ·êyò¾½j™ð"n<Ôõž‰ÜwÙ“ùNzóþK¨»ˆæiW¾J°Åñ ¦å£ÔÚBÌ_!tÊóôí£@ÞïA†O$çÿE¼Ëï×ô°¦îÆù>”!1íRIéÇÝþPšÃOñjp\	§óµWûÝd¤w•5*Ëêmè[Iå`³þw¼¶KÚCÉÒ})Ì]ærÿÑ	èR_#(’ª ·Ã‘C²î-|¬‘ÅišßÂ®ñîõ…(®ryâÔ¯ÓD ñšïq,£i ’ÿè’ bfg?ô»/gÊ´ ƒ˜TK—RÊ.rLáDrûe¬ðƒC1œ±{+ƒžÁà`9ë_äq
9l	H›ôùÚ²‘JØ©þÐ÷5F/;•QP·jRŠ¸…+Ôzñ–„AAk¸¨6•õÉ]¯ïš÷oâ´¥3@ÜÝçÕgB:AbV8èW½â
¹W+Ýðlæ4º÷XU´¼?¦Û¹<‚Ò5ø¿š3‰“h˜LÙ'h ã…:7½¿#–?#Fîç²Ï¹ºt]ð k’ÒIW§æê@¡fHÓDßªNÓ}~—SÝ"µ’F¢/\n¯	­:÷é‚onð”gÿÈVd_†é~c°römœÄqˆÄô{Þ×äî«Ê/ÅbÞ‹ó„:÷Dþåú–W@@3,MÜ`ÉŠ
ƒðÁGÑ´‘HÜœ|û½ý±‚Gh¬n–(Yšõ—Ê<òvüe©å¹»çÈÉÖv°VÊÈÚ”,S^\~DßfOgwL9æ,9ò
¾5uÁ¸ 0ÕñüÜ`
#N7Ù)¤™§>„|òå,6[h8!×ØÑ÷Í¿ôd¤¿…Lpï–×^.õtìõtŠ‘O®)ÉÑù5$î6MQ7¿‘zx—aà”ddØ6Wò§€;;¡~4UŸ¼C™¤Jž"°vBÌW8cG‘Z*ÉÜDÞ:ªR:S_/q:wXÏkÃÌ¹*s‡ã'&_þæzù•êóqíà!o
lSÀ%Û\ß™Œ¢%´a]ûIã¬$¥ƒ=¼‰ù`œu/¶¼$Ç›}våÕ1ÑõK°¶¡l«ªÊ°·îÛ•ÚËy¨Gèòu•Ð´ZÉ¿v)´a¹ŸnKy.Ð½F”—#…ØºF·›Ç2¾ídž˜æ*ÿÛBâ`ºªÒn¢!‰1&ØTú*C„Y}zûÑa™:LJÒb…-²©Ly-J%²ˆr¿ý?e”ªÊFù¤Ò[ÓÂH@Ÿ²ŽÚ¼-‹ÿÝT;¶rX™&w…¢2†«SGMxûAæÜ|Z5âòË»¸7e4š¥êdfT¾¿ìÞ¾Ô»ùè¼ìËð¯Q håFˆPéƒtQ“ãt“<KÆ±˜hvÕ”ÖÐo¦ånÑ#YŽÒEÀõðK"+ìW¥3y³ý.q
Á&åŸªJŒ
ŒY-‡ÍÈ
M…öœûÓ­wR)ˆÊWO?1z3¯º =Š°PÕHÓÀ>•EJ7…ò…˜b(_Ø0Ñ¹…æÝ@'‰‡ô&Åø<Ô‹ãw§£‚ŽÝ›ÍSP„+­§·Ó¸:Hâéo‹»‘Fù¡”TÁ#µ	žJ©íî0ÝÛÉ‘Aâã9kq®¯;ëDÄC% rÔ²7BM`…BG´,ò‘r!ÚœÈi»ƒ‰8ñÐ£wÎÄj´Óÿ—‚Sâ§ZA°¡ã$°$\eïrÙ·”IÞ©&JÏ=@ú½××…¢îÓVv4$°ˆ$\*<“Ø`ÛÍ)/—xr˜Ðå›ƒ÷uÞ¸Š«]†ï<7¶öè-m¢`ª¯†V'˜xþ_àøÈˆ"”5™æÊJõéöÞÅÜ¸ûÝø[,vböÃ…b?#Ç[ô64ô4ô{z2}}°Ôç¦ŒÂx3Li¦™FÉ¨ÓÏºh(&ÉÆdd¾“þÑƒwbÝÄj¸’!nlVCG…šÄqOŠU¦ÂÌ/l»‡F¯ï ãÏ„W[‘96h)%f3§h`@¤ß¢¨h¯™Ã™V×lKD«îdÂ‘Ô¢fSØËòÌÅØ¹µúG¼¼zKDŽî‹<p¸f(Ø-öŽthÙï”œè©²“ÛÇÅ’.D‡;2q[Äg¯ÔµâõéM£zÃœ}´¤Ie+‹0ª3    ¬|´y}jL3"÷‚9YgÆ0v7òOÞ¨Ò´Å”üá1 Ÿ(ëp  çº[‹¶éß    
YZ