Others and I have started Wiki clean up and organization at ossec.net/wiki
you can see a fair amount of changes already. Mostly around look and feel
and being able to find things.
Some simple ways to help right now.
* Watch for spam and/or defacement
* Bring together the blog posts from around the world
* Categories
* Many more areas to clean up ossec.net wiki
=== Watch for spam and or defacement. ===
As the wiki permissions have changed (editable with out auth from dcid) so
spam is starting to show up. The simplest way to stop this is the
subscribe to the "recent changes" feeds here:
atom:
http://www.ossec.net/wiki/index.php?title=Special:RecentChanges&feed=atom
rss:
http://www.ossec.net/wiki/index.php?title=Special:RecentChanges&feed=rss
When new pages are created by spam bots delete them. If needed make a log
message on the deletion that the ip needs to be block. One of the wiki
admins will then be able to start the banning of bot address ranges.
=== Bring together the blog posts from around the world ===
A lot of people write about OSSEC on their blog and in a lot of cases this
information is not documented any place else. Bringing this back to the
wiki would help. So people can reach out the the blog author and asked for
permission to reproduce the content on the wiki directly. I would also
make sure to link the authors blog and page as the source of the content on
the wiki.
An example of importing content and making sure the authors page is linked:
* http://www.ossec.net/wiki/Know_How:agentless_scripts
Some posts to reach out to the authors of:
* http://www.madirish.net/?article=434
* http://www.immutablesecurity.com/index.php/tag/ossec/ (hehehehe)
*
http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/
* http://blog.rootshell.be/2010/03/31/detecting-fraud-with-ossec/
More items at:
* http://delicious.com/tag/ossec
=== Categories ===
I have started to layout the wiki using categories to simplify finding
related data. A good example of this the "know how" sections of the wiki
which you can see here: http://www.ossec.net/wiki/Category:Know_how . You
also see the complete listing of categories at this page:
http://www.ossec.net/wiki/Special:Categories
The use of categories is straight forward. If a page involves an usage of
the ossec.conf attach the markup [[Category:ossec.conf]] to the bottom of
that page. This greatly eases the finding of related content on the wiki.
Some areas that need categories on right now are the logs sample pages.
Here is an example of how to categoize the log sample section:
The Cisco log samples all have the following categoies:
[[Category:log::samples]]
[[Category:log::samples::cisco]]
The Linux sections have:
[[Category:log::samples]]
[[Category:log::samples::linux]]
with an optional app category like:
[[Category:log::samples::linux::ftp]]
=== Many more areas to clean up ossec.net wiki ===
Lots of other ways to help clean up and write for ossec.net/wiki. Just
head over and create an account and start correcting things. It worked for
wikipedia it can work for ossec
~Jeremy Rossi
e: look at the headers people
t: http://twitter.com/jrossi
