dan (ddp) wrote: > So these ones will only get updates when new versions of OSSEC are > released? It seems to me that if they're that wide spread, they should > be potentially updated more frequently.
No, they should definitely be in the separate git repo, but whatever the most current version is would be added to a new release. > I doubt that the OpenBSD and Solaris rules are that important for most > networks. And everyone uses exchange, so postfix and sendmail can be > cut. telnetd isn't used by anyone anymore, so I disagree that it's > necessary. VMWare isn't on every network, so it also seems a bit > greedy. I was trying to be inclusive. Exchange wasn't in there because it's not a default on any base OS install. postfix and sendmail are, though. Yeah, telnetd is probably a stretch. > You can add more. I think we're planning on breaking them out into > their own files after 2.8(?). Cool. I'm not up on the latest feature list.. Life is too busy sometimes. > http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.rules.html#element-decoder > and > http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.rules.html#element-decoder_dir > > The work that's been done to break decoders out was (I assume) the > first step in moving the rules and decoders to their own repository > (like is done with other IDSes). Excellent! > In the end I don't really care how it's done. I'm rarely allowed to > keep an installation around long enough for my rules to make it > anywhere. That's unfortunate.. -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
