On Fri, Mar 21, 2014 at 3:30 PM, Jason Frisvold <[email protected]> wrote: > dan (ddp) wrote: >> So these ones will only get updates when new versions of OSSEC are >> released? It seems to me that if they're that wide spread, they should >> be potentially updated more frequently. > > No, they should definitely be in the separate git repo, but whatever the > most current version is would be added to a new release. > >> I doubt that the OpenBSD and Solaris rules are that important for most >> networks. And everyone uses exchange, so postfix and sendmail can be >> cut. telnetd isn't used by anyone anymore, so I disagree that it's >> necessary. VMWare isn't on every network, so it also seems a bit >> greedy. > > I was trying to be inclusive. Exchange wasn't in there because it's not > a default on any base OS install. postfix and sendmail are, though. > Yeah, telnetd is probably a stretch. > >> You can add more. I think we're planning on breaking them out into >> their own files after 2.8(?). > > Cool. I'm not up on the latest feature list.. Life is too busy sometimes. > >> http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.rules.html#element-decoder >> and >> http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.rules.html#element-decoder_dir >> >> The work that's been done to break decoders out was (I assume) the >> first step in moving the rules and decoders to their own repository >> (like is done with other IDSes). > > Excellent! > >> In the end I don't really care how it's done. I'm rarely allowed to >> keep an installation around long enough for my rules to make it >> anywhere. > > That's unfortunate.. >
Someone has to test and answer questions on the mailing list. It's hard to keep an installation clean and sturdy when it changes constantly (without a plan, rhyme, or reason). It's usually fun though. > -- > --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > --------------------------- > > "Any sufficiently advanced magic is indistinguishable from technology.\" > - Niven's Inverse of Clarke's Third Law > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
