Prelude support for Ossec

Hello people,

I am happy the announce the prelude support in the upcoming
Ossec release.


What is it?
======

OSSEC is an Open Source Host-based Intrusion Detection
System. It
performs log analysis, integrity checking, Windows registry
monitoring, rootkit detection, real-time alerting and active
response.


Download it!
========

The prelude code is currently in CVS, but you can get a
nightly snapshot here :
http://www.ossec.net/files/snapshots/ossec-hids-071
006.tar.gz


Compile it!
======

You must go into the src/ directory and type "make
setprelude". Then
you can go back to the sources root and run the
"install.sh" script.
Since this is beta, that's how you should do it, things will
be easier
for the official release (simple question such as "do
you want to
enable prelude support ?").


Install it!
=====

It is installed just like a regular sensor (intructions
->

https://trac.prelude-ids.org/wiki/RegisteringASensor).

Two *important* things to keep in mind :
* When performing registration, the "Ossec" group
and user must be
registered instead of root, since Prelude code runs as part
of the
analysis section of the Ossec program. And Ossec runs this
code under
both ossec user and group.
* In the configuration file "ossec.conf", you
should add the following
line in the <global> section :
<prelude_output>yes</prelude_output>


Issues
====

IDMEF Messages are not as full as I would like them to be,
this is
because I live in Paris, which is a very fun city to be in,
and there
are a lot outdoors activities that I do here. I promise to
reduce my
social activities to have something more exhaustive.

Thanks
====

I would like to thank Yoann Vandoorselaere for his intensive
work on
the Prelude project and I would like to thank Daniel B. Cid
for his
rapid feedback to my existential questions over is data
structure.
_______________________________________________
Prelude-user site list
Prelude-userprelude-ids.org
http://www.prelude-ids.org/mailman/listinfo/prelude-user

oh man, fantastic!!  thanks Sebastien, and to all that made
this happen - it
for sure will come in handy!

scotto

On 10/7/07, Sebastien Tricaud <sebastien.tricaudgmail.com> wrote:
>
> Hello people,
>
> I am happy the announce the prelude support in the
upcoming Ossec release.
>
>
> What is it?
> ======
>
> OSSEC is an Open Source Host-based Intrusion Detection
System. It
> performs log analysis, integrity checking, Windows
registry
> monitoring, rootkit detection, real-time alerting and
active response.
>
>
> Download it!
> ========
>
> The prelude code is currently in CVS, but you can get a
nightly snapshot
> here :
> http://www.ossec.net/files/snapshots/ossec-hids-071
006.tar.gz
>
>
> Compile it!
> ======
>
> You must go into the src/ directory and type "make
setprelude". Then
> you can go back to the sources root and run the
"install.sh" script.
> Since this is beta, that's how you should do it, things
will be easier
> for the official release (simple question such as
"do you want to
> enable prelude support ?").
>
>
> Install it!
> =====
>
> It is installed just like a regular sensor (intructions
->
> 
https://trac.prelude-ids.org/wiki/RegisteringASensor).
>
> Two *important* things to keep in mind :
> * When performing registration, the "Ossec"
group and user must be
> registered instead of root, since Prelude code runs as
part of the
> analysis section of the Ossec program. And Ossec runs
this code under
> both ossec user and group.
> * In the configuration file "ossec.conf", you
should add the following
> line in the <global> section :
> <prelude_output>yes</prelude_output>
>
>
> Issues
> ====
>
> IDMEF Messages are not as full as I would like them to
be, this is
> because I live in Paris, which is a very fun city to be
in, and there
> are a lot outdoors activities that I do here. I promise
to reduce my
> social activities to have something more exhaustive.
>
> Thanks
> ====
>
> I would like to thank Yoann Vandoorselaere for his
intensive work on
> the Prelude project and I would like to thank Daniel B.
Cid for his
> rapid feedback to my existential questions over is data
structure.
> _______________________________________________
> Prelude-devel site list
> Prelude-develprelude-ids.org
> http://www.prelude-ids.org/mailman/listinfo/prelude-dev
el
>
_______________________________________________
Prelude-user site list
Prelude-userprelude-ids.org
http://www.prelude-ids.org/mailman/listinfo/prelude-user