OSSEC 2.8 has been released.

OSSEC is a cross-platform host intrusion detection system. Hence it’s also known as OSSEC HIDS. It is Free software released under the GNU General Public License, and features log analysis, file integrity monitoring, rootkit detection and real-time active responses. If you intend to run a server anywhere, this is one of the first applications you want to install on it.

OSSEC is a much better security application than Fail2ban, another popular host intrusion prevention application. OSSEC offers a centralized management server with support for agent and agentless monitoring. A complete description of its features are available here.

OSSEC HIDS

OSSEC logo

Aside from the usual bugfixes, the following new features were implemented in this latest release:

  • The <strong>-r</strong> option was added to the manage_agents command to remove an agent
  • Eventchannel support was added to Windows agent on Vista or later
  • A new configuration option that allows outputing of alerts to a zeromq PUB socket in JSON format, using cJSON library

Details are available in the Release Notes. Download and installation links are available here.