OSSEC

Forensics & Incident Response

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Track releases GitHub Website

C Latest 4.1.0 · 7d ago Security brief →

Features

Host‑based intrusion detection (HIDS)
Log monitoring and analysis
Security Information and Event Management (SIEM) capabilities

Recent releases

View all 2 releases →

Review required

4.1.0 New feature 7d

Auth Dependencies

SMTP TLS + IPv6 + large‑file support + crash fixes

Open

4.0.0 Security relevant 4mo

Breaking changes

AES encryption is now default for agent-server communication, breaking compatibility with OSSEC 3.8 and earlier agents.

Security fixes

Critical UAF bug in memory leak fix (Issue #1818)
Heap UAF in OSSEC Alert decoder (Issue #1817)
Uncontrolled recursion in os_xml _ReadElem (Issue #1953)

Notable features

SHA-256 file integrity monitoring enabled by default for all monitored directories.
Secure random number generation for agent key generation using OpenSSL RAND_bytes.
Major dependency updates including Lua 5.4.7, zlib 1.3.1, and cJSON 1.7.18.

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.