Merge pull request #808 from ddpbsd/random_seed

Ignore OpenBSD's Random seed
ossec · Apr 28, 2016 · ec6768a · ec6768a
2 parents 910e40c + abd708a
commit ec6768a
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 12 deletions.
diff --git a/.gitignore b/.gitignore
@@ -13,7 +13,8 @@ src/external/zlib-1.2.8/zlib.pc
 src/isbigendian.c
 src/analysisd/compiled_rules/compiled_rules.h
 etc/ossec.mc
-
+src/Config.OS
+src/external/zlib-1.2.8/ztest*
 
 # Compiled programs
 src/agent-auth

diff --git a/README.md b/README.md
@@ -4,22 +4,22 @@ OSSEC v2.8 Copyright (C) 2014 Trend Micro Inc.
 
 OSSEC is a full platform to monitor and control your systems. It mixes together 
 all the aspects of HIDS (host-based intrusion detection), log monitoring and 
-SIM/SIEM together in a simple, powerful and open source solution.
+SIM/SIEM together (security information and event management) in a simple, powerful and open source solution.
 
 Visit our website for the latest information.  [ossec.github.io](http://ossec.github.io)
 
 
 
 ## Current Releases 
 
-The current stable releases are available on the ossec website. 
+The current stable releases are available on the OSSEC website. 
 
 * Releases can be downloaded from: [Downloads](http://ossec.github.io/downloads.html)
-* Release documentation is available at: [docs](http://ossec.github.io/docs/)
+* Release documentation is available at: [OSSEC’s documentation](http://ossec.github.io/docs/)
 
 ## Development ##
 
-The development version is hosted on GitHub and just a simple git clone away. 
+The development version is hosted on GitHub and just a simple *git clone* away. 
 
 [![Build Status](https://travis-ci.org/ossec/ossec-hids.png?branch=master)](https://travis-ci.org/ossec/ossec-hids)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/1847/badge.svg)](https://scan.coverity.com/projects/1847)
@@ -32,7 +32,7 @@ $ (ossec_version="2.8.2" ; ossec_checksum="a0f403270f388fbc6a0a4fd46791b1371f559
 
 ```
 
-Then follow the prompts.  You should still Read the Documentation [here](http://ossec.github.io/docs/).
+Then follow the prompts.  You should still read the documentation [here](http://ossec.github.io/docs/).
 
 ## Credits and Thanks ##
 
@@ -42,9 +42,7 @@ Then follow the prompts.  You should still Read the Documentation [here](http://
   for use in the OpenSSL Toolkit (http://www.openssl.org/).
 * This product includes cryptographic software written by Eric 
   Young (eay@cryptsoft.com)
-* This product include software developed by the zlib project 
+* This product includes software developed by the zlib project 
   (Jean-loup Gailly and Mark Adler).
-* This product include software developed by the cJSON project 
+* This product includes software developed by the cJSON project 
   (Dave Gamble)
-
-
diff --git a/contrib/ossec-testing/tests/sshd.ini b/contrib/ossec-testing/tests/sshd.ini
@@ -87,6 +87,7 @@ decoder = sshd
 
 [ssh no matching key exchange]
 log 1 pass = Sep 16 05:46:56 junction sshd[1961]: fatal: Unable to negotiate with 108.229.36.174: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
+log 2 pass = Apr 18 21:27:08 web2 sshd[23484]: fatal: Unable to negotiate a key exchange method [preauth]
 
 rule = 5752
 alert = 2

diff --git a/etc/ossec-agent.conf b/etc/ossec-agent.conf
@@ -18,6 +18,7 @@
     <ignore>/etc/hosts.deny</ignore>
     <ignore>/etc/mail/statistics</ignore>
     <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
     <ignore>/etc/adjtime</ignore>
     <ignore>/etc/httpd/logs</ignore>
 

diff --git a/etc/ossec-local.conf b/etc/ossec-local.conf
@@ -89,6 +89,7 @@
     <ignore>/etc/hosts.deny</ignore>
     <ignore>/etc/mail/statistics</ignore>
     <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
     <ignore>/etc/adjtime</ignore>
     <ignore>/etc/httpd/logs</ignore>
 

diff --git a/etc/ossec-server.conf b/etc/ossec-server.conf
@@ -88,6 +88,7 @@
     <ignore>/etc/hosts.deny</ignore>
     <ignore>/etc/mail/statistics</ignore>
     <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
     <ignore>/etc/adjtime</ignore>
     <ignore>/etc/httpd/logs</ignore>
 

diff --git a/etc/ossec.conf b/etc/ossec.conf
@@ -47,6 +47,7 @@
     <ignore>/etc/hosts.deny</ignore>
     <ignore>/etc/mail/statistics</ignore>
     <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
     <ignore>/etc/adjtime</ignore>
     <ignore>/etc/httpd/logs</ignore>
 

diff --git a/etc/rules/sshd_rules.xml b/etc/rules/sshd_rules.xml
@@ -345,7 +345,7 @@
   <rule id="5750" level="0">
     <decoded_as>sshd</decoded_as>
     <if_sid>5700</if_sid>
-    <match>Unable to negotiate with </match>
+    <match>Unable to negotiate with |Unable to negotiate a key</match>
     <description>sshd could not negotiate with client.</description>
   </rule>
 
@@ -358,7 +358,7 @@
 
   <rule id="5752" level="2">
     <if_sid>5750</if_sid>
-    <match>no matching key exchange method found.</match>
+    <match>no matching key exchange method found.|Unable to negotiate a key exchange method</match>
     <description>Client did not offer an acceptable key exchange method.</description>
   </rule>