[prev in list] [next in list] [prev in thread] [next in thread]
List: os-sim-commits
Subject: [Os-sim-commits] web news.php,1.97,1.98 home.php,1.19,1.20 vmware.php,1.1,1.2 developers.php,1.35,1.
From: Dominique Karg <dkarg () users ! sourceforge ! net>
Date: 2006-05-31 17:04:49
Message-ID: E1FlU88-0007JG-1E () mail ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/os-sim/web
In directory sc8-pr-cvs3.sourceforge.net:/tmp/cvs-serv26291
Modified Files:
news.php home.php vmware.php developers.php
Log Message:
0.9.9rc1
Index: vmware.php
===================================================================
RCS file: /cvsroot/os-sim/web/vmware.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- vmware.php 30 May 2006 11:09:24 -0000 1.1
+++ vmware.php 31 May 2006 17:04:47 -0000 1.2
@@ -1,6 +1,11 @@
+<!DOCTYPE html
+ PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
-<link rel="stylesheet" href="style.css"/>
+ <title> OSSIM (Open Source Security Information Management) </title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
+ <link rel="stylesheet" href="style.css"/>
</head>
<body>
@@ -11,23 +16,29 @@
<img src="pixmaps/logo-hdr.png" alt="OSSIM" /></a>
</div>
+
<?php
require_once ('php/common.inc');
sidebar();
navi("vmware");
?>
+
<div id="body">
-<hr noshade>
+<h1> VMOSSIM - Virtualized Security Information Management </h1>
+
+<br/><hr noshade>
<p>
-You can download the image via Bittorrent from our <a \
href="http://www.ossim.net:8080/"> local tracker </a>.
-</p><p>Please refer to the <a href="http://www.bittorrent.com/"> Official BitTorrent \
site</a> from more information and clients. +You can download the image using \
Bittorrent from our <a href="http://www.ossim.net:8080/"> local tracker </a>. \
+</p><p>Please refer to the <a href="http://www.bittorrent.com/"> Official BitTorrent \
site</a> for more information and clients. +</p>
+<p>
+Bandwith available here is limited to 1MB, please help out seeding to others.
</p>
<hr noshade>
<br/>
-<center><h2> VMOSSIM - Virtualized Security Information Management </h2></center>
<p>
<h3> Introduction </h3>
</p>
Index: developers.php
===================================================================
RCS file: /cvsroot/os-sim/web/developers.php,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- developers.php 17 Apr 2006 20:09:50 -0000 1.35
+++ developers.php 31 May 2006 17:04:47 -0000 1.36
@@ -73,6 +73,12 @@
<b>Ignacio Herrero</b>
<<a href="mailto:igherrero ipsoluciones.com">igherrero \
ipsoluciones.com</a>><br/> </p>
+ <p>
+ <b>Miguel Angel Curiel</b>
+ <<a href="mailto:macuriel ossim.net">macuriel ossim.net</a>><br/>
+ </p>
+
+
<br/><a name="translators"></a>
<h1>Translators</h1>
Index: home.php
===================================================================
RCS file: /cvsroot/os-sim/web/home.php,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- home.php 1 Mar 2006 09:53:11 -0000 1.19
+++ home.php 31 May 2006 17:04:47 -0000 1.20
@@ -8,44 +8,6 @@
<meta name="description" content="OSSIM aims to unify network monitoring, \
security, correlation and qualification in one single tool. Using Snort, Acid, Mrtg, \
NTOP, OpenNMS, nmap, nessus and rrdtool we want the user to have full control over \
every network or security aspect."/> <meta name="keywords" \
content="ossim,os-sim,snort,spade,correlation,qualification,nessus,nmap,opensource,event,IDS,opennms,sensors,ntop,agent,security,risk,network"/>
<link rel="stylesheet" href="style.css"/>
-
- <map name="components" id="componentes">
- <area shape="rect" coords="115,45 377,71" href="whatis.php#control_panel"
- alt="Control Panel" title="Control Panel"/>
- <area shape="rect" coords="115,77 242,101" href="whatis.php#forensics_console"
- alt="Forensics Console" title="Forensics Console"/>
- <area shape="rect" coords="250,75 377,101" href="whatis.php#riskmeter"
- alt="Riskmeter" title="Riskmeter"/>
- <area shape="rect" coords="179,167 489,191" href="whatis.php#risk_assesment"
- alt="Risk Assesment" title="Risk Assesment"/>
- <area shape="rect" coords="179,205 322,230" href="whatis.php#correlation"
- alt="Correlation" title="Correlation"/>
- <area shape="rect" coords="348,212 490,239" href="whatis.php#inventory"
- alt="Inventory" title="Inventory"/>
- <area shape="rect" coords="11,169 152,195" href="whatis.php#monitor"
- alt="Transaction" title="Transaction"/>
- <area shape="rect" coords="11,216 153,244" href="whatis.php#monitor"
- alt="Service Monitor" title="Service Monitor"/>
- <area shape="rect" coords="10,269 153,296" href="whatis.php#monitor"
- alt="Session Monitor" title="Session Monitor"/>
- <area shape="rect" coords="10,325 152,350" href="whatis.php#monitor"
- alt="Usage Monitor" title="Usage Monitor"/>
- <area shape="rect" coords="179,245 322,271" href="whatis.php#prioritization"
- alt="Prioritization" title="Prioritization"/>
- <area shape="rect" coords="179,285 321,312" href="whatis.php#anomaly_detection"
- alt="Anomaly Detection" title="Anomaly Detection"/>
- <area shape="rect" coords="179,325 323,349" href="whatis.php#pattern_match"
- alt="Pattern Match." title="Pattern Match."/>
- <area shape="rect" coords="347,269 490,295" href="whatis.php#sys_audit"
- alt="Sys. Audit." title="Sys. Audit."/>
- <area shape="rect" coords="348,325 491,353" href="whatis.php#net_audit"
- alt="Net Audit" title="Net Audit."/>
- <area shape="rect" coords="74,397 337,422" href="whatis.php#normalization"
- alt="Normalization" title="Normalization"/>
- <area shape="rect" coords="75,426 338,449" href="whatis.php#normalization"
- alt="Data Gathering" title="Data Gathering"/>
- </map>
-
</head>
<body>
@@ -56,98 +18,79 @@
<img src="pixmaps/logo-hdr.png" alt="OSSIM" /></a>
</div>
-
<?php
require_once ('php/common.inc');
sidebar();
navi("home");
?>
+
<div id="body">
+<center>
+<a href="/news.php"> Skip over to the news section, last update: </a>
+<?php
+$filename = "news.php";
+if (file_exists($filename)) {
+ echo date ("F d Y", filemtime($filename));
+}
+?><br/>
+Latest version is: <b>0.9.9rc1</b>
+</center>
- <h1>Summary</h1>
- <p>OSSIM aims to unify network monitoring, security, correlation and
- qualification in one single tool. Using Snort, Acid, Mrtg, NTOP,
- OpenNMS, nmap, nessus and rrdtool we want the user to have full control over
- every network or security aspect.</p>
+ <br/><br/><h1>New to ossim ? Read on </h1>
+Ossim stands for <i>Open Source Security Information Management</i>. Its goal is to \
provide a comprehensive compilation of tools which, when working together, grant a \
network/security administrator with detailed view over each and every aspect of his \
networks/hosts/physical access devices/server/etc...<br/> +Besides getting the best \
out of well known open source tools, some of which are quickly described below these \
lines, ossim provides a strong correlation engine, detailed low, mid and high level \
visualization interfaces as well as reporting and incident managing tools, working on \
a set of defined assets such as hosts, networks, groups and services. +<br/>
+<a href="images/panel.png"><img src="images/panel-thumb.png" border="10" \
align="right"></a> +<br/>
+All this information can be limited by network or sensor in order to provide just \
the needed information to specific users allowing for a fine grained multi-user \
security environment. +Also, the ability to act as an IPS (Intrusion Prevention \
System) based on correlated information from virtually any source result in a useful \
addition to any security professional.
- <p>Here you can read a full description of OSSIM [ <a
- href="docs/OSSIM-desc-en.pdf">pdf <img src="pixmaps/pdf.gif" alt="pdf"/></a> ]</p>
+<br/><br/><h1> Components </h1>
- <br/><h1>Components</h1>
- <p>OSSIM is divided in 5 subsystems as represented in the following graph:
- </p>
- <p><img src="images/components-1.jpg" alt="components"
- usemap="#components"/></p>
- <p class="foot"><i>you can click on the components to see their
- description</i></p><br/>
- <ul>
- <li><a
- href="http://www.computersecurityonline.com/spade/">Spade</a>:
- network anomaly detection</li>
- <li><a href="http://www.snort.org/">Snort</a>: pattern matching intrusion
- detection system</li>
- <li><a href="http://acidlab.sourceforge.net/">Acid</a>: log viewer (Event
- Database)</li>
- <li><a href="http://www.ntop.org/">Ntop</a>: network use monitor</li>
- <li><a href="http://www.opennms.org">OpenNMS</a>: Service availability
- monitoring</li>
- <li><a href="http://www.mrtg.org/">Mrtg</a>: graphing</li>
- <li><a href="http://www.mysql.com/">Mysql</a> and <a
- href="http://www.postgresql.org/">PostgreSQL</a>: data storage</li>
- <li><a
- href="http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/">RRDtool</a>:
- Round robin data storage</li>
- <li><a href="http://www.nessus.org">Nessus</a>: vulnerability assesment</li>
- <li><a href="http://www.nmap.org/">Nmap</a>: Network discovery</li>
- <li>More to come...</li>
- </ul>
+Ossim features the following software components:
+<ul>
+<li> Arpwatch, used for mac anomaly detection.
+<li> P0f, used for passive OS detection and os change analisys.
+<li> Pads, used for service anomaly detection.
+<li> Nessus, used for vulnerability assessment and for cross correlation (IDS vs \
Security Scanner). +<li> Snort, the IDS, also used for cross correlation with nessus.
+<li> Spade, the statistical packet anomaly detection engine. Used to gain knowledge \
about attacks without signature. +<li> Tcptrack, used for session data information \
which can grant useful information for attack correlation. +<li> Ntop, which builds \
an impressive network information database from which we can get aberrant behaviour \
anomaly detection. +<li> Nagios. Being fed from the host asset database it monitors \
host and service availability information. +<li> Osiris, a great HIDS.
+</ul>
- <br/><h1>About OSSIM</h1>
- <p>Our goal is to obtain a working SIM (Security Infrastructure Monitor)
- able to integrate, qualify and correlate both high level and low level
- security and network events which is capable to compete with commercial
- products recently appearing on the security market.</p>
- <p>Integrate multiple opensource security/network monitoring products to
- obtain three network/host visibility levels:</p>
- <ul>
- <li>Low level log/alert/anomaly information</li>
- <li>Mid level network risk level information</li>
- <li>High level decision support information</li>
- </ul>
+To this we add a bunch of self developed tools, the most important being a generic \
correlation engine with logical directive support.
+Finally we take any other device you might have on your network which could contain \
useful data which, when fed to the system, could allow for a better undestanding of \
what's going on on your network.
- <br/><h1>Development languages</h1>
- <ul>
- <li>C</li>
- <li>Perl</li>
- <li>Python</li>
- <li>PHP</li>
- <li>Java</li>
- </ul>
+<br/><br/><h1> Profiles </h1>
- <br/><h1>Supported platforms</h1>
- <ul>
- <li>Linux</li>
- <li>Limited functionality on: *BSD, Solaris, MacosX</li>
- </ul>
+Usually a typical ossim deployment consists of:
+<ul>
+<li> A database host.
+<li> A server which hosts the correlation, qualification and risk assesment engine.
+<li> <i>N</i> agent hosts which do information collection tasks from a number of \
devices. For a list of plugins please refer to: <a \
href="http://www.ossim.net/dokuwiki/doku.php?id=roadmap:plugins">http://www.ossim.net/dokuwiki/doku.php?id=roadmap:plugins</a>
+<li> A control daemon which does some maintenance work and ties some parts \
together. It's called frameworkd. +<li> The frontend is web based, unifying all the \
gathered information and providing the ability to control each of the components. \
+</ul> +<center>
+<a href="images/arch.png"><img src="images/arch-thumb.png"></a>
+</center>
- <br/><h1>Conclusion</h1>
- <p>Using the above described systems and programming languages our goal is
- to get the most information out of every tool with the following objectives
- in mind:</p>
- <ul>
- <li>Event correlation</li>
- <li>Event qualification</li>
- <li>Network anomaly detection</li>
- <li>Qualified intrusion detection</li>
- <li>Network availability information</li>
- </ul>
+<br/><br/><h1> What to do next ? </h1>
- </div>
+<ul>
+<li> Have a look at the <a href="screenshots.php"> screenshots</a>. They're a good \
reference on how ossim looks like. +<li> Check our <a href="news.php"> news section \
</a> so you can see what's going on lately with ossim. +<li> For a more detailed \
description you might want to check the <a href="whatis.php"> whatis page</a>. +<li> \
Get additionalyy in-depth documentation from the <a href="docs.php"> documents \
section</a>. +<li> Have a look at the provided <a href="vmware.php"> VMWare image</a> \
and try it out by yourself ! +</ul>
-
+</div>
</body>
</html>
-
Index: news.php
===================================================================
RCS file: /cvsroot/os-sim/web/news.php,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -d -r1.97 -r1.98
--- news.php 30 May 2006 11:09:24 -0000 1.97
+++ news.php 31 May 2006 17:04:47 -0000 1.98
@@ -27,7 +27,41 @@
<div id="body">
- <a name="51"></a>
+ <a name="52"></a>
+ <h1>31/05/2006 - 0.9.9rc1 released</h1>
+ <img class="icon" src="pixmaps/release.png" alt="release"/>
+ <p>
+We're proud to announce the availability of ossim 0.9.9rc1 after more than a year \
since last release. Our intention is to shorten this release period again providing a \
couple more release candidates during June / July and publishing the final 0.9.9 \
around mid-July. +<br/>
+After that we'll move into 1.0-pre images aiming at a 1.0 release around 2nd quarter \
2007. +<br/><br/>
+This release features too many exciting enhancements to resume them here so we \
recommend checking out <a href="http://www.ossim.net/news.php#51">the next news \
entry</a> for a short list. +<br/><br/>
+As a side note and in order to make the first impression of ossim easier to everyone \
we're publishing a 235MB fully configured vmware image. Please refer to <a \
href="http://www.ossim.net/vmware.php">VMWare</a> for more information. +<br/>
+Besides this image we've released source code and debian versions. RPM packages for \
all the major rpm platforms will follow soon. +<br/><br/>
+Many many thanks to everyone who submitted documents, code, plugins, etc... some are \
mentioned on the thanks page, obviously many are missing too but we would like to \
give a special mention to, in no particular order: +<ul>
+<li> Dmitri Belotchkine
+<li> Igor Indyk
+<li> Scott Shinn
+<li> Johan Hybinette
+<li> Eliseo Ortiz Valdez
+<li> Matteo Perazzo
+<li> Joêl Winteregg
+<li> Kevin Milne
+</ul>
+ </p>
+<p>
+Finally we would like to send our best wishes to Julio who's been having a hard time \
lately. All the best Julio. +</p>
+<p>
+The ossim team.
+</p>
+
+
+ <a name="51"></a><br/>
<h1>28/05/2006 - 0.9.9rc1 changelog excerpt</h1>
<img class="icon" src="pixmaps/info.png" alt="release"/>
<p>
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Os-sim-commits mailing list
Os-sim-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic