Remember OSSEC 101? It's still alive. Really. I promise! You can see the current version here.
It seems like every time I try to work on it I start wondering if it should be OSSEC by Example instead of OSSEC 101. I'm not a huge fan of how-to type documents, but maybe scenario based documentation could work.
Changing from the current plan to scenario based documentation would mean throwing out everything I've done so far, and I don't think that's worth it (if it is, let me know!). But can I add scenarios to the current documentation without overly complicating things? Could these scenarios be both useful and generic enough that they won't need to be updated every week? If the documentation is difficult to keep up to date, then it won't be kept up to date.
I plan on adding scenarios for every FAQ entry that's appropriate. I have a few other scenario ideas, but my OSSEC experience is limited. Because of this I need help from the OSSEC community. I want scenarios. I want to know what people are doing with OSSEC that should be documented in this fashion.
So your homework: Give me scenarios. Look over the OSSEC 101 documentation that' s currently there, and give me feedback. If you don't understand something, let me know.
Also, I want to put some information in OSSEC 101 about GUI front ends that people are using. I also don't want to install and use all of the available front ends. At some point in the future I may be looking for information, screen shots, gotchas, etc. for the various GUIs. Be prepared to contribute.
First attempt at a scenario: ossec-authd. Let me know what you all think!