70 lines
2.0 KiB
Plaintext
Executable File
70 lines
2.0 KiB
Plaintext
Executable File
<!-- OSSEC example config -->
|
|
|
|
<ossec_config>
|
|
<client>
|
|
<server-ip>192.168.0.10</server-ip>
|
|
</client>
|
|
<global>
|
|
<email_notification>yes</email_notification>
|
|
<email_to>root@localhost</email_to>
|
|
<smtp_server>127.0.0.1</smtp_server>
|
|
<email_from>ossecm@localhost</email_from>
|
|
</global>
|
|
<syscheck>
|
|
<!-- Frequency that syscheck is executed (default every 2 hours) -->
|
|
<frequency>79200</frequency>
|
|
<alert_new_files>yes</alert_new_files>
|
|
<!-- Directories to check (perform all possible verifications) -->
|
|
<directories report_changes="yes" realtime="yes" check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
|
|
<directories report_changes="yes" realtime="yes" check_all="yes">/bin,/sbin,/boot</directories>
|
|
|
|
<!-- Files/directories to ignore -->
|
|
<ignore>/etc/mtab</ignore>
|
|
<ignore>/etc/hosts.deny</ignore>
|
|
<ignore>/etc/mail/statistics</ignore>
|
|
<ignore>/etc/random-seed</ignore>
|
|
<ignore>/etc/random.seed</ignore>
|
|
<ignore>/etc/adjtime</ignore>
|
|
<ignore>/etc/httpd/logs</ignore>
|
|
|
|
<!-- Check the file, but never compute the diff -->
|
|
<nodiff>/etc/ssl/private.key</nodiff>
|
|
</syscheck>
|
|
|
|
<rootcheck>
|
|
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
|
|
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
|
|
</rootcheck>
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
<location>/var/log/messages</location>
|
|
</localfile>
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
<location>/var/log/authlog</location>
|
|
</localfile>
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
<location>/var/log/auth.log</location>
|
|
</localfile>
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
<location>/var/log/secure</location>
|
|
</localfile>
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
<location>/var/log/xferlog</location>
|
|
</localfile>
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
<location>/var/log/maillog</location>
|
|
</localfile>
|
|
|
|
</ossec_config>
|