projects / ossec-hids.git / blob
? search:


668575622754b8501c5ab99cc008d9eca9232ce7
[ossec-hids.git] /
1 Index: ossec-hids-2.8.2/etc/ossec-server.conf
2 ===================================================================
3 --- ossec-hids-2.8.2.orig/etc/ossec-server.conf 2015-06-10 15:38:32.000000000 +0000
4 +++ ossec-hids-2.8.2/etc/ossec-server.conf      2015-07-12 18:46:24.995134760 +0000
5 @@ -2,10 +2,10 @@
6  
7  <ossec_config>
8    <global>
9 -    <email_notification>yes</email_notification>
10 -    <email_to>daniel.cid@example.com</email_to>
11 -    <smtp_server>smtp.example.com.</smtp_server>
12 -    <email_from>ossecm@ossec.example.com.</email_from>
13 +    <email_notification>no</email_notification>
14 +    <email_to>your_email_address@example.com</email_to>
15 +    <smtp_server>smtp.your_domain.com.</smtp_server>
16 +    <email_from>ossecm@ossec.your_domain.com.</email_from>
17    </global>
18  
19    <rules>
20 @@ -90,14 +90,11 @@
21    <rootcheck>
22      <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
23      <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
24 +    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
25    </rootcheck>
26  
27    <global>
28      <white_list>127.0.0.1</white_list>
29 -    <white_list>192.168.2.1</white_list>
30 -    <white_list>192.168.2.190</white_list>
31 -    <white_list>192.168.2.32</white_list>
32 -    <white_list>192.168.2.10</white_list>
33    </global>
34  
35    <remote>
36 @@ -138,6 +135,7 @@
37         - level (severity) >= 6.
38         - The IP is going to be blocked for  600 seconds.
39        -->
40 +    <disabled>yes</disabled>
41      <command>host-deny</command>
42      <location>local</location>
43      <level>6</level>
44 @@ -149,6 +147,7 @@
45         - 600 seconds on the firewall (iptables,
46         - ipfilter, etc).
47        -->
48 +    <disabled>yes</disabled>
49      <command>firewall-drop</command>
50      <location>local</location>
51      <level>6</level>
52 @@ -159,36 +158,41 @@
53  
54    <localfile>
55      <log_format>syslog</log_format>
56 -    <location>/var/log/messages</location>
57 +    <location>/var/log/syslog</location>
58    </localfile>
59  
60    <localfile>
61      <log_format>syslog</log_format>
62 -    <location>/var/log/authlog</location>
63 +    <location>/var/log/auth.log</location>
64    </localfile>
65  
66    <localfile>
67      <log_format>syslog</log_format>
68 -    <location>/var/log/secure</location>
69 +    <location>/var/log/dpkg.log</location>
70    </localfile>
71  
72    <localfile>
73      <log_format>syslog</log_format>
74 -    <location>/var/log/xferlog</location>
75 +    <location>/var/log/kern.log</location>
76    </localfile>
77  
78 +<!--
79 +
80    <localfile>
81      <log_format>syslog</log_format>
82 -    <location>/var/log/maillog</location>
83 +    <location>/var/log/mail.log</location>
84    </localfile>
85  
86    <localfile>
87      <log_format>apache</log_format>
88 -    <location>/var/www/logs/access_log</location>
89 +    <location>/var/log/apache2/access.log</location>
90    </localfile>
91  
92    <localfile>
93      <log_format>apache</log_format>
94 -    <location>/var/www/logs/error_log</location>
95 +    <location>/var/log/apache2/error.log</location>
96    </localfile>
97 +
98 +-->
99 +
100  </ossec_config>
ossec-hids