<ossec_config>
<global>
<email_notification>yes</email_notification>
- <email_to>daniel.cid@xxx.com</email_to>
- <smtp_server>smtp.xxx.com.</smtp_server>
- <email_from>ossecm@ossec.xxx.com.</email_from>
+ <email_to>daniel.cid@example.com</email_to>
+ <smtp_server>smtp.example.com.</smtp_server>
+ <email_from>ossecm@ossec.example.com.</email_from>
</global>
<rules>
<include>vmpop3d_rules.xml</include>
<include>courier_rules.xml</include>
<include>web_rules.xml</include>
+ <include>web_appsec_rules.xml</include>
<include>apache_rules.xml</include>
<include>nginx_rules.xml</include>
<include>php_rules.xml</include>
<include>ids_rules.xml</include>
<include>squid_rules.xml</include>
<include>firewall_rules.xml</include>
+ <include>apparmor_rules.xml</include>
<include>cisco-ios_rules.xml</include>
<include>netscreenfw_rules.xml</include>
<include>sonicwall_rules.xml</include>
<include>asterisk_rules.xml</include>
<include>ossec_rules.xml</include>
<include>attack_rules.xml</include>
+ <include>systemd_rules.xml</include>
+ <include>firewalld_rules.xml</include>
+ <include>dropbear_rules.xml</include>
+ <include>unbound_rules.xml</include>
+ <include>sysmon_rules.xml</include>
+ <include>opensmtpd_rules.xml</include>
+ <include>exim_rules.xml</include>
+ <include>openbsd-dhcpd_rules.xml</include>
+ <include>dnsmasq_rules.xml</include>
<include>local_rules.xml</include>
</rules>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
- <directories check_all="yes">/bin,/sbin</directories>
+ <directories check_all="yes">/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
+
+ <!-- Check the file, but never compute the diff -->
+ <nodiff>/etc/ssl/private.key</nodiff>
</syscheck>
<rootcheck>
-->
<command>host-deny</command>
<location>local</location>
- <level>6</level>
+ <level>7</level>
<timeout>600</timeout>
</active-response>
-->
<command>firewall-drop</command>
<location>local</location>
- <level>6</level>
+ <level>7</level>
<timeout>600</timeout>
</active-response>