X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=etc%2Fossec-local.conf;h=50bd4a2385316aa4fdeda2ab12a22de4cf3f125f;hb=HEAD;hp=1816a69e519ec228649d175cf0d9576bbb382e56;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git

diff --git a/etc/ossec-local.conf b/etc/ossec-local.conf
old mode 100755
new mode 100644
index 1816a69..50bd4a2
--- a/etc/ossec-local.conf
+++ b/etc/ossec-local.conf
@@ -3,46 +3,101 @@
 <ossec_config>
   <global>
     <email_notification>yes</email_notification>
-    <email_to>daniel.cid@xxx.com</email_to>
-    <smtp_server>smtp.xxx.com.</smtp_server>
-    <email_from>ossecm@ossec.xxx.com.</email_from>
+    <email_to>daniel.cid@example.com</email_to>
+    <smtp_server>smtp.example.com.</smtp_server>
+    <email_from>ossecm@ossec.example.com.</email_from>
   </global>
 
   <rules>
     <include>rules_config.xml</include>
+    <include>pam_rules.xml</include>
     <include>sshd_rules.xml</include>
+    <include>telnetd_rules.xml</include>
     <include>syslog_rules.xml</include>
+    <include>arpwatch_rules.xml</include>
+    <include>symantec-av_rules.xml</include>
+    <include>symantec-ws_rules.xml</include>
     <include>pix_rules.xml</include>
     <include>named_rules.xml</include>
+    <include>smbd_rules.xml</include>
+    <include>vsftpd_rules.xml</include>
     <include>pure-ftpd_rules.xml</include>
     <include>proftpd_rules.xml</include>
+    <include>ms_ftpd_rules.xml</include>
+    <include>ftpd_rules.xml</include>
+    <include>hordeimp_rules.xml</include>
+    <include>roundcube_rules.xml</include>
+    <include>wordpress_rules.xml</include>
+    <include>cimserver_rules.xml</include>
+    <include>vpopmail_rules.xml</include>
+    <include>vmpop3d_rules.xml</include>
+    <include>courier_rules.xml</include>
     <include>web_rules.xml</include>
+    <include>web_appsec_rules.xml</include>
     <include>apache_rules.xml</include>
+    <include>nginx_rules.xml</include>
+    <include>php_rules.xml</include>
+    <include>mysql_rules.xml</include>
+    <include>postgresql_rules.xml</include>
     <include>ids_rules.xml</include>
     <include>squid_rules.xml</include>
     <include>firewall_rules.xml</include>
+    <include>apparmor_rules.xml</include>
+    <include>cisco-ios_rules.xml</include>
+    <include>netscreenfw_rules.xml</include>
+    <include>sonicwall_rules.xml</include>
     <include>postfix_rules.xml</include>
     <include>sendmail_rules.xml</include>
+    <include>imapd_rules.xml</include>
+    <include>mailscanner_rules.xml</include>
+    <include>dovecot_rules.xml</include>
+    <include>ms-exchange_rules.xml</include>
+    <include>racoon_rules.xml</include>
+    <include>vpn_concentrator_rules.xml</include>
     <include>spamd_rules.xml</include>
     <include>msauth_rules.xml</include>
+    <include>mcafee_av_rules.xml</include>
+    <include>trend-osce_rules.xml</include>
+    <include>ms-se_rules.xml</include>
+    <!-- <include>policy_rules.xml</include> -->
+    <include>zeus_rules.xml</include>
+    <include>solaris_bsm_rules.xml</include>
+    <include>vmware_rules.xml</include>
+    <include>ms_dhcp_rules.xml</include>
+    <include>asterisk_rules.xml</include>
+    <include>ossec_rules.xml</include>
     <include>attack_rules.xml</include>
-  </rules>  
+    <include>systemd_rules.xml</include>
+    <include>firewalld_rules.xml</include>
+    <include>dropbear_rules.xml</include>
+    <include>unbound_rules.xml</include>
+    <include>sysmon_rules.xml</include>
+    <include>opensmtpd_rules.xml</include>
+    <include>exim_rules.xml</include>
+    <include>openbsd-dhcpd_rules.xml</include>
+    <include>dnsmasq_rules.xml</include>
+    <include>local_rules.xml</include>
+  </rules>
 
   <syscheck>
-    <!-- Frequency that syscheck is executed -- default every 2 hours -->
-    <frequency>7200</frequency>
+    <!-- Frequency that syscheck is executed -- default every 20 hours -->
+    <frequency>17200</frequency>
     
     <!-- Directories to check  (perform all possible verifications) -->
     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
-    <directories check_all="yes">/bin,/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
 
     <!-- Files/directories to ignore -->
     <ignore>/etc/mtab</ignore>
     <ignore>/etc/hosts.deny</ignore>
     <ignore>/etc/mail/statistics</ignore>
     <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
     <ignore>/etc/adjtime</ignore>
     <ignore>/etc/httpd/logs</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
   </syscheck>
 
   <rootcheck>
@@ -94,7 +149,7 @@
       -->
     <command>host-deny</command>
     <location>local</location>
-    <level>6</level>
+    <level>7</level>
     <timeout>600</timeout>
   </active-response>
 
@@ -105,7 +160,7 @@
       -->
     <command>firewall-drop</command>
     <location>local</location>
-    <level>6</level>
+    <level>7</level>
     <timeout>600</timeout>    
   </active-response>