debian/ossec-hids/usr/share/doc/ossec-hids/contrib/debian-packages/ossec-hids/debian/patches/02_ossec-server.conf.patch

   1 Index: ossec-hids-2.8.2/etc/ossec-server.conf
   2 ===================================================================
   3 --- ossec-hids-2.8.2.orig/etc/ossec-server.conf 2015-06-10 15:38:32.000000000 +0000
   4 +++ ossec-hids-2.8.2/etc/ossec-server.conf      2015-07-12 18:46:24.995134760 +0000
   5 @@ -2,10 +2,10 @@
   6
   7  <ossec_config>
   8    <global>
   9 -    <email_notification>yes</email_notification>
  10 -    <email_to>daniel.cid@example.com</email_to>
  11 -    <smtp_server>smtp.example.com.</smtp_server>
  12 -    <email_from>ossecm@ossec.example.com.</email_from>
  13 +    <email_notification>no</email_notification>
  14 +    <email_to>your_email_address@example.com</email_to>
  15 +    <smtp_server>smtp.your_domain.com.</smtp_server>
  16 +    <email_from>ossecm@ossec.your_domain.com.</email_from>
  17    </global>
  18
  19    <rules>
  20 @@ -90,14 +90,11 @@
  21    <rootcheck>
  22      <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
  23      <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
  24 +    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
  25    </rootcheck>
  26
  27    <global>
  28      <white_list>127.0.0.1</white_list>
  29 -    <white_list>192.168.2.1</white_list>
  30 -    <white_list>192.168.2.190</white_list>
  31 -    <white_list>192.168.2.32</white_list>
  32 -    <white_list>192.168.2.10</white_list>
  33    </global>
  34
  35    <remote>
  36 @@ -138,6 +135,7 @@
  37         - level (severity) >= 6.
  38         - The IP is going to be blocked for  600 seconds.
  39        -->
  40 +    <disabled>yes</disabled>
  41      <command>host-deny</command>
  42      <location>local</location>
  43      <level>6</level>
  44 @@ -149,6 +147,7 @@
  45         - 600 seconds on the firewall (iptables,
  46         - ipfilter, etc).
  47        -->
  48 +    <disabled>yes</disabled>
  49      <command>firewall-drop</command>
  50      <location>local</location>
  51      <level>6</level>
  52 @@ -159,36 +158,41 @@
  53
  54    <localfile>
  55      <log_format>syslog</log_format>
  56 -    <location>/var/log/messages</location>
  57 +    <location>/var/log/syslog</location>
  58    </localfile>
  59
  60    <localfile>
  61      <log_format>syslog</log_format>
  62 -    <location>/var/log/authlog</location>
  63 +    <location>/var/log/auth.log</location>
  64    </localfile>
  65
  66    <localfile>
  67      <log_format>syslog</log_format>
  68 -    <location>/var/log/secure</location>
  69 +    <location>/var/log/dpkg.log</location>
  70    </localfile>
  71
  72    <localfile>
  73      <log_format>syslog</log_format>
  74 -    <location>/var/log/xferlog</location>
  75 +    <location>/var/log/kern.log</location>
  76    </localfile>
  77
  78 +<!--
  79 +
  80    <localfile>
  81      <log_format>syslog</log_format>
  82 -    <location>/var/log/maillog</location>
  83 +    <location>/var/log/mail.log</location>
  84    </localfile>
  85
  86    <localfile>
  87      <log_format>apache</log_format>
  88 -    <location>/var/www/logs/access_log</location>
  89 +    <location>/var/log/apache2/access.log</location>
  90    </localfile>
  91
  92    <localfile>
  93      <log_format>apache</log_format>
  94 -    <location>/var/www/logs/error_log</location>
  95 +    <location>/var/log/apache2/error.log</location>
  96    </localfile>
  97 +
  98 +-->
  99 +
 100  </ossec_config>