+++ /dev/null
-<!-- OSSEC example config -->
-
-<ossec_config>
- <client>
- <server-ip>192.168.10.100</server-ip>
- </client>
-
- <syscheck>
- <!-- Frequency that syscheck is executed (default every 2 hours) -->
- <frequency>7200</frequency>
-
- <!-- Directories to check (perform all possible verifications) -->
- <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
- <directories check_all="yes">/bin,/sbin,/boot</directories>
-
- <!-- Files/directories to ignore -->
- <ignore>/etc/mtab</ignore>
- <ignore>/etc/hosts.deny</ignore>
- <ignore>/etc/mail/statistics</ignore>
- <ignore>/etc/random-seed</ignore>
- <ignore>/etc/random.seed</ignore>
- <ignore>/etc/adjtime</ignore>
- <ignore>/etc/httpd/logs</ignore>
-
- <!-- Check the file, but never compute the diff -->
- <nodiff>/etc/ssl/private.key</nodiff>
- </syscheck>
-
- <rootcheck>
- <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
- <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
- </rootcheck>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/messages</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/authlog</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/secure</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/xferlog</location>
- </localfile>
-
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/maillog</location>
- </localfile>
-
- <localfile>
- <log_format>apache</log_format>
- <location>/var/www/logs/access_log</location>
- </localfile>
-
- <localfile>
- <log_format>apache</log_format>
- <location>/var/www/logs/error_log</location>
- </localfile>
-</ossec_config>