<ossec_config>
<global>
<email_notification>yes</email_notification>
- <email_to>daniel.cid@xxx.com</email_to>
- <smtp_server>smtp.xxx.com.</smtp_server>
- <email_from>ossecm@ossec.xxx.com.</email_from>
- <picviz_output>no</picviz_output>
+ <email_to>daniel.cid@example.com</email_to>
+ <smtp_server>localhost</smtp_server>
+ <email_from>ossecm@ossec.example.com.</email_from>
+ <!-- <email_reply_to>replyto@ossec.example.com.</email_reply_to> -->
</global>
<rules>
<include>spamd_rules.xml</include>
<include>msauth_rules.xml</include>
<include>attack_rules.xml</include>
+ <include>dropbear_rules.xml</include>
+ <include>sysmon_rules.xml</include>
+ <include>opensmtpd_rules.xml</include>
+ <include>openbsd-dhcpd_rules.xml</include>
+ <include>nsd_rules.xml</include>
</rules>
<syscheck>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
- <directories check_all="yes">/bin,/sbin</directories>
+ <directories check_all="yes">/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
+
+ <!-- Check the file, but never compute the diff -->
+ <nodiff>/etc/ssl/private.key</nodiff>
</syscheck>
<rootcheck>
<global>
<white_list>127.0.0.1</white_list>
+ <white_list>::1</white_list>
<white_list>192.168.2.1</white_list>
<white_list>192.168.2.190</white_list>
<white_list>192.168.2.32</white_list>