X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=etc%2Fossec-server.conf;fp=etc%2Fossec-server.conf;h=fe594942ff6de7cea27160dc182f07a39902ad4f;hp=1a4998c982b2006ee19932b301aa86130456fd22;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/etc/ossec-server.conf b/etc/ossec-server.conf
old mode 100755
new mode 100644
index 1a4998c..fe59494
--- a/etc/ossec-server.conf
+++ b/etc/ossec-server.conf
@@ -3,9 +3,9 @@
 <ossec_config>
   <global>
     <email_notification>yes</email_notification>
-    <email_to>daniel.cid@xxx.com</email_to>
-    <smtp_server>smtp.xxx.com.</smtp_server>
-    <email_from>ossecm@ossec.xxx.com.</email_from>
+    <email_to>daniel.cid@example.com</email_to>
+    <smtp_server>smtp.example.com.</smtp_server>
+    <email_from>ossecm@ossec.example.com.</email_from>
   </global>
 
   <rules>
@@ -42,6 +42,7 @@
     <include>ids_rules.xml</include>
     <include>squid_rules.xml</include>
     <include>firewall_rules.xml</include>
+    <include>apparmor_rules.xml</include>
     <include>cisco-ios_rules.xml</include>
     <include>netscreenfw_rules.xml</include>
     <include>sonicwall_rules.xml</include>
@@ -66,6 +67,13 @@
     <include>asterisk_rules.xml</include>
     <include>ossec_rules.xml</include>
     <include>attack_rules.xml</include>
+    <include>dropbear_rules.xml</include>
+    <include>unbound_rules.xml</include>
+    <include>sysmon_rules.xml</include>
+    <include>opensmtpd_rules.xml</include>
+    <include>exim_rules.xml</include>
+    <include>openbsd-dhcpd_rules.xml</include>
+    <include>dnsmasq_rules.xml</include>
     <include>local_rules.xml</include>
   </rules>
 
@@ -76,15 +84,19 @@
     
     <!-- Directories to check  (perform all possible verifications) -->
     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
-    <directories check_all="yes">/bin,/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
 
     <!-- Files/directories to ignore -->
     <ignore>/etc/mtab</ignore>
     <ignore>/etc/hosts.deny</ignore>
     <ignore>/etc/mail/statistics</ignore>
     <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
     <ignore>/etc/adjtime</ignore>
     <ignore>/etc/httpd/logs</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
   </syscheck>
 
   <rootcheck>
@@ -94,6 +106,7 @@
 
   <global>
     <white_list>127.0.0.1</white_list>
+    <white_list>::1</white_list>
     <white_list>192.168.2.1</white_list>
     <white_list>192.168.2.190</white_list>
     <white_list>192.168.2.32</white_list>
@@ -140,7 +153,7 @@
       -->
     <command>host-deny</command>
     <location>local</location>
-    <level>6</level>
+    <level>7</level>
     <timeout>600</timeout>
   </active-response>
 
@@ -151,7 +164,7 @@
       -->
     <command>firewall-drop</command>
     <location>local</location>
-    <level>6</level>
+    <level>7</level>
     <timeout>600</timeout>    
   </active-response>  
 
@@ -191,4 +204,10 @@
     <log_format>apache</log_format>
     <location>/var/www/logs/error_log</location>
   </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/exim_mainlog</location>
+  </localfile>
+
 </ossec_config>