--- etc/ossec-server.conf 2007-06-14 19:23:06.000000000 -0400
+++ etc/ossec-server.conf.new 2007-06-14 19:23:46.000000000 -0400
@@ -3,29 +3,48 @@
<ossec_config>
<global>
<email_notification>yes</email_notification>
- <email_to>daniel.cid@xxx.com</email_to>
- <smtp_server>smtp.xxx.com.</smtp_server>
- <email_from>ossecm@ossec.xxx.com.</email_from>
+ <email_to>root@localhost</email_to>
+ <smtp_server>localhost</smtp_server>
+ <email_from>ossecm@localhost</email_from>
</global>
<rules>
<include>rules_config.xml</include>
+ <include>pam_rules.xml</include>
<include>sshd_rules.xml</include>
+ <include>telnetd_rules.xml</include>
<include>syslog_rules.xml</include>
+ <include>arpwatch_rules.xml</include>
+ <include>symantec-av_rules.xml</include>
<include>pix_rules.xml</include>
<include>named_rules.xml</include>
+ <include>smbd_rules.xml</include>
+ <include>vsftpd_rules.xml</include>
<include>pure-ftpd_rules.xml</include>
<include>proftpd_rules.xml</include>
+ <include>ms_ftpd_rules.xml</include>
+ <include>hordeimp_rules.xml</include>
+ <include>vpopmail_rules.xml</include>
<include>web_rules.xml</include>
<include>apache_rules.xml</include>
<include>ids_rules.xml</include>
<include>squid_rules.xml</include>
<include>firewall_rules.xml</include>
+ <include>netscreenfw_rules.xml</include>
<include>postfix_rules.xml</include>
<include>sendmail_rules.xml</include>
+ <include>imapd_rules.xml</include>
+ <include>mailscanner_rules.xml</include>
+ <include>ms-exchange_rules.xml</include>
+ <include>racoon_rules.xml</include>
+ <include>vpn_concentrator_rules.xml</include>
<include>spamd_rules.xml</include>
<include>msauth_rules.xml</include>
+ <!-- <include>policy_rules.xml</include> -->
<include>attack_rules.xml</include>
+ <include>local_rules.xml</include>
+ <include>ossec_rules.xml</include>
+ <include>asl_rules.xml</include>
</rules>
<syscheck>
@@ -38,11 +57,15 @@
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
+ <ignore>/etc/mnttab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
+ <ignore>/etc/utmpx</ignore>
+ <ignore>/etc/wtmpx</ignore>
+ <ignore>/etc/cups/certs</ignore>
</syscheck>
<rootcheck>
@@ -52,10 +75,6 @@
<global>
<white_list>127.0.0.1</white_list>
- <white_list>192.168.2.1</white_list>
- <white_list>192.168.2.190</white_list>
- <white_list>192.168.2.32</white_list>
- <white_list>192.168.2.10</white_list>
</global>
<remote>
@@ -122,31 +141,32 @@
<localfile>
<log_format>syslog</log_format>
- <location>/var/log/authlog</location>
+ <location>/var/log/secure</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
- <location>/var/log/secure</location>
+ <location>/var/log/maillog</location>
</localfile>
<localfile>
- <log_format>syslog</log_format>
- <location>/var/log/xferlog</location>
+ <log_format>apache</log_format>
+ <location>/var/log/httpd/error_log</location>
</localfile>
<localfile>
- <log_format>syslog</log_format>
- <location>/var/log/maillog</location>
+ <log_format>apache</log_format>
+ <location>/var/log/httpd/access_log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
- <location>/var/www/logs/access_log</location>
+ <location>/etc/httpd/logs/access_log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
- <location>/var/www/logs/error_log</location>
+ <location>/etc/httpd/logs/error_log</location>
</localfile>
+
</ossec_config>
