Wazuh manager: control more syscheck options.
This commit is contained in:
Miguelangel Freitas
parent
9bdf32ba2a
commit
3ef34f1c28
@ -7,8 +7,30 @@ wazuh_manager_config:
|
|||||||
- admin@example.net
|
- admin@example.net
|
||||||
mail_smtp_server: localhost
|
mail_smtp_server: localhost
|
||||||
mail_from: wazuh-server@example.com
|
mail_from: wazuh-server@example.com
|
||||||
frequency_check: 43200
|
syscheck:
|
||||||
syscheck_scan_on_start: 'yes'
|
frequency: 43200
|
||||||
|
scan_on_start: 'yes'
|
||||||
|
ignore:
|
||||||
|
- /etc/mtab
|
||||||
|
- /etc/mnttab
|
||||||
|
- /etc/hosts.deny
|
||||||
|
- /etc/mail/statistics
|
||||||
|
- /etc/random-seed
|
||||||
|
- /etc/random.seed
|
||||||
|
- /etc/adjtime
|
||||||
|
- /etc/httpd/logs
|
||||||
|
- /etc/utmpx
|
||||||
|
- /etc/wtmpx
|
||||||
|
- /etc/cups/certs
|
||||||
|
- /etc/dumpdates
|
||||||
|
- /etc/svc/volatile
|
||||||
|
no_diff:
|
||||||
|
- /etc/ssl/private.key
|
||||||
|
directories:
|
||||||
|
- dirs: /etc,/usr/bin,/usr/sbin
|
||||||
|
checks: 'check_all="yes"'
|
||||||
|
- dirs: /bin,/sbin
|
||||||
|
checks: 'check_all="yes"'
|
||||||
log_level: 1
|
log_level: 1
|
||||||
email_level: 12
|
email_level: 12
|
||||||
ignore_files:
|
ignore_files:
|
||||||
|
|||||||
@ -89,23 +89,27 @@
|
|||||||
|
|
||||||
<syscheck>
|
<syscheck>
|
||||||
<!-- Frequency that syscheck is executed -- default every 20 hours -->
|
<!-- Frequency that syscheck is executed -- default every 20 hours -->
|
||||||
<frequency>{{ wazuh_manager_config.frequency_check }}</frequency>
|
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
|
||||||
<scan_on_start>{{ wazuh_manager_config.syscheck_scan_on_start }}</scan_on_start>
|
<scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
|
||||||
|
|
||||||
<!-- Directories to check (perform all possible verifications) -->
|
<!-- Directories to check (perform all possible verifications) -->
|
||||||
{% for directory in wazuh_manager_config.directories %}
|
{% if wazuh_manager_config.syscheck.directories is defined %}
|
||||||
<directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
|
{% for directory in wazuh_manager_config.syscheck.directories %}
|
||||||
{% endfor %}
|
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
<!-- Files/directories to ignore -->
|
<!-- Files/directories to ignore -->
|
||||||
{% for ignore_file in wazuh_manager_config.ignore_files %}
|
{% if wazuh_manager_config.syscheck.ignore is defined %}
|
||||||
<ignore>{{ ignore_file }}</ignore>
|
{% for ignore in wazuh_manager_config.syscheck.ignore %}
|
||||||
|
<ignore>{{ ignore }}</ignore>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
<!-- Files no diff -->
|
<!-- Files no diff -->
|
||||||
{% for no_diff in wazuh_manager_config.no_diff %}
|
{% for no_diff in wazuh_manager_config.syscheck.no_diff %}
|
||||||
<nodiff>{{ no_diff }}</nodiff>
|
<nodiff>{{ no_diff }}</nodiff>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</syscheck>
|
</syscheck>
|
||||||
|
|
||||||
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
|
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user