Fix rootkit files & trojans paths for manager
This commit is contained in:
Rshad Zhran
parent
8f8c32cf59
commit
a35c7bceb1
@ -95,7 +95,7 @@ wazuh_manager_config:
|
|||||||
use_source_ip: 'yes'
|
use_source_ip: 'yes'
|
||||||
force_insert: 'yes'
|
force_insert: 'yes'
|
||||||
force_time: 0
|
force_time: 0
|
||||||
purge: 'no'
|
purge: 'yes'
|
||||||
use_password: 'no'
|
use_password: 'no'
|
||||||
limit_maxagents: 'yes'
|
limit_maxagents: 'yes'
|
||||||
ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
|
ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
|
||||||
@ -114,7 +114,7 @@ wazuh_manager_config:
|
|||||||
email_log_source: 'alerts.log'
|
email_log_source: 'alerts.log'
|
||||||
extra_emails:
|
extra_emails:
|
||||||
- enable: false
|
- enable: false
|
||||||
mail_to: 'recipient@example.wazuh.com'
|
mail_to: 'admin@example.net'
|
||||||
format: full
|
format: full
|
||||||
level: 7
|
level: 7
|
||||||
event_location: null
|
event_location: null
|
||||||
@ -174,7 +174,7 @@ wazuh_manager_config:
|
|||||||
rootcheck:
|
rootcheck:
|
||||||
frequency: 43200
|
frequency: 43200
|
||||||
openscap:
|
openscap:
|
||||||
disable: 'no'
|
disable: 'yes'
|
||||||
timeout: 1800
|
timeout: 1800
|
||||||
interval: '1d'
|
interval: '1d'
|
||||||
scan_on_start: 'yes'
|
scan_on_start: 'yes'
|
||||||
@ -263,6 +263,7 @@ wazuh_manager_config:
|
|||||||
frequency: '360'
|
frequency: '360'
|
||||||
- format: 'full_command'
|
- format: 'full_command'
|
||||||
command: 'last -n 20'
|
command: 'last -n 20'
|
||||||
|
frequency: '360'
|
||||||
- format: 'syslog'
|
- format: 'syslog'
|
||||||
location: '/var/ossec/logs/active-responses.log'
|
location: '/var/ossec/logs/active-responses.log'
|
||||||
debian:
|
debian:
|
||||||
@ -295,7 +296,6 @@ wazuh_manager_config:
|
|||||||
- name: 'restart-ossec'
|
- name: 'restart-ossec'
|
||||||
executable: 'restart-ossec.sh'
|
executable: 'restart-ossec.sh'
|
||||||
expect: ''
|
expect: ''
|
||||||
timeout_allowed: 'no'
|
|
||||||
- name: 'firewall-drop'
|
- name: 'firewall-drop'
|
||||||
executable: 'firewall-drop.sh'
|
executable: 'firewall-drop.sh'
|
||||||
expect: 'srcip'
|
expect: 'srcip'
|
||||||
|
|||||||
@ -126,8 +126,8 @@
|
|||||||
<!-- Frequency that rootcheck is executed - every 12 hours -->
|
<!-- Frequency that rootcheck is executed - every 12 hours -->
|
||||||
<frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>
|
<frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>
|
||||||
|
|
||||||
<rootkit_files>/var/ossec/etc/shared/default/rootkit_files.txt</rootkit_files>
|
<rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
|
||||||
<rootkit_trojans>/var/ossec/etc/shared/default/rootkit_trojans.txt</rootkit_trojans>
|
<rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
|
||||||
|
|
||||||
<skip_nfs>yes</skip_nfs>
|
<skip_nfs>yes</skip_nfs>
|
||||||
</rootcheck>
|
</rootcheck>
|
||||||
@ -292,7 +292,6 @@
|
|||||||
<!-- File integrity monitoring -->
|
<!-- File integrity monitoring -->
|
||||||
<syscheck>
|
<syscheck>
|
||||||
<disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
|
<disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
|
||||||
<auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
|
|
||||||
<alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
|
<alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
|
||||||
<!-- Frequency that syscheck is executed -- default every 20 hours -->
|
<!-- Frequency that syscheck is executed -- default every 20 hours -->
|
||||||
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
|
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
|
||||||
@ -318,7 +317,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<!-- File types to ignore -->
|
<!-- File types to ignore -->
|
||||||
{% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
|
{% if wazuh_manager_config.syscheck.ignore_linux_type is defined %}
|
||||||
{% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
|
{% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
|
||||||
<ignore type="sregex">{{ ignore }}</ignore>
|
<ignore type="sregex">{{ ignore }}</ignore>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
@ -346,7 +345,9 @@
|
|||||||
<name>{{ command.name }}</name>
|
<name>{{ command.name }}</name>
|
||||||
<executable>{{ command.executable }}</executable>
|
<executable>{{ command.executable }}</executable>
|
||||||
<expect>{{ command.expect }}</expect>
|
<expect>{{ command.expect }}</expect>
|
||||||
|
{% if command.timeout_allowed is defined %}
|
||||||
<timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
|
<timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
|
||||||
|
{% endif %}
|
||||||
</command>
|
</command>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
@ -359,7 +360,6 @@
|
|||||||
<rule_exclude>{{ rule }}</rule_exclude>
|
<rule_exclude>{{ rule }}</rule_exclude>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cdb_lists is defined %}
|
|
||||||
{% for list in cdb_lists %}
|
{% for list in cdb_lists %}
|
||||||
<list>etc/lists/{{ list.name }}</list>
|
<list>etc/lists/{{ list.name }}</list>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user