From c1156bb7577b9611925254fd235df811a98def94 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Mon, 24 Jul 2017 23:26:07 -0400 Subject: [PATCH] Wazuh manager: define rootcheck frequency. --- ansible-wazuh-manager/defaults/main.yml | 23 ++----------------- .../var-ossec-etc-ossec-server.conf.j2 | 2 +- 2 files changed, 3 insertions(+), 22 deletions(-) diff --git a/ansible-wazuh-manager/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml index 047ebcb2..66eaf7ec 100644 --- a/ansible-wazuh-manager/defaults/main.yml +++ b/ansible-wazuh-manager/defaults/main.yml @@ -31,29 +31,10 @@ wazuh_manager_config: checks: 'check_all="yes"' - dirs: /bin,/sbin checks: 'check_all="yes"' + rootcheck: + frequency: 43200 log_level: 1 email_level: 12 - ignore_files: - - /etc/mtab - - /etc/mnttab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/random-seed - - /etc/random.seed - - /etc/adjtime - - /etc/httpd/logs - - /etc/utmpx - - /etc/wtmpx - - /etc/cups/certs - - /etc/dumpdates - - /etc/svc/volatile - no_diff: - - /etc/ssl/private.key - directories: - - check_all: 'yes' - dirs: /etc,/usr/bin,/usr/sbin - - check_all: 'yes' - dirs: /bin,/sbin localfiles: - format: 'syslog' location: '/var/log/messages' diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 9dbc023e..ff41ce36 100644 --- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -74,7 +74,7 @@ yes - 43200 + {{ wazuh_manager_config.rootcheck.frequency }} /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt