afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Wazuh manager: define rootcheck frequency.

Browse Source
This commit is contained in:
Miguelangel Freitas 2017-07-24 23:26:07 -04:00
parent 3ef34f1c28
commit c1156bb757
2 changed files with 3 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ansible-wazuh-manager/defaults/main.yml
View File

@ -31,29 +31,10 @@ wazuh_manager_config:
checks: 'check_all="yes"' checks: 'check_all="yes"'
- dirs: /bin,/sbin - dirs: /bin,/sbin
checks: 'check_all="yes"' checks: 'check_all="yes"'
rootcheck:
frequency: 43200
log_level: 1 log_level: 1
email_level: 12 email_level: 12
ignore_files:
- /etc/mtab
- /etc/mnttab
- /etc/hosts.deny
- /etc/mail/statistics
- /etc/random-seed
- /etc/random.seed
- /etc/adjtime
- /etc/httpd/logs
- /etc/utmpx
- /etc/wtmpx
- /etc/cups/certs
- /etc/dumpdates
- /etc/svc/volatile
no_diff:
- /etc/ssl/private.key
directories:
- check_all: 'yes'
dirs: /etc,/usr/bin,/usr/sbin
- check_all: 'yes'
dirs: /bin,/sbin
localfiles: localfiles:
- format: 'syslog' - format: 'syslog'
location: '/var/log/messages' location: '/var/log/messages'

2
ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -74,7 +74,7 @@
<check_if>yes</check_if> <check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency> <frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans> <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>