From f2b3ac68bba3418faec5ebcf4145abb7b575a16a Mon Sep 17 00:00:00 2001
From: cadoming <carlos.dominguez@wazuh.com>
Date: Thu, 15 Nov 2018 12:16:05 +0000
Subject: [PATCH] agent configuration and monitoring

---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml   | 2 ++
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 9 ++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index db29e6ab..6aecd1ed 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -90,6 +90,8 @@ wazuh_agent_config:
       location: '/var/log/messages'
     - format: 'syslog'
       location: '/var/log/secure'
+    - format: 'syslog'
+      location: 'var/log/auth.log'
     - format: 'command'
       command: 'df -P'
       frequency: '360'
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 3b94cc22..eb5688b9 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -221,11 +221,10 @@ wazuh_agent_configs:
       - /etc/svc/volatile
       no_diff:
         - /etc/ssl/private.key
-      directories:
-        - dirs: /etc,/usr/bin,/usr/sbin
-          checks: 'check_all="yes"'
-        - dirs: /bin,/sbin
-          checks: 'check_all="yes"'
+      # Example
+      #directories:
+        #- dirs: /etc,/usr/bin,/usr/sbin
+        #  checks: 'check_all="yes"'
     rootcheck:
       frequency: 43200
       cis_distribution_filename: null