76 lines
1.8 KiB
YAML
76 lines
1.8 KiB
YAML
---
|
|
wazuh_managers:
|
|
- address: 127.0.0.1
|
|
port: 1514
|
|
protocol: tcp
|
|
wazuh_profile: null
|
|
wazuh_auto_restart: 'yes'
|
|
wazuh_agent_authd:
|
|
enable: false
|
|
port: 1515
|
|
ssl_agent_ca: null
|
|
ssl_agent_cert: null
|
|
ssl_agent_key: null
|
|
ssl_auto_negotiate: 'no'
|
|
wazuh_notify_time: null
|
|
wazuh_time_reconnect: null
|
|
wazuh_winagent_config:
|
|
install_dir: 'C:\wazuh-agent\'
|
|
version: '3.0.0'
|
|
revision: '1'
|
|
repo: https://packages.wazuh.com/3.x/windows/
|
|
md5: 896dcc5b786fda30db9649dd7a6043c0
|
|
wazuh_agent_config:
|
|
log_format: 'plain'
|
|
syscheck:
|
|
frequency: 43200
|
|
scan_on_start: 'yes'
|
|
auto_ignore: 'no'
|
|
alert_new_files: 'yes'
|
|
ignore:
|
|
- /etc/mtab
|
|
- /etc/mnttab
|
|
- /etc/hosts.deny
|
|
- /etc/mail/statistics
|
|
- /etc/random-seed
|
|
- /etc/random.seed
|
|
- /etc/adjtime
|
|
- /etc/httpd/logs
|
|
- /etc/utmpx
|
|
- /etc/wtmpx
|
|
- /etc/cups/certs
|
|
- /etc/dumpdates
|
|
- /etc/svc/volatile
|
|
no_diff:
|
|
- /etc/ssl/private.key
|
|
directories:
|
|
- dirs: /etc,/usr/bin,/usr/sbin
|
|
checks: 'check_all="yes"'
|
|
- dirs: /bin,/sbin
|
|
checks: 'check_all="yes"'
|
|
windows_registry:
|
|
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
|
|
arch: 'both'
|
|
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
|
|
rootcheck:
|
|
frequency: 43200
|
|
openscap:
|
|
disable: 'yes'
|
|
timeout: 1800
|
|
interval: '1d'
|
|
scan_on_start: 'yes'
|
|
localfiles:
|
|
- format: 'syslog'
|
|
location: '/var/log/messages'
|
|
- format: 'syslog'
|
|
location: '/var/log/secure'
|
|
- format: 'command'
|
|
command: 'df -P'
|
|
frequency: '360'
|
|
- format: 'full_command'
|
|
command: 'netstat -tln | grep -v 127.0.0.1 | sort'
|
|
frequency: '360'
|
|
- format: 'full_command'
|
|
command: 'last -n 20'
|
|
frequency: '360'
|