diff options
Diffstat (limited to 'testing/ossec-hids-agent/config')
-rw-r--r-- | testing/ossec-hids-agent/config | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/testing/ossec-hids-agent/config b/testing/ossec-hids-agent/config new file mode 100644 index 0000000000..4400290be7 --- /dev/null +++ b/testing/ossec-hids-agent/config @@ -0,0 +1,63 @@ +#!/bin/sh + +# Do you want to update it? (y/n) [y]: +export USER_UPDATE=y + +# Do you want to update the rules? (y/n) [y]: +export USER_UPDATE_RULES=y + +# User Language: +export USER_LANGUAGE=en + +# Do you want e-mail notification? (y/n) [y]: +export USER_ENABLE_EMAIL=y +# What's your e-mail address? +export USER_EMAIL_ADDRESS=foo@example.com +# What's your SMTP server ip/host? +export USER_EMAIL_SMTP=localhost + +# Do you want to run the integrity check daemon? (y/n) [y]: +export USER_ENABLE_SYSCHECK=y + +#Do you want to run the rootkit detection engine? (y/n) [y]: +export USER_ENABLE_ROOTCHECK=y + +# Active response allows you to execute a specific +# command based on the events received. For example, +# you can block an IP address or disable access for +# a specific user. +# More information at: +# https://ossec.github.io/docs/manual/ar/ +# +# - Do you want to enable active response? (y/n) [y]: +export USER_ENABLE_ACTIVE_RESPONSE=y + +# - By default, we can enable the host-deny and the +# firewall-drop responses. The first one will add +# a host to the /etc/hosts.deny and the second one +# will block the host on iptables (if linux) or on +# ipfilter (if Solaris, FreeBSD or NetBSD). +# - They can be used to stop SSHD brute force scans, +# portscans and some other forms of attacks. You can +# also add them to block on snort events, for example. +# +# - Do you want to enable the firewall-drop response? (y/n) [y]: +export USER_ENABLE_FIREWALL_RESPONSE=y + +# Do you want to add more IPs to the white list? (y/n)? [n]: +# if set to y, installer will ask you to enter the list of IPs +# if you want to use this feature, you must also export USER_NO_STOP=no +export USER_WHITE_LIST=n + +# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: +export USER_ENABLE_SYSLOG=y + +# IP address or hostname of the ossec server. Only used on agent installations. +# export USER_AGENT_SERVER_IP="127.0.0.1" +# export USER_AGENT_SERVER_NAME +# Agent's config profile name. This is used to create agent.conf configuration profiles +# for this particular profile name. Only used on agent installations. +# Can be any string. E.g. LinuxDBServer or WindowsDomainController +export USER_AGENT_CONFIG_PROFILE="generic" + + |