testing/ossec-hids/02_ossec-server.conf.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

diff --git a/etc/ossec-server.conf b/etc/ossec-server.conf
index 1a4998c..da49262 100755
--- a/etc/ossec-server.conf
+++ b/etc/ossec-server.conf
@@ -2,10 +2,10 @@
 
 <ossec_config>
   <global>
-    <email_notification>yes</email_notification>
-    <email_to>daniel.cid@xxx.com</email_to>
-    <smtp_server>smtp.xxx.com.</smtp_server>
-    <email_from>ossecm@ossec.xxx.com.</email_from>
+    <email_notification>no</email_notification>
+    <email_to>your_email_address@example.com</email_to>
+    <smtp_server>smtp.your_domain.com.</smtp_server>
+    <email_from>ossecm@ossec.your_domain.com.</email_from>
   </global>
 
   <rules>
@@ -94,10 +94,6 @@
 
   <global>
     <white_list>127.0.0.1</white_list>
-    <white_list>192.168.2.1</white_list>
-    <white_list>192.168.2.190</white_list>
-    <white_list>192.168.2.32</white_list>
-    <white_list>192.168.2.10</white_list>
   </global>
 
   <remote>
@@ -138,6 +134,7 @@
        - level (severity) >= 6.
        - The IP is going to be blocked for  600 seconds.
       -->
+	<disabled>yes</disabled>
     <command>host-deny</command>
     <location>local</location>
     <level>6</level>
@@ -149,6 +146,7 @@
        - 600 seconds on the firewall (iptables,
        - ipfilter, etc).
       -->
+    <disabled>yes</disabled>
     <command>firewall-drop</command>
     <location>local</location>
     <level>6</level>
@@ -164,31 +162,31 @@
 
   <localfile>
     <log_format>syslog</log_format>
-    <location>/var/log/authlog</location>
+    <location>/var/log/auth.log</location>
   </localfile>
 
   <localfile>
     <log_format>syslog</log_format>
-    <location>/var/log/secure</location>
+    <location>/var/log/syslog</location>
   </localfile>
 
   <localfile>
     <log_format>syslog</log_format>
-    <location>/var/log/xferlog</location>
+    <location>/var/log/daemon.log</location>
   </localfile>
 
   <localfile>
     <log_format>syslog</log_format>
-    <location>/var/log/maillog</location>
+    <location>/var/log/mail.log</location>
   </localfile>
 
   <localfile>
     <log_format>apache</log_format>
-    <location>/var/www/logs/access_log</location>
+    <location>/var/log/apache2/access_log</location>
   </localfile>
 
   <localfile>
     <log_format>apache</log_format>
-    <location>/var/www/logs/error_log</location>
+    <location>/var/log/apache2/error_log</location>
   </localfile>
 </ossec_config>