aboutsummaryrefslogtreecommitdiffstats
path: root/testing/ossec-hids/config
blob: abcece68177ea73bbfd5226c439e0ac92ff7409c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/sh

# Do you want to update it? (y/n) [y]:
export USER_UPDATE=y

# Do you want to update the rules? (y/n) [y]:
export USER_UPDATE_RULES=y

# User Language:
export USER_LANGUAGE=en

# Do you want e-mail notification? (y/n) [y]:
export USER_ENABLE_EMAIL=y
# What's your e-mail address?
export USER_EMAIL_ADDRESS=foo@example.com
#  What's your SMTP server ip/host?
export USER_EMAIL_SMTP=localhost

# Do you want to run the integrity check daemon? (y/n) [y]:
export USER_ENABLE_SYSCHECK=y

#Do you want to run the rootkit detection engine? (y/n) [y]:
export USER_ENABLE_ROOTCHECK=y

#       Active response allows you to execute a specific 
#       command based on the events received. For example,
#       you can block an IP address or disable access for
#       a specific user.  
#       More information at:
#       https://ossec.github.io/docs/manual/ar/
#       
#   - Do you want to enable active response? (y/n) [y]: 
export USER_ENABLE_ACTIVE_RESPONSE=y

#   - By default, we can enable the host-deny and the 
#     firewall-drop responses. The first one will add
#     a host to the /etc/hosts.deny and the second one
#     will block the host on iptables (if linux) or on
#     ipfilter (if Solaris, FreeBSD or NetBSD).
#   - They can be used to stop SSHD brute force scans, 
#     portscans and some other forms of attacks. You can 
#     also add them to block on snort events, for example.
#
#   - Do you want to enable the firewall-drop response? (y/n) [y]:
export USER_ENABLE_FIREWALL_RESPONSE=y

# Do you want to add more IPs to the white list? (y/n)? [n]:
# if set to y, installer will ask you to enter the list of IPs
# if you want to use this feature, you must also export USER_NO_STOP=no
export USER_WHITE_LIST=n

# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
export USER_ENABLE_SYSLOG=y

# IP address or hostname of the ossec server. Only used on agent installations.
export USER_AGENT_SERVER_IP="127.0.0.1"
# export USER_AGENT_SERVER_NAME
# Agent's config profile name. This is used to create agent.conf configuration profiles
# for this particular profile name. Only used on agent installations.
# Can be any string. E.g. LinuxDBServer or WindowsDomainController
export USER_AGENT_CONFIG_PROFILE="generic"