Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ossec = {
- rules = (
- {
- comment = "This is just some data about this section";
- type = "rule_file";
- path = "rules/rules/00_ossec_rules.xml";
- },
- {
- type = "rule_dir";
- path = "rules/rules/";
- pattern = ".*\.xml";
- },
- {
- type = "rule_dir";
- path = "rules/plugins/";
- pattern = ".*\.xml";
- },
- {
- path = "rules/decoder/00_ossec_decoder.xml";
- type = "decoder";
- },
- {
- type = "decoder_dir";
- path = "rules/decoder/";
- pattern = ".*\.xml";
- },
- {
- type = "decoder_dir";
- path = "rules/decoder/plugins";
- pattern = ".*\.xml";
- },
- );
- input = {
- syscheck = {
- frequency = 79200;
- dir = (
- {
- path ( "/etc", "/usr/bin", "/usr/sbin" );
- check_all = True;
- };
- {
- path ("/tmp");
- check_md5 = True;
- };
- );
- ignore (
- {pattern = "/etc/mtab"};
- {pattern = "/etc/mnttab"};
- {
- pattern = ".*.bin";
- type = sregex;
- };
- );
- };
- localfile = (
- {
- path = "/var/log/security";
- type = "syslog";
- },
- {
- path = "/var/log/messages";
- type = "syslog";
- }
- );
- };
- output = {
- database = (
- {
- hostname = "server1";
- username = "ossec";
- password = "ossecpw";
- database = "ossec";
- type = "mysql";
- },
- {
- hostname = "server2";
- username = "ossec";
- password = "ossecpw";
- database = "ossec";
- type = "pgsql";
- }
- );
- email = {
- email_from = "ossec@example.com";
- smtp_servers = (
- {
- hostname = "smtp1.example.com";
- starttls = True;
- username = "ossec@example.com";
- password = "ossec";
- },
- {
- hostname = "smtp2.google.com";
- starttls = True;
- username = "ossec@google.com";
- password = "ossecpw";
- },
- );
- alerts = (
- {
- email_to = "jeremy@example.com";
- level = 14;
- group = "firewall";
- location = ".*";
- format = "full";
- no_delay = True;
- no_grouping = True;
- },
- {
- email_to = "pager@example.com";
- level = 15;
- format = "sms";
- no_delay = True;
- no_grouping = True;
- },
- );
- };
- };
- };
Add Comment
Please, Sign In to add comment