SHARE
TWEET

Untitled

a guest Sep 9th, 2014 166 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. <ossec_config>
  3. <global>
  4.     <!-- Notifications par email -->
  5.     <email_notification>yes</email_notification>
  6.     <email_to>email@domain.tld</email_to>
  7.     <smtp_server>mail.domain.tld.</smtp_server>
  8.     <email_from>ossecm@domain.tld</email_from>
  9.     <!-- White List -->
  10.     <white_list>127.0.0.1</white_list>
  11.     <white_list>^localhost.localdomain$</white_list>
  12.     <!-- Configuration de prelude -->
  13.     <prelude_output>yes</prelude_output>
  14.     <prelude_profile>ossec</prelude_profile>
  15.     <prelude_log_level>0</prelude_log_level>
  16. </global>
  17. <alerts>
  18.     <!-- On enregistrement l'évènement dans les logs à partir du niveau 1 -->
  19.     <log_alert_level>1</log_alert_level>
  20.     <!-- On envoie un email à partir du niveau 6 -->
  21.     <email_alert_level>6</email_alert_level>
  22. </alerts>
  23. <rules>
  24.     <include>rules_config.xml</include>
  25.     <include>pam_rules.xml</include>
  26.     <include>sshd_rules.xml</include>
  27.     <include>telnetd_rules.xml</include>
  28.     <include>syslog_rules.xml</include>
  29.     <include>arpwatch_rules.xml</include>
  30.     <include>named_rules.xml</include>
  31.     <include>smbd_rules.xml</include>
  32.     <include>vsftpd_rules.xml</include>
  33.     <include>pure-ftpd_rules.xml</include>
  34.     <include>proftpd_rules.xml</include>
  35.     <include>ftpd_rules.xml</include>
  36.     <include>hordeimp_rules.xml</include>
  37.     <include>roundcube_rules.xml</include>
  38.     <include>wordpress_rules.xml</include>
  39.     <include>vpopmail_rules.xml</include>
  40.     <include>vmpop3d_rules.xml</include>
  41.     <include>courier_rules.xml</include>
  42.     <include>web_rules.xml</include>
  43.     <include>web_appsec_rules.xml</include>
  44.     <include>apache_rules.xml</include>
  45.     <include>nginx_rules.xml</include>
  46.     <include>php_rules.xml</include>
  47.     <include>mysql_rules.xml</include>
  48.     <include>postgresql_rules.xml</include>
  49.     <include>ids_rules.xml</include>
  50.     <include>squid_rules.xml</include>
  51.     <include>firewall_rules.xml</include>
  52.     <include>postfix_rules.xml</include>
  53.     <include>sendmail_rules.xml</include>
  54.     <include>imapd_rules.xml</include>
  55.     <include>mailscanner_rules.xml</include>
  56.     <include>dovecot_rules.xml</include>
  57.     <include>vpn_concentrator_rules.xml</include>
  58.     <include>spamd_rules.xml</include>
  59.     <include>trend-osce_rules.xml</include>
  60.     <include>vmware_rules.xml</include>
  61.     <include>ossec_rules.xml</include>
  62.     <include>attack_rules.xml</include>
  63.     <include>clam_av_rules.xml</include>
  64.     <include>local_rules.xml</include>
  65. </rules>
  66. <syscheck>
  67.     <!-- Fréquence de vérification en secondes -->
  68.     <frequency>79200</frequency>
  69.     <!-- Répertoires à vérifier -->
  70.     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
  71.     <directories check_all="yes">/bin,/sbin</directories>
  72.     <!-- Répertoires et fichiers à ignorer -->
  73.     <ignore>/etc/mtab</ignore>
  74.     <ignore>/etc/mnttab</ignore>
  75.     <ignore>/etc/hosts.deny</ignore>
  76.     <ignore>/etc/mail/statistics</ignore>
  77.     <ignore>/etc/random-seed</ignore>
  78.     <ignore>/etc/adjtime</ignore>
  79.     <ignore>/etc/httpd/logs</ignore>
  80.     <ignore>/etc/utmpx</ignore>
  81.     <ignore>/etc/wtmpx</ignore>
  82.     <ignore>/etc/cups/certs</ignore>
  83.     <ignore>/etc/dumpdates</ignore>
  84.     <ignore>/etc/svc/volatile</ignore>
  85. </syscheck>
  86. <rootcheck>
  87.     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
  88.     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
  89.     <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
  90.     <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
  91. </rootcheck>
  92. <rootcheck>
  93.     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
  94.     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
  95.     <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
  96.     <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
  97. </rootcheck>
  98. <active-response>
  99.     <command>firewall-drop</command>
  100.     <location>local</location>
  101.     <level>6</level>
  102.     <timeout>600</timeout>
  103. </active-response>
  104. <command>
  105.     <name>firewall-drop</name>
  106.     <executable>firewall-drop.sh</executable>
  107.     <expect>srcip</expect>
  108.     <timeout_allowed>yes</timeout_allowed>
  109. </command>
  110.  
  111. <localfile>
  112.     <log_format>syslog</log_format>
  113.     <location>/var/log/messages</location>
  114. </localfile>
  115.  
  116. <localfile>
  117.     <log_format>syslog</log_format>
  118.     <location>/var/log/auth.log</location>
  119. </localfile>
  120.  
  121. <localfile>
  122.     <log_format>apache</log_format>
  123.     <location>/var/log/nginx/access.log</location>
  124. </localfile>
  125.  
  126. <localfile>
  127.     <log_format>apache</log_format>
  128.     <location>/var/log/nginx/error.log</location>
  129. </localfile>
  130. </ossec_config>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top