Linux-Help/cookbook-ossec-ng
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Commented out and updated excessive syscheck directories from default attributes

Browse source
This commit is contained in:
Eric Renfro 2017-02-21 23:01:27 -05:00
parent 38b65851d0
commit 9835c970b4
No known key found for this signature in database
GPG key ID: 9A949323CBE78F97
2 changed files with 71 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

127
attributes/ossec.rb
View file

@ -53,73 +53,86 @@ default["ossec"]["syscheck"]["alert_new_files"] = 'yes'
default["ossec"]["syscheck"]["auto_ignore"] = 'no'
default["ossec"]["syscheck"]["directories"]['/bin'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/boot'] = {
'report_changes' => 'no',
'realtime' => 'no'
'report_changes' => 'yes',
'realtime' => 'yes',
'check_all' => 'yes'
}
#default["ossec"]["syscheck"]["directories"]['/boot'] = {
# 'report_changes' => 'no',
# 'realtime' => 'no'
#}
default["ossec"]["syscheck"]["directories"]['/etc'] = {
'report_changes' => 'yes',
'realtime' => 'no'
}
default["ossec"]["syscheck"]["directories"]['/lib/lsb'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/lib/modules'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/lib/plymouth'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/lib/security'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/lib/terminfo'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/lib/ufw'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/lib/xtables'] = {
'report_changes' => 'no',
'realtime' => 'no'
}
default["ossec"]["syscheck"]["directories"]['/media'] = {
'report_changes' => 'no',
'realtime' => 'no'
'realtime' => 'yes',
'check_all' => 'yes'
}
#default["ossec"]["syscheck"]["directories"]['/lib/lsb'] = {
# 'report_changes' => 'no',
# 'realtime' => 'yes'
#}
#default["ossec"]["syscheck"]["directories"]['/lib/modules'] = {
# 'report_changes' => 'no',
# 'realtime' => 'yes'
#}
#default["ossec"]["syscheck"]["directories"]['/lib/plymouth'] = {
# 'report_changes' => 'no',
# 'realtime' => 'yes'
#}
#default["ossec"]["syscheck"]["directories"]['/lib/security'] = {
# 'report_changes' => 'no',
# 'realtime' => 'yes'
#}
#default["ossec"]["syscheck"]["directories"]['/lib/terminfo'] = {
# 'report_changes' => 'no',
# 'realtime' => 'yes'
#}
#default["ossec"]["syscheck"]["directories"]['/lib/ufw'] = {
# 'report_changes' => 'no',
# 'realtime' => 'yes'
#}
#default["ossec"]["syscheck"]["directories"]['/lib/xtables'] = {
# 'report_changes' => 'no',
# 'realtime' => 'no'
#}
#default["ossec"]["syscheck"]["directories"]['/media'] = {
# 'report_changes' => 'no',
# 'realtime' => 'no'
#}
default["ossec"]["syscheck"]["directories"]['/opt'] = {
'report_changes' => 'no',
'realtime' => 'no'
}
default["ossec"]["syscheck"]["directories"]['/root'] = {
'report_changes' => 'yes',
'realtime' => 'no'
}
default["ossec"]["syscheck"]["directories"]['/srv'] = {
'report_changes' => 'no',
'realtime' => 'no'
}
#default["ossec"]["syscheck"]["directories"]['/root'] = {
# 'report_changes' => 'yes',
# 'realtime' => 'no'
#}
#default["ossec"]["syscheck"]["directories"]['/srv'] = {
# 'report_changes' => 'no',
# 'realtime' => 'no'
#}
default["ossec"]["syscheck"]["directories"]['/sbin'] = {
'report_changes' => 'no',
'realtime' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/usr/'] = {
'report_changes' => 'yes',
'realtime' => 'yes'
'realtime' => 'yes',
'check_all' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/tmp'] = {
'report_changes' => 'no',
'realtime' => 'no'
#default["ossec"]["syscheck"]["directories"]['/usr/'] = {
# 'report_changes' => 'yes',
# 'realtime' => 'yes'
#}
default["ossec"]["syscheck"]["directories"]['/usr/bin'] = {
'report_changes' => 'yes',
'realtime' => 'yes',
'check_all' => 'yes'
}
default["ossec"]["syscheck"]["directories"]['/usr/sbin'] = {
'report_changes' => 'yes',
'realtime' => 'yes',
'check_all' => 'yes'
}
#default["ossec"]["syscheck"]["directories"]['/tmp'] = {
# 'report_changes' => 'no',
# 'realtime' => 'no'
#}
# Syscheck Ignore Files
default["ossec"]["syscheck"]["ignore"]['/etc/openvpn/openvpn-status.log'] = {}
@ -131,8 +144,8 @@ default["ossec"]["syscheck"]["ignore"]['/etc/mail/statistics'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/random-seed'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/adjtime'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/prelink.cache'] = {}
default["ossec"]["syscheck"]["ignore"]['/root/.bash_history'] = {}
default["ossec"]["syscheck"]["ignore"]['/root/.viminfo'] = {}
#default["ossec"]["syscheck"]["ignore"]['/root/.bash_history'] = {}
#default["ossec"]["syscheck"]["ignore"]['/root/.viminfo'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/dnscache/stats'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/dnscache/log'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/dnscache2/stats'] = {}

3
metadata.rb
View file

@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org"
license "GPLv2"
description "Installs/Configures ossec"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "1.2.4"
version "1.2.5"
issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues"
source_url "http://git.linux-help.org/Linux-Help/ossec-ng"
@ -30,4 +30,3 @@ depends 'apt-atomic', '~> 0.1.3'
suggests 'postfix'
suggests 'selinux_policy'