Commented out and updated excessive syscheck directories from default attributes

attributes/ossec.rb

@@ -53,73 +53,86 @@ default["ossec"]["syscheck"]["alert_new_files"] = 'yes'
 default["ossec"]["syscheck"]["auto_ignore"] = 'no'
 
 default["ossec"]["syscheck"]["directories"]['/bin'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/boot'] = {
-  'report_changes' => 'no',
-  'realtime' => 'no'
+  'report_changes' => 'yes',
+  'realtime' => 'yes',
+  'check_all' => 'yes'
 }
+#default["ossec"]["syscheck"]["directories"]['/boot'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'no'
+#}
 default["ossec"]["syscheck"]["directories"]['/etc'] = {
   'report_changes' => 'yes',
-  'realtime' => 'no'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/lsb'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/modules'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/plymouth'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/security'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/terminfo'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/ufw'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/lib/xtables'] = {
-  'report_changes' => 'no',
-  'realtime' => 'no'
-}
-default["ossec"]["syscheck"]["directories"]['/media'] = {
-  'report_changes' => 'no',
-  'realtime' => 'no'
+  'realtime' => 'yes',
+  'check_all' => 'yes'
 }
+#default["ossec"]["syscheck"]["directories"]['/lib/lsb'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'yes'
+#}
+#default["ossec"]["syscheck"]["directories"]['/lib/modules'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'yes'
+#}
+#default["ossec"]["syscheck"]["directories"]['/lib/plymouth'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'yes'
+#}
+#default["ossec"]["syscheck"]["directories"]['/lib/security'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'yes'
+#}
+#default["ossec"]["syscheck"]["directories"]['/lib/terminfo'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'yes'
+#}
+#default["ossec"]["syscheck"]["directories"]['/lib/ufw'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'yes'
+#}
+#default["ossec"]["syscheck"]["directories"]['/lib/xtables'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'no'
+#}
+#default["ossec"]["syscheck"]["directories"]['/media'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'no'
+#}
 default["ossec"]["syscheck"]["directories"]['/opt'] = {
   'report_changes' => 'no',
   'realtime' => 'no'
 }
-default["ossec"]["syscheck"]["directories"]['/root'] = {
-  'report_changes' => 'yes',
-  'realtime' => 'no'
-}
-default["ossec"]["syscheck"]["directories"]['/srv'] = {
-  'report_changes' => 'no',
-  'realtime' => 'no'
-}
+#default["ossec"]["syscheck"]["directories"]['/root'] = {
+#  'report_changes' => 'yes',
+#  'realtime' => 'no'
+#}
+#default["ossec"]["syscheck"]["directories"]['/srv'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'no'
+#}
 default["ossec"]["syscheck"]["directories"]['/sbin'] = {
-  'report_changes' => 'no',
-  'realtime' => 'yes'
-}
-default["ossec"]["syscheck"]["directories"]['/usr/'] = {
   'report_changes' => 'yes',
-  'realtime' => 'yes'
+  'realtime' => 'yes',
+  'check_all' => 'yes'
 }
-default["ossec"]["syscheck"]["directories"]['/tmp'] = {
-  'report_changes' => 'no',
-  'realtime' => 'no'
+#default["ossec"]["syscheck"]["directories"]['/usr/'] = {
+#  'report_changes' => 'yes',
+#  'realtime' => 'yes'
+#}
+default["ossec"]["syscheck"]["directories"]['/usr/bin'] = {
+  'report_changes' => 'yes',
+  'realtime' => 'yes',
+  'check_all' => 'yes'
 }
+default["ossec"]["syscheck"]["directories"]['/usr/sbin'] = {
+  'report_changes' => 'yes',
+  'realtime' => 'yes',
+  'check_all' => 'yes'
+}
+#default["ossec"]["syscheck"]["directories"]['/tmp'] = {
+#  'report_changes' => 'no',
+#  'realtime' => 'no'
+#}
 
 # Syscheck Ignore Files
 default["ossec"]["syscheck"]["ignore"]['/etc/openvpn/openvpn-status.log'] = {}
@@ -131,8 +144,8 @@ default["ossec"]["syscheck"]["ignore"]['/etc/mail/statistics'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/random-seed'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/adjtime'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/prelink.cache'] = {}
-default["ossec"]["syscheck"]["ignore"]['/root/.bash_history'] = {}
-default["ossec"]["syscheck"]["ignore"]['/root/.viminfo'] = {}
+#default["ossec"]["syscheck"]["ignore"]['/root/.bash_history'] = {}
+#default["ossec"]["syscheck"]["ignore"]['/root/.viminfo'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/dnscache/stats'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/dnscache/log'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/dnscache2/stats'] = {}

metadata.rb

@@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org"
 license          "GPLv2"
 description      "Installs/Configures ossec"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "1.2.4"
+version          "1.2.5"
 issues_url       "http://git.linux-help.org/Linux-Help/ossec-ng/issues"
 source_url       "http://git.linux-help.org/Linux-Help/ossec-ng"
 
@@ -30,4 +30,3 @@ depends 'apt-atomic', '~> 0.1.3'
 
 suggests 'postfix'
 suggests 'selinux_policy'
-