From 9835c970b4e1bdcf1a03f15f46494a98c0e6666d Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Tue, 21 Feb 2017 23:01:27 -0500 Subject: [PATCH] Commented out and updated excessive syscheck directories from default attributes --- attributes/ossec.rb | 127 ++++++++++++++++++++++++-------------------- metadata.rb | 3 +- 2 files changed, 71 insertions(+), 59 deletions(-) diff --git a/attributes/ossec.rb b/attributes/ossec.rb index cf35584..50f43ab 100644 --- a/attributes/ossec.rb +++ b/attributes/ossec.rb @@ -53,73 +53,86 @@ default["ossec"]["syscheck"]["alert_new_files"] = 'yes' default["ossec"]["syscheck"]["auto_ignore"] = 'no' default["ossec"]["syscheck"]["directories"]['/bin'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/boot'] = { - 'report_changes' => 'no', - 'realtime' => 'no' + 'report_changes' => 'yes', + 'realtime' => 'yes', + 'check_all' => 'yes' } +#default["ossec"]["syscheck"]["directories"]['/boot'] = { +# 'report_changes' => 'no', +# 'realtime' => 'no' +#} default["ossec"]["syscheck"]["directories"]['/etc'] = { 'report_changes' => 'yes', - 'realtime' => 'no' -} -default["ossec"]["syscheck"]["directories"]['/lib/lsb'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/lib/modules'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/lib/plymouth'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/lib/security'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/lib/terminfo'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/lib/ufw'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/lib/xtables'] = { - 'report_changes' => 'no', - 'realtime' => 'no' -} -default["ossec"]["syscheck"]["directories"]['/media'] = { - 'report_changes' => 'no', - 'realtime' => 'no' + 'realtime' => 'yes', + 'check_all' => 'yes' } +#default["ossec"]["syscheck"]["directories"]['/lib/lsb'] = { +# 'report_changes' => 'no', +# 'realtime' => 'yes' +#} +#default["ossec"]["syscheck"]["directories"]['/lib/modules'] = { +# 'report_changes' => 'no', +# 'realtime' => 'yes' +#} +#default["ossec"]["syscheck"]["directories"]['/lib/plymouth'] = { +# 'report_changes' => 'no', +# 'realtime' => 'yes' +#} +#default["ossec"]["syscheck"]["directories"]['/lib/security'] = { +# 'report_changes' => 'no', +# 'realtime' => 'yes' +#} +#default["ossec"]["syscheck"]["directories"]['/lib/terminfo'] = { +# 'report_changes' => 'no', +# 'realtime' => 'yes' +#} +#default["ossec"]["syscheck"]["directories"]['/lib/ufw'] = { +# 'report_changes' => 'no', +# 'realtime' => 'yes' +#} +#default["ossec"]["syscheck"]["directories"]['/lib/xtables'] = { +# 'report_changes' => 'no', +# 'realtime' => 'no' +#} +#default["ossec"]["syscheck"]["directories"]['/media'] = { +# 'report_changes' => 'no', +# 'realtime' => 'no' +#} default["ossec"]["syscheck"]["directories"]['/opt'] = { 'report_changes' => 'no', 'realtime' => 'no' } -default["ossec"]["syscheck"]["directories"]['/root'] = { - 'report_changes' => 'yes', - 'realtime' => 'no' -} -default["ossec"]["syscheck"]["directories"]['/srv'] = { - 'report_changes' => 'no', - 'realtime' => 'no' -} +#default["ossec"]["syscheck"]["directories"]['/root'] = { +# 'report_changes' => 'yes', +# 'realtime' => 'no' +#} +#default["ossec"]["syscheck"]["directories"]['/srv'] = { +# 'report_changes' => 'no', +# 'realtime' => 'no' +#} default["ossec"]["syscheck"]["directories"]['/sbin'] = { - 'report_changes' => 'no', - 'realtime' => 'yes' -} -default["ossec"]["syscheck"]["directories"]['/usr/'] = { 'report_changes' => 'yes', - 'realtime' => 'yes' + 'realtime' => 'yes', + 'check_all' => 'yes' } -default["ossec"]["syscheck"]["directories"]['/tmp'] = { - 'report_changes' => 'no', - 'realtime' => 'no' +#default["ossec"]["syscheck"]["directories"]['/usr/'] = { +# 'report_changes' => 'yes', +# 'realtime' => 'yes' +#} +default["ossec"]["syscheck"]["directories"]['/usr/bin'] = { + 'report_changes' => 'yes', + 'realtime' => 'yes', + 'check_all' => 'yes' } +default["ossec"]["syscheck"]["directories"]['/usr/sbin'] = { + 'report_changes' => 'yes', + 'realtime' => 'yes', + 'check_all' => 'yes' +} +#default["ossec"]["syscheck"]["directories"]['/tmp'] = { +# 'report_changes' => 'no', +# 'realtime' => 'no' +#} # Syscheck Ignore Files default["ossec"]["syscheck"]["ignore"]['/etc/openvpn/openvpn-status.log'] = {} @@ -131,8 +144,8 @@ default["ossec"]["syscheck"]["ignore"]['/etc/mail/statistics'] = {} default["ossec"]["syscheck"]["ignore"]['/etc/random-seed'] = {} default["ossec"]["syscheck"]["ignore"]['/etc/adjtime'] = {} default["ossec"]["syscheck"]["ignore"]['/etc/prelink.cache'] = {} -default["ossec"]["syscheck"]["ignore"]['/root/.bash_history'] = {} -default["ossec"]["syscheck"]["ignore"]['/root/.viminfo'] = {} +#default["ossec"]["syscheck"]["ignore"]['/root/.bash_history'] = {} +#default["ossec"]["syscheck"]["ignore"]['/root/.viminfo'] = {} default["ossec"]["syscheck"]["ignore"]['/etc/dnscache/stats'] = {} default["ossec"]["syscheck"]["ignore"]['/etc/dnscache/log'] = {} default["ossec"]["syscheck"]["ignore"]['/etc/dnscache2/stats'] = {} diff --git a/metadata.rb b/metadata.rb index f6d1ebe..1e4396d 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org" license "GPLv2" description "Installs/Configures ossec" long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "1.2.4" +version "1.2.5" issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues" source_url "http://git.linux-help.org/Linux-Help/ossec-ng" @@ -30,4 +30,3 @@ depends 'apt-atomic', '~> 0.1.3' suggests 'postfix' suggests 'selinux_policy' -