<%= node["ossec"]["email_notification"] %>
<% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%>
<%= recipient %>
<% end -%>
<%= node["ossec"]["smtp_server"] %>
<%= node["ossec"]["email_from"] %>
<%= node["ossec"]["email_maxperhour"] %>
<%= node["ossec"]["email_idsname"] %>
<%=node["ossec"]["memory_size"]%>
<% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%>
<%= ip %>
<% end -%>
<% node["ossec"]["email_alerts"].sort_by {|k,v| k}.each do |recipient,params|
locations = []
if params.has_key?('event_location_tag')
locations = @ossec_agents.select{
|n| n[:tags].include?(
params[:event_location_tag]
)
}.map {|n2| n2.network.lanip || '172.172.172.172'}
elsif params.has_key?('resolved_search')
locations = params[:resolved_search]
end
if locations.count > 0
locations.sort_by {|k| k}.each do |location| -%>
<%= recipient %>
<%= location %>
<% params.sort_by {|k,v| k}.each do |key, value|
unless key =~ /event_location_tag|event_location_search|resolved_search/
if key.eql?('tags')
value.sort_by {|k| k}.each do |tag| -%>
<<%= tag %> />
<% end
else -%>
<<%= key %>><%= value %><%= key %>>
<% end
end
end -%>
<% end
else -%>
<%= recipient %>
<% params.sort_by {|k,v| k}.each do |key, value|
unless key =~ /event_location_tag|event_location_search|resolved_search/
if key.eql?('tags')
value.sort_by {|k| k}.each do |tag| -%>
<<%= tag %> />
<% end
else -%>
<<%= key %>><%= value %><%= key %>>
<% end
end
end -%>
<% end
end -%>
<% node["ossec"]["load_rules"].each_pair do |name, value|
if value -%>
<%= name %>
<% end
end -%>
<%= node["ossec"]["remote"]["connection"] %>
<%= node.ipaddress %>
<%= node["ossec"]["syslog_output"]["ip"] %>
<%= node["ossec"]["syslog_output"]["port"] %>
<%= node["ossec"]["syslog_output"]["min_level"] %>
<%= node["ossec"]["log_alert_level"] %>
<%= node["ossec"]["email_alert_level"] %>
authentication_success
srcip
Daily report: Successful logins
<% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%>
<%= recipient %>
<% end -%>
web
Daily report: Web
<% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%>
<%= recipient %>
<% end -%>
Daily report: Level 7
7
level
<% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%>
<%= recipient %>
<% end -%>
Daily report: Level 12
12
level
<% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%>
<%= recipient %>
<% end -%>
syscheck
Daily report: File changes
filename
<% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%>
<%= recipient %>
<% end -%>
<%= node["ossec"]["syscheck"]["frequency"] %>
<% node["ossec"]["syscheck"]["directories"].sort_by {|k,v| k}.each do |directory,params| -%>
<%= directory %>
<% end -%>
<%= node["ossec"]["syscheck"]["alert_new_files"] %>
<%= node["ossec"]["syscheck"]["auto_ignore"] %>
<% unless node["ossec"]["syscheck"]["ignore"].nil?
node["ossec"]["syscheck"]["ignore"].sort_by {|k,v|}.each do |path,params|
if params["use_here"] == true
type = params["type"] || "simple"
if type == "simple" -%>
<%= path %>
<% else -%>
<%= path %>
<% end
end
end
end -%>
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
<% node["ossec"]["command"].each_pair do |command, params|
if params["enabled"] == true && \
params["use_here"] == true -%>
<%= command %>
<% params.each_pair do |param, value|
unless (param == 'enabled' || \
param == 'apply_to' || \
param == 'use_here') -%>
<<%= param %>><%= value %><%= param %>>
<% end
end -%>
<% end
end %>
<% node["ossec"]["active-response"].each_pair do |command, params|
if params["enabled"] == true && \
params["use_here"] == true && \
(node["ossec"]["command"][command]["enabled"] == true &&
node["ossec"]["command"][command]["use_here"] == true) -%>
<%= command %>
<% params.each_pair do |param, value|
unless (param == 'enabled' || \
param == 'apply_to' || \
param == 'use_here') -%>
<<%= param %>><%= value %><%= param %>>
<% end
end -%>
<% end
end -%>
<% node["ossec"]["syslog_files"].sort_by {|k,v| k}.each do |logfile,params|
if params["use_here"] == true
log_format = params["log_format"] || "syslog" -%>
<%= log_format %>
<%= logfile %>
<% params.each_pair do |param,value|
unless(param == 'log_format' || \
param == 'apply_to' ||
param == 'use_here') -%>
<<%= param %>><%= value %><%= param %>>
<% end
end -%>
<% end
end -%>