<%= @ossec_server_ip %> <%= node["ossec"]["syscheck"]["frequency"] %> <% node["ossec"]["syscheck"]["directories"].sort_by {|k,v| k}.each do |directory,params| -%> <%= directory %> <% end -%> <%= node["ossec"]["syscheck"]["alert_new_files"] %> <%= node["ossec"]["syscheck"]["auto_ignore"] %> <% unless node["ossec"]["syscheck"]["ignore"].nil? node["ossec"]["syscheck"]["ignore"].sort_by {|k,v|}.each do |path,params| if params["use_here"] == true type = params["type"] || "simple" if type == "simple" -%> <%= path %> <% else -%> <%= path %> <% end end end end -%> /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt <% node["ossec"]["command"].each_pair do |command, params| if params["enabled"] == true && \ params["use_here"] == true -%> <%= command %> <% params.each_pair do |param, value| unless (param == 'enabled' || \ param == 'apply_to' || \ param == 'use_here') -%> <<%= param %>><%= value %>> <% end end -%> <% end end %> <% node["ossec"]["active-response"].each_pair do |command, params| if params["enabled"] == true && \ params["use_here"] == true && \ (node["ossec"]["command"][command]["enabled"] == true && node["ossec"]["command"][command]["use_here"] == true) -%> <%= command %> <% params.each_pair do |param, value| unless (param == 'enabled' || \ param == 'apply_to' || \ param == 'use_here') -%> <<%= param %>><%= value %>> <% end end -%> <% end end -%> <% node["ossec"]["syslog_files"].sort_by {|k,v| k}.each do |logfile,params| if params["use_here"] == true log_format = params["log_format"] || "syslog" -%> <%= log_format %> <%= logfile %> <% params.each_pair do |param,value| unless(param == 'log_format' || \ param == 'apply_to' || param == 'use_here') -%> <<%= param %>><%= value %>> <% end end -%> <% end end -%>