<%= node["ossec"]["email_notification"] %> <% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%> <%= recipient %> <% end -%> <%= node["ossec"]["smtp_server"] %> <%= node["ossec"]["email_from"] %> <%= node["ossec"]["email_maxperhour"] %> <%= node["ossec"]["email_idsname"] %> <%=node["ossec"]["memory_size"]%> <% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%> <%= ip %> <% end -%> <% node["ossec"]["load_rules"].each_pair do |name, value| if value -%> <%= name %> <% end end -%> <%= node["ossec"]["remote"]["connection"] %> <%= node.ipaddress %> <%= node["ossec"]["syslog_output"]["ip"] %> <%= node["ossec"]["syslog_output"]["port"] %> <%= node["ossec"]["syslog_output"]["min_level"] %> <%= node["ossec"]["log_alert_level"] %> <%= node["ossec"]["email_alert_level"] %> authentication_success srcip <% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%> <%= recipient %> <% end -%> web <% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%> <%= recipient %> <% end -%> 7 level <% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%> <%= recipient %> <% end -%> 12 level <% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%> <%= recipient %> <% end -%> syscheck filename <% node["ossec"]["email_to"].sort_by {|k| k}.each do |recipient| -%> <%= recipient %> <% end -%> <% node["ossec"]["email_alerts"].sort_by {|k,v| k}.each do |recipient,params| locations = [] if params.has_key?('event_location_tag') locations = @ossec_agents.select{ |n| n[:tags].include?( params[:event_location_tag] ) }.map {|n2| n2.network.lanip || '172.172.172.172'} elsif params.has_key?('resolved_search') locations = params[:resolved_search] end if locations.count > 0 locations.sort_by {|k| k}.each do |location| -%> <%= recipient %> <%= location %> <% params.sort_by {|k,v| k}.each do |key, value| unless key =~ /event_location_tag|event_location_search|resolved_search/ if key.eql?('tags') value.sort_by {|k| k}.each do |tag| -%> <<%= tag %> /> <% end else -%> <<%= key %>><%= value %>> <% end end end -%> <% end else -%> <%= recipient %> <% params.sort_by {|k,v| k}.each do |key, value| unless key =~ /event_location_tag|event_location_search|resolved_search/ if key.eql?('tags') value.sort_by {|k| k}.each do |tag| -%> <<%= tag %> /> <% end else -%> <<%= key %>><%= value %>> <% end end end -%> <% end end -%> <%= node["ossec"]["syscheck"]["frequency"] %> <% node["ossec"]["syscheck"]["directories"].sort_by {|k,v| k}.each do |directory,params| -%> <%= directory %> <% end -%> <%= node["ossec"]["syscheck"]["alert_new_files"] %> <%= node["ossec"]["syscheck"]["auto_ignore"] %> <% unless node["ossec"]["syscheck"]["ignore"].nil? node["ossec"]["syscheck"]["ignore"].sort_by {|k,v|}.each do |path,params| if params["use_here"] == true type = params["type"] || "simple" if type == "simple" -%> <%= path %> <% else -%> <%= path %> <% end end end end -%> /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt <% node["ossec"]["command"].each_pair do |command, params| if params["enabled"] == true && \ params["use_here"] == true -%> <%= command %> <% params.each_pair do |param, value| unless (param == 'enabled' || \ param == 'apply_to' || \ param == 'use_here') -%> <<%= param %>><%= value %>> <% end end -%> <% end end %> <% node["ossec"]["active-response"].each_pair do |command, params| if params["enabled"] == true && \ params["use_here"] == true && \ (node["ossec"]["command"][command]["enabled"] == true && node["ossec"]["command"][command]["use_here"] == true) -%> <%= command %> <% params.each_pair do |param, value| unless (param == 'enabled' || \ param == 'apply_to' || \ param == 'use_here') -%> <<%= param %>><%= value %>> <% end end -%> <% end end -%> <% node["ossec"]["syslog_files"].sort_by {|k,v| k}.each do |logfile,params| if params["use_here"] == true log_format = params["log_format"] || "syslog" -%> <%= log_format %> <%= logfile %> <% params.each_pair do |param,value| unless(param == 'log_format' || \ param == 'apply_to' || param == 'use_here') -%> <<%= param %>><%= value %>> <% end end -%> <% end end -%>