yes
no
rules_config.xml
pam_rules.xml
sshd_rules.xml
telnetd_rules.xml
syslog_rules.xml
arpwatch_rules.xml
symantec-av_rules.xml
symantec-ws_rules.xml
pix_rules.xml
named_rules.xml
smbd_rules.xml
vsftpd_rules.xml
pure-ftpd_rules.xml
proftpd_rules.xml
ms_ftpd_rules.xml
ftpd_rules.xml
hordeimp_rules.xml
roundcube_rules.xml
wordpress_rules.xml
cimserver_rules.xml
vpopmail_rules.xml
vmpop3d_rules.xml
courier_rules.xml
web_rules.xml
web_appsec_rules.xml
apache_rules.xml
nginx_rules.xml
php_rules.xml
mysql_rules.xml
postgresql_rules.xml
ids_rules.xml
squid_rules.xml
firewall_rules.xml
apparmor_rules.xml
cisco-ios_rules.xml
netscreenfw_rules.xml
sonicwall_rules.xml
postfix_rules.xml
sendmail_rules.xml
imapd_rules.xml
mailscanner_rules.xml
dovecot_rules.xml
ms-exchange_rules.xml
racoon_rules.xml
vpn_concentrator_rules.xml
spamd_rules.xml
msauth_rules.xml
mcafee_av_rules.xml
trend-osce_rules.xml
ms-se_rules.xml
zeus_rules.xml
solaris_bsm_rules.xml
vmware_rules.xml
ms_dhcp_rules.xml
asterisk_rules.xml
ossec_rules.xml
attack_rules.xml
openbsd_rules.xml
clam_av_rules.xml
dropbear_rules.xml
sysmon_rules.xml
opensmtpd_rules.xml
exim_rules.xml
openbsd-dhcpd_rules.xml
dnsmasq_rules.xml
nsd_rules.xml
unbound_rules.xml
psad_rules.xml
local_rules.xml
79200
/etc,/usr/bin,/usr/sbin
/bin,/sbin,/boot
/etc/mtab
/etc/mnttab
/etc/hosts.deny
/etc/mail/statistics
/etc/random-seed
/etc/adjtime
/etc/httpd/logs
/etc/utmpx
/etc/wtmpx
/etc/cups/certs
/etc/dumpdates
/etc/svc/volatile
C:\WINDOWS/System32/LogFiles
C:\WINDOWS/Debug
C:\WINDOWS/WindowsUpdate.log
C:\WINDOWS/iis6.log
C:\WINDOWS/system32/wbem/Logs
C:\WINDOWS/system32/wbem/Repository
C:\WINDOWS/Prefetch
C:\WINDOWS/PCHEALTH/HELPCTR/DataColl
C:\WINDOWS/SoftwareDistribution
C:\WINDOWS/Temp
C:\WINDOWS/system32/config
C:\WINDOWS/system32/spool
C:\WINDOWS/system32/CatRoot
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
127.0.0.1
::1
localhost.localdomain
8.8.8.8
8.8.4.4
192.168.0.2
192.168.0.3
syslog
secure
1
host-deny
host-deny.sh
srcip
yes
firewall-drop
firewall-drop.sh
srcip
yes
disable-account
disable-account.sh
user
yes
restart-ossec
restart-ossec.sh
route-null
route-null.sh
srcip
yes
ossec-slack
ossec-slack.sh
no
cloudflare-ban
cloudflare-ban.sh
yes
srcip
host-deny
all
6
600
30,60,120,240,480
firewall-drop
all
6
600
30,60,120,240,480
ossec-slack
server
6
cloudflare-ban
server
6
43200
syslog
/var/log/messages
syslog
/var/log/secure
syslog
/var/log/maillog
snort-fast
/var/log/snort/alert
syslog
/var/log/fail2ban.log
command
df -P
full_command
netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)' | sort
full_command
last -n 5