aboutsummaryrefslogtreecommitdiffstats
path: root/testing/ossec-hids-local/config
diff options
context:
space:
mode:
Diffstat (limited to 'testing/ossec-hids-local/config')
-rw-r--r--testing/ossec-hids-local/config63
1 files changed, 63 insertions, 0 deletions
diff --git a/testing/ossec-hids-local/config b/testing/ossec-hids-local/config
new file mode 100644
index 0000000000..4400290be7
--- /dev/null
+++ b/testing/ossec-hids-local/config
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# Do you want to update it? (y/n) [y]:
+export USER_UPDATE=y
+
+# Do you want to update the rules? (y/n) [y]:
+export USER_UPDATE_RULES=y
+
+# User Language:
+export USER_LANGUAGE=en
+
+# Do you want e-mail notification? (y/n) [y]:
+export USER_ENABLE_EMAIL=y
+# What's your e-mail address?
+export USER_EMAIL_ADDRESS=foo@example.com
+# What's your SMTP server ip/host?
+export USER_EMAIL_SMTP=localhost
+
+# Do you want to run the integrity check daemon? (y/n) [y]:
+export USER_ENABLE_SYSCHECK=y
+
+#Do you want to run the rootkit detection engine? (y/n) [y]:
+export USER_ENABLE_ROOTCHECK=y
+
+# Active response allows you to execute a specific
+# command based on the events received. For example,
+# you can block an IP address or disable access for
+# a specific user.
+# More information at:
+# https://ossec.github.io/docs/manual/ar/
+#
+# - Do you want to enable active response? (y/n) [y]:
+export USER_ENABLE_ACTIVE_RESPONSE=y
+
+# - By default, we can enable the host-deny and the
+# firewall-drop responses. The first one will add
+# a host to the /etc/hosts.deny and the second one
+# will block the host on iptables (if linux) or on
+# ipfilter (if Solaris, FreeBSD or NetBSD).
+# - They can be used to stop SSHD brute force scans,
+# portscans and some other forms of attacks. You can
+# also add them to block on snort events, for example.
+#
+# - Do you want to enable the firewall-drop response? (y/n) [y]:
+export USER_ENABLE_FIREWALL_RESPONSE=y
+
+# Do you want to add more IPs to the white list? (y/n)? [n]:
+# if set to y, installer will ask you to enter the list of IPs
+# if you want to use this feature, you must also export USER_NO_STOP=no
+export USER_WHITE_LIST=n
+
+# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
+export USER_ENABLE_SYSLOG=y
+
+# IP address or hostname of the ossec server. Only used on agent installations.
+# export USER_AGENT_SERVER_IP="127.0.0.1"
+# export USER_AGENT_SERVER_NAME
+# Agent's config profile name. This is used to create agent.conf configuration profiles
+# for this particular profile name. Only used on agent installations.
+# Can be any string. E.g. LinuxDBServer or WindowsDomainController
+export USER_AGENT_CONFIG_PROFILE="generic"
+
+