ossec-server/config

   1 #!/bin/sh
   2
   3 #Do you want e-mail notification? (y/n) [y]:
   4 export USER_ENABLE_EMAIL=n
   5 # What's your e-mail address?
   6 export USER_EMAIL_ADDRESS=foo@example.com
   7 #  What's your SMTP server ip/host?
   8 export USER_EMAIL_SMTP=
   9
  10 # Do you want to run the integrity check daemon? (y/n) [y]:
  11 export USER_ENABLE_SYSCHECK=y
  12
  13 #Do you want to run the rootkit detection engine? (y/n) [y]:
  14 export USER_ENABLE_ROOTCHECK=y
  15
  16 #       Active response allows you to execute a specific
  17 #       command based on the events received. For example,
  18 #       you can block an IP address or disable access for
  19 #       a specific user.
  20 #       More information at:
  21 #       http://www.ossec.net/en/manual.html#active-response
  22 #
  23 #   - Do you want to enable active response? (y/n) [y]:
  24 export USER_ENABLE_ACTIVE_RESPONSE=y
  25
  26 #   - By default, we can enable the host-deny and the
  27 #     firewall-drop responses. The first one will add
  28 #     a host to the /etc/hosts.deny and the second one
  29 #     will block the host on iptables (if linux) or on
  30 #     ipfilter (if Solaris, FreeBSD or NetBSD).
  31 #   - They can be used to stop SSHD brute force scans,
  32 #     portscans and some other forms of attacks. You can
  33 #     also add them to block on snort events, for example.
  34 #
  35 #   - Do you want to enable the firewall-drop response? (y/n) [y]:
  36 export USER_ENABLE_FIREWALL_RESPONSE=y
  37
  38 # Do you want to add more IPs to the white list? (y/n)? [n]:
  39 # if set to y, installer will ask you to enter the list of IPs
  40 # if you want to use this feature, you must also export USER_NO_STOP=no
  41 export USER_WHITE_LIST=n
  42
  43 # Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
  44 export USER_ENABLE_SYSLOG=y
  45