--- etc/ossec-agent.conf 2024-05-10 13:50:56.929321000 -0700
+++ etc/ossec-agent.conf 2024-05-10 14:08:22.272131000 -0700
@@ -8,8 +8,10 @@
IP
+ 1514
+ udp
- debian, debian8
+ freebsd, freebsd%%FBSD_MAJOR_VERSION%%
aes
@@ -32,7 +34,7 @@
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/system_audit_ssh.txt
- /var/ossec/etc/shared/cis_debian_linux_rcl.txt
+ /var/ossec/etc/shared/cis_freebsd%%FBSD_MAJOR_VERSION%%.yml
yes
@@ -135,10 +137,25 @@
syslog
- /var/log/syslog
+ /var/log/cron
+ syslog
+ /var/log/daemon.log
+
+
+
+ syslog
+ /var/log/debug.log
+
+
+
+ syslog
+ /var/log/userlog
+
+
+
command
df -P
360
@@ -146,7 +163,7 @@
full_command
- netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort
+ (netstat -n -f inet && netstat -n -f inet) | grep -e "udp" -e "tcp" | sed 's/\([[:alnum:]]*\)\ *[[:digit:]]*\ *[[:digit:]]*\ *\([[:digit:]\.]*\)\.\([[:digit:]]*\)\ *\([[:digit:]\.]*\).*/\1 \2 == \3 == \4/' | sort -k4 -g | sed 's/ == \(.*\) ==/.\1/'
360