--- etc/ossec-server.conf 2024-05-10 18:10:43.842257000 -0500 +++ etc/ossec-server.conf 2024-05-10 18:15:26.471699000 -0500 @@ -28,7 +28,8 @@ secure 1514 - tcp + udp + 131072 @@ -200,7 +201,7 @@ syslog - /var/log/syslog + /var/log/userlog @@ -211,7 +212,7 @@ full_command - netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort + (netstat -n -f inet && netstat -n -f inet) | grep -e "udp" -e "tcp" | sed 's/\([[:alnum:]]*\)\ *[[:digit:]]*\ *[[:digit:]]*\ *\([[:digit:]\.]*\)\.\([[:digit:]]*\)\ *\([[:digit:]\.]*\).*/\1 \2 == \3 == \4/' | sort -k4 -g | sed 's/ == \(.*\) ==/.\1/' 360 @@ -233,4 +234,32 @@ etc/rules + + + no + 1515 + no + yes + yes + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + indexer1 + master + + 1516 + 0.0.0.0 + + NODE_IP + + no + yes +