[Pkg-ossec-devel] [ossec-hids-server] List of files created by ossec-server's installation (complete functionality + default values)
Jose Antonio Quevedo Muñoz
joseantonio.quevedo at gmail.com
Tue Jul 26 23:55:11 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi there,
we, Santiago Vila & me, run the upstream installation shell script
(install.sh) inside a squeeze chroot taking a snapshot of the md5sum of
each file before the installation. After running install.sh script using
all the features for a server installation implemented by upstream using
the default values (for $USER_DIR=/var/ossec for example), md5sums were
compared and next was the result.
===========================
* Files modified:
/etc/passwd
/etc/shadow
Two users were created through this process:
ossec:x:1001:1001::/var/ossec:/bin/false
ossecm:x:1002:1001::/var/ossec:/bin/false
* Files created:
/etc/ossec-init.conf
/etc/init.d/ossec
/var/ossec/bin/ossec-reportd
/var/ossec/bin/manage_agents
/var/ossec/bin/ossec-monitord
/var/ossec/bin/ossec-agentd
/var/ossec/bin/syscheck_control
/var/ossec/bin/ossec-dbd
/var/ossec/bin/ossec-execd
/var/ossec/bin/ossec-remoted
/var/ossec/bin/ossec-analysisd
/var/ossec/bin/ossec-authd
/var/ossec/bin/verify-agent-conf
/var/ossec/bin/ossec-logtest
/var/ossec/bin/ossec-maild
/var/ossec/bin/ossec-syscheckd
/var/ossec/bin/ossec-control
/var/ossec/bin/ossec-regex
/var/ossec/bin/ossec-logcollector
/var/ossec/bin/clear_stats
/var/ossec/bin/ossec-agentlessd
/var/ossec/bin/ossec-csyslogd
/var/ossec/bin/list_agents
/var/ossec/bin/syscheck_update
/var/ossec/bin/rootcheck_control
/var/ossec/bin/agent_control
/var/ossec/bin/ossec-makelists
/var/ossec/etc/ossec.conf
/var/ossec/etc/ossec-init.conf
/var/ossec/etc/decoder.xml
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/win_audit_rcl.txt
/var/ossec/etc/shared/win_malware_rcl.txt
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
/var/ossec/etc/shared/win_applications_rcl.txt
/var/ossec/etc/localtime
/var/ossec/etc/internal_options.conf
/var/ossec/rules/ms_dhcp_rules.xml
/var/ossec/rules/msauth_rules.xml
/var/ossec/rules/solaris_bsm_rules.xml
/var/ossec/rules/courier_rules.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_de.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_es.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_nl.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_fr.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_fr_funny.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_it.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_no.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_sv.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_pt_br.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_en.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_tr.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_ro.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_da.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_sk.xml
/var/ossec/rules/asterisk_rules.xml
/var/ossec/rules/dovecot_rules.xml
/var/ossec/rules/netscreenfw_rules.xml
/var/ossec/rules/ms-exchange_rules.xml
/var/ossec/rules/wordpress_rules.xml
/var/ossec/rules/php_rules.xml
/var/ossec/rules/squid_rules.xml
/var/ossec/rules/cisco-ios_rules.xml
/var/ossec/rules/named_rules.xml
/var/ossec/rules/proftpd_rules.xml
/var/ossec/rules/cimserver_rules.xml
/var/ossec/rules/bro-ids_rules.xml
/var/ossec/rules/local_rules.xml
/var/ossec/rules/smbd_rules.xml
/var/ossec/rules/openbsd_rules.xml
/var/ossec/rules/ids_rules.xml
/var/ossec/rules/ms_ftpd_rules.xml
/var/ossec/rules/postfix_rules.xml
/var/ossec/rules/pure-ftpd_rules.xml
/var/ossec/rules/apache_rules.xml
/var/ossec/rules/racoon_rules.xml
/var/ossec/rules/vmpop3d_rules.xml
/var/ossec/rules/vpopmail_rules.xml
/var/ossec/rules/rules_config.xml
/var/ossec/rules/web_rules.xml
/var/ossec/rules/trend-osce_rules.xml
/var/ossec/rules/nginx_rules.xml
/var/ossec/rules/spamd_rules.xml
/var/ossec/rules/arpwatch_rules.xml
/var/ossec/rules/telnetd_rules.xml
/var/ossec/rules/sshd_rules.xml
/var/ossec/rules/policy_rules.xml
/var/ossec/rules/mailscanner_rules.xml
/var/ossec/rules/clam_av_rules.xml
/var/ossec/rules/dropbear_rules.xml
/var/ossec/rules/sonicwall_rules.xml
/var/ossec/rules/mysql_rules.xml
/var/ossec/rules/pix_rules.xml
/var/ossec/rules/attack_rules.xml
/var/ossec/rules/ftpd_rules.xml
/var/ossec/rules/hordeimp_rules.xml
/var/ossec/rules/zeus_rules.xml
/var/ossec/rules/vmware_rules.xml
/var/ossec/rules/pam_rules.xml
/var/ossec/rules/symantec-ws_rules.xml
/var/ossec/rules/syslog_rules.xml
/var/ossec/rules/postgresql_rules.xml
/var/ossec/rules/roundcube_rules.xml
/var/ossec/rules/imapd_rules.xml
/var/ossec/rules/vpn_concentrator_rules.xml
/var/ossec/rules/sendmail_rules.xml
/var/ossec/rules/ossec_rules.xml
/var/ossec/rules/vsftpd_rules.xml
/var/ossec/rules/firewall_rules.xml
/var/ossec/rules/mcafee_av_rules.xml
/var/ossec/rules/symantec-av_rules.xml
/var/ossec/rules/ms-se_rules.xml
/var/ossec/active-response/bin/disable-account.sh
/var/ossec/active-response/bin/ipfw_mac.sh
/var/ossec/active-response/bin/ossec-tweeter.sh
/var/ossec/active-response/bin/restart-ossec.sh
/var/ossec/active-response/bin/host-deny.sh
/var/ossec/active-response/bin/pf.sh
/var/ossec/active-response/bin/route-null.sh
/var/ossec/active-response/bin/firewall-drop.sh
/var/ossec/active-response/bin/ipfw.sh
/var/ossec/logs/ossec.log
/var/ossec/agentless/ssh_integrity_check_bsd
/var/ossec/agentless/main.exp
/var/ossec/agentless/ssh_generic_diff
/var/ossec/agentless/sshlogin.exp
/var/ossec/agentless/ssh_foundry_diff
/var/ossec/agentless/ssh.exp
/var/ossec/agentless/ssh_asa-fwsmconfig_diff
/var/ossec/agentless/su.exp
/var/ossec/agentless/register_host.sh
/var/ossec/agentless/ssh_nopass.exp
/var/ossec/agentless/ssh_pixconfig_diff
/var/ossec/agentless/ssh_integrity_check_linux
============
Regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOL1PdAAoJEMPXPF2CJFgiER4P/RxEneOBdXqohR3Jzzhymcu3
l5stqU/A1sbAUFQArZxERNv98zD5xfnwO4w+qTOyOJy39DmQj0S4uBafBXSp9ZZG
wY6SBKlRYqkAoOX+vFEkd3tl0PctaN+GKsn47p0uoXcO5hw++5hnyolRK44iIj4d
vAsbTQ1iSNn7lGDVjIcUZhaEsvgPWGLb+VowLhV3UYKAoX69IGJ+U/wjMnJLwm5E
JJP74EEb2+e2iSE0FX+q5gROcxh0T4ajGYZN83gOEKLJLJs4C9iSmixEDqXkwLVn
9Xzz33KxFRQUCPxGB2nrWoZLIjhXHHLwT1XZvD9bVHzISKJriStI3peIejSiNvJ5
arANdw7SmcXCAxB5YGxETfbU8S7lKJHAxI+8VpLP5EyqRFxKeUXnXLnwvo/CJb5F
19+YOoD4bGr1J7X3r6ms9vM8DHwiBo5YeYRe5gVwyPSPp94p2D1mXGJnY+ZGYBbD
jUN5aOqy43nx6gx6WTAbMpJUuwCBBTcgUPZgZmb719JTLp8VGZTsh8uJ7ruH8T73
JR/efqi2PD4L4cX6W0Wkq7W35mgqrILa7Layx7TpRkA3wvWynryGrKggOY9l69nn
KI7DhrABImcpS1PcGfwZlCxZPYyjHAcDQrVhOK4xuWcjCYw8NbbtPLTUDUWGsArD
iNnoa5+KVXCnGVkawgxc
=fJJ8
-----END PGP SIGNATURE-----
More information about the Pkg-ossec-devel
mailing list