yes no no yes no smtp.example.wazuh.com ossecm@example.wazuh.com recipient@example.wazuh.com 12 1 7 secure 1514 udp no yes yes yes yes yes yes yes yes 43200 /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt /var/ossec/etc/shared/system_audit_rcl.txt /var/ossec/etc/shared/system_audit_ssh.txt /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt yes yes 1800 1d yes xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common no 43200 yes yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile ^/proc .log$|.swp$ /etc/ssl/private.key yes 127.0.0.1 ^localhost.localdomain$ 10.0.0.2 disable-account disable-account.sh user yes restart-ossec restart-ossec.sh firewall-drop firewall-drop.sh srcip yes host-deny host-deny.sh srcip yes route-null route-null.sh srcip yes win_route-null route-null.cmd srcip yes host-deny local 6 600 firewall-drop local 6 600 command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360 syslog /var/ossec/logs/active-responses.log ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/decoders etc/rules