--- etc/ossec-server.conf 2025-11-07 00:46:03.000000000 -0800
+++ etc/ossec-server.conf 2026-01-10 15:58:20.321540000 -0800
@@ -20,6 +20,26 @@
0
+
+ no
+ yes
+ 60m
+
+
+
+ no
+
+ https://127.0.0.1:9200
+
+
+
+ /usr/local/etc/logstash/certs/root-ca.pem
+
+ /usr/local/etc/logstash/certs/server1.pem
+ /usr/local/etc/logstash/certs/server1-key.pem
+
+
+
3
12
@@ -29,6 +49,7 @@
secure
1514
tcp
+ 131072
@@ -43,7 +64,6 @@
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/system_audit_ssh.txt
- /var/ossec/etc/shared/cis_debian_linux_rcl.txt
yes
@@ -200,7 +220,7 @@
syslog
- /var/log/syslog
+ /var/log/userlog
@@ -211,7 +231,7 @@
full_command
- netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort
+ (netstat -n -f inet && netstat -n -f inet) | grep -e "udp" -e "tcp" | sed 's/\([[:alnum:]]*\)\ *[[:digit:]]*\ *[[:digit:]]*\ *\([[:digit:]\.]*\)\.\([[:digit:]]*\)\ *\([[:digit:]\.]*\).*/\1 \2 == \3 == \4/' | sort -k4 -g | sed 's/ == \(.*\) ==/.\1/'
360
@@ -236,4 +256,32 @@
etc/rules
+
+
+ no
+ 1515
+ no
+ yes
+ yes
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ etc/sslmanager.cert
+ etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ indexer1
+ master
+
+ 1516
+ 0.0.0.0
+
+ NODE_IP
+
+ no
+ yes
+