summarylogtreecommitdiffstats
path: root/config
blob: ba6fe0f431fe93fbb6c45fd9cd92918c85b83b83 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/sh

# What type of install is this? (server, agent, local, hybrid?):
export USER_INSTALL_TYPE=server

# Do you want to update it? (y/n) [y]:
export USER_UPDATE=y

# Do you want to update the rules? (y/n) [y]:
export USER_UPDATE_RULES=y

# User Language:
export USER_LANGUAGE=en

# Do you want e-mail notification? (y/n) [y]:
export USER_ENABLE_EMAIL=y
# What's your e-mail address?
export USER_EMAIL_ADDRESS=foo@example.com
#  What's your SMTP server ip/host?
export USER_EMAIL_SMTP=localhost

# Do you want to run the integrity check daemon? (y/n) [y]:
export USER_ENABLE_SYSCHECK=y

#Do you want to run the rootkit detection engine? (y/n) [y]:
export USER_ENABLE_ROOTCHECK=y

#       Active response allows you to execute a specific 
#       command based on the events received. For example,
#       you can block an IP address or disable access for
#       a specific user.  
#       More information at:
#       https://ossec.github.io/docs/manual/ar/
#       
#   - Do you want to enable active response? (y/n) [y]: 
export USER_ENABLE_ACTIVE_RESPONSE=y

#   - By default, we can enable the host-deny and the 
#     firewall-drop responses. The first one will add
#     a host to the /etc/hosts.deny and the second one
#     will block the host on iptables (if linux) or on
#     ipfilter (if Solaris, FreeBSD or NetBSD).
#   - They can be used to stop SSHD brute force scans, 
#     portscans and some other forms of attacks. You can 
#     also add them to block on snort events, for example.
#
#   - Do you want to enable the firewall-drop response? (y/n) [y]:
export USER_ENABLE_FIREWALL_RESPONSE=y

# Do you want to add more IPs to the white list? (y/n)? [n]:
# if set to y, installer will ask you to enter the list of IPs
# if you want to use this feature, you must also export USER_NO_STOP=no
export USER_WHITE_LIST=n

# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
export USER_ENABLE_SYSLOG=y