blob: 3ce0d3846cb3d9fe07ef062744c120cb96b43bdf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
#!/bin/sh
export V=1
export USER_NO_STOP=yes
export USER_DIR=/var/lib/ossec-hids
export USER_BINARYINSTALL=x
export USE_GEOIP=yes
export USE_ZEROMQ=yes
export LUA_ENABLE=yes
export USE_SQLITE=yes
export DATABASE=sqlite
export USE_INOTIFY=yes
export PCRE2_SYSTEM=yes
export USE_SYSTEMD=yes
export ZLIB_SYSTEM=yes
export CFLAGS="$CFLAGS -fcommon"
# compilation parameters, reverted in package() to avoid errors
export OSSEC_GROUP=ossec
export OSSEC_USER=ossec
export OSSEC_USER_MAIL=ossec
export OSSEC_USER_REM=ossec
# Do you want to update it? (y/n) [y]:
export USER_UPDATE=y
# Do you want to update the rules? (y/n) [y]:
export USER_UPDATE_RULES=y
# User Language:
export USER_LANGUAGE=en
# Do you want e-mail notification? (y/n) [y]:
export USER_ENABLE_EMAIL=y
# What's your e-mail address?
export USER_EMAIL_ADDRESS=foo@example.com
# What's your SMTP server ip/host?
export USER_EMAIL_SMTP=localhost
# Do you want to run the integrity check daemon? (y/n) [y]:
export USER_ENABLE_SYSCHECK=y
#Do you want to run the rootkit detection engine? (y/n) [y]:
export USER_ENABLE_ROOTCHECK=y
# Active response allows you to execute a specific
# command based on the events received. For example,
# you can block an IP address or disable access for
# a specific user.
# More information at:
# https://ossec.github.io/docs/manual/ar/
#
# - Do you want to enable active response? (y/n) [y]:
export USER_ENABLE_ACTIVE_RESPONSE=y
# - By default, we can enable the host-deny and the
# firewall-drop responses. The first one will add
# a host to the /etc/hosts.deny and the second one
# will block the host on iptables (if linux) or on
# ipfilter (if Solaris, FreeBSD or NetBSD).
# - They can be used to stop SSHD brute force scans,
# portscans and some other forms of attacks. You can
# also add them to block on snort events, for example.
#
# - Do you want to enable the firewall-drop response? (y/n) [y]:
export USER_ENABLE_FIREWALL_RESPONSE=y
# Do you want to add more IPs to the white list? (y/n)? [n]:
# if set to y, installer will ask you to enter the list of IPs
# if you want to use this feature, you must also export USER_NO_STOP=no
export USER_WHITE_LIST=n
# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
export USER_ENABLE_SYSLOG=y
# IP address or hostname of the ossec server. Only used on agent installations.
# export USER_AGENT_SERVER_IP="127.0.0.1"
# export USER_AGENT_SERVER_NAME
# Agent's config profile name. This is used to create agent.conf configuration profiles
# for this particular profile name. Only used on agent installations.
# Can be any string. E.g. LinuxDBServer or WindowsDomainController
export USER_AGENT_CONFIG_PROFILE="generic"
|