[Pkg-ossec-devel] [ossec-hids-server] List of files created by ossec-server's installation (complete functionality + default values)
Jose Antonio Quevedo
joseantonio.quevedo at gmail.com
Wed Aug 10 09:58:53 UTC 2011
Great!
Now the next is additional information that wasn't provided in the last
resume:
*Files modified*:
/etc/group: the only group added to the system.
+ossec:x:1001:
/etc/init.d/.depend.stop
/etc/init.d/.depend.start
/etc/init.d/.depend.boot
Attached are the 3 diff files generated after comparing original
/etc/init.d/.depend.* files with the same files after installing Ossec as a
server.
*New files*:
/var/lib/update-rc.d/ossec
Attached are the results of the last file analysis. Just for log as the
conclusions have been already exposed in this email.
Best regards,
El 30 de julio de 2011 23:27, Javier Fernández-Sanguino Peña <
jfs at computer.org> escribió:
> On Wed, Jul 27, 2011 at 01:55:11AM +0200, Jose Antonio Quevedo Mu?oz wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Hi there,
> >
> > we, Santiago Vila & me, run the upstream installation shell script
> > (install.sh) inside a squeeze chroot taking a snapshot of the md5sum of
> > each file before the installation. After running install.sh script using
> > all the features for a server installation implemented by upstream using
> > the default values (for $USER_DIR=/var/ossec for example), md5sums were
> > compared and next was the result.
>
> The latest version in git should compile and build a package with all those
> contents (the user changes are done in preinst) but modified:
>
> - binaries are in /usr/lib/ossec instead of in /var/ossec/bin
> - configuration files are in /etc/ossec instead of in /var/ossec/etc
>
> Symlinks make sure that the programs will still find them in their original
> location, however.
>
> Regards
>
> Javier
>
>
> _______________________________________________
> Pkg-ossec-devel mailing list
> Pkg-ossec-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-ossec-devel
>
>
--
Jose Antonio Quevedo Muñoz
Key fingerprint: C88A AAFA CF91 F556 E1D5 52FC C3D7 3C5D 8224 5822
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-ossec-devel/attachments/20110810/38d5ff10/attachment.html>
-------------- next part --------------
/var/log/lastlog
/var/log/faillog
/etc/passwd
/etc/group-
/etc/shadow-
/etc/init.d/.depend.stop
/etc/init.d/.depend.start
/etc/init.d/.depend.boot
/etc/gshadow
/etc/group
/etc/shadow
/etc/passwd-
/etc/gshadow-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: etc.init.d.depend.boot.diff
Type: text/x-patch
Size: 2368 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ossec-devel/attachments/20110810/38d5ff10/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: etc.init.d.depend.start.diff
Type: text/x-patch
Size: 652 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ossec-devel/attachments/20110810/38d5ff10/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: etc.init.d.depend.stop.diff
Type: text/x-patch
Size: 813 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ossec-devel/attachments/20110810/38d5ff10/attachment-0002.bin>
-------------- next part --------------
/var/ossec/rules/symantec-ws_rules.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_en.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_it.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_pt_br.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_no.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_es.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_de.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_da.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_ro.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_tr.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_sk.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_fr_funny.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_fr.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_nl.xml
/var/ossec/rules/translated/pure_ftpd/pure-ftpd_rules_sv.xml
/var/ossec/rules/vpopmail_rules.xml
/var/ossec/rules/dropbear_rules.xml
/var/ossec/rules/apache_rules.xml
/var/ossec/rules/attack_rules.xml
/var/ossec/rules/vsftpd_rules.xml
/var/ossec/rules/syslog_rules.xml
/var/ossec/rules/ms_ftpd_rules.xml
/var/ossec/rules/hordeimp_rules.xml
/var/ossec/rules/smbd_rules.xml
/var/ossec/rules/racoon_rules.xml
/var/ossec/rules/clam_av_rules.xml
/var/ossec/rules/openbsd_rules.xml
/var/ossec/rules/sonicwall_rules.xml
/var/ossec/rules/nginx_rules.xml
/var/ossec/rules/postgresql_rules.xml
/var/ossec/rules/symantec-av_rules.xml
/var/ossec/rules/ms-se_rules.xml
/var/ossec/rules/spamd_rules.xml
/var/ossec/rules/ms_dhcp_rules.xml
/var/ossec/rules/ftpd_rules.xml
/var/ossec/rules/mcafee_av_rules.xml
/var/ossec/rules/pam_rules.xml
/var/ossec/rules/named_rules.xml
/var/ossec/rules/vmpop3d_rules.xml
/var/ossec/rules/policy_rules.xml
/var/ossec/rules/php_rules.xml
/var/ossec/rules/arpwatch_rules.xml
/var/ossec/rules/cisco-ios_rules.xml
/var/ossec/rules/ids_rules.xml
/var/ossec/rules/pix_rules.xml
/var/ossec/rules/roundcube_rules.xml
/var/ossec/rules/squid_rules.xml
/var/ossec/rules/asterisk_rules.xml
/var/ossec/rules/trend-osce_rules.xml
/var/ossec/rules/sendmail_rules.xml
/var/ossec/rules/wordpress_rules.xml
/var/ossec/rules/mailscanner_rules.xml
/var/ossec/rules/proftpd_rules.xml
/var/ossec/rules/zeus_rules.xml
/var/ossec/rules/firewall_rules.xml
/var/ossec/rules/msauth_rules.xml
/var/ossec/rules/bro-ids_rules.xml
/var/ossec/rules/solaris_bsm_rules.xml
/var/ossec/rules/ms-exchange_rules.xml
/var/ossec/rules/courier_rules.xml
/var/ossec/rules/local_rules.xml
/var/ossec/rules/mysql_rules.xml
/var/ossec/rules/cimserver_rules.xml
/var/ossec/rules/netscreenfw_rules.xml
/var/ossec/rules/sshd_rules.xml
/var/ossec/rules/dovecot_rules.xml
/var/ossec/rules/imapd_rules.xml
/var/ossec/rules/vpn_concentrator_rules.xml
/var/ossec/rules/ossec_rules.xml
/var/ossec/rules/telnetd_rules.xml
/var/ossec/rules/pure-ftpd_rules.xml
/var/ossec/rules/rules_config.xml
/var/ossec/rules/vmware_rules.xml
/var/ossec/rules/postfix_rules.xml
/var/ossec/rules/web_rules.xml
/var/ossec/agentless/ssh_integrity_check_bsd
/var/ossec/agentless/ssh_pixconfig_diff
/var/ossec/agentless/main.exp
/var/ossec/agentless/ssh_generic_diff
/var/ossec/agentless/ssh_nopass.exp
/var/ossec/agentless/ssh_integrity_check_linux
/var/ossec/agentless/register_host.sh
/var/ossec/agentless/ssh_asa-fwsmconfig_diff
/var/ossec/agentless/su.exp
/var/ossec/agentless/ssh.exp
/var/ossec/agentless/ssh_foundry_diff
/var/ossec/agentless/sshlogin.exp
/var/ossec/logs/ossec.log
/var/ossec/etc/ossec.conf
/var/ossec/etc/localtime
/var/ossec/etc/internal_options.conf
/var/ossec/etc/ossec-init.conf
/var/ossec/etc/decoder.xml
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/win_malware_rcl.txt
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/win_applications_rcl.txt
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/win_audit_rcl.txt
/var/ossec/active-response/bin/ipfw.sh
/var/ossec/active-response/bin/host-deny.sh
/var/ossec/active-response/bin/route-null.sh
/var/ossec/active-response/bin/disable-account.sh
/var/ossec/active-response/bin/ossec-tweeter.sh
/var/ossec/active-response/bin/restart-ossec.sh
/var/ossec/active-response/bin/firewall-drop.sh
/var/ossec/active-response/bin/pf.sh
/var/ossec/active-response/bin/ipfw_mac.sh
/var/ossec/bin/ossec-makelists
/var/ossec/bin/ossec-authd
/var/ossec/bin/agent_control
/var/ossec/bin/ossec-logtest
/var/ossec/bin/manage_agents
/var/ossec/bin/syscheck_update
/var/ossec/bin/ossec-execd
/var/ossec/bin/ossec-reportd
/var/ossec/bin/rootcheck_control
/var/ossec/bin/ossec-agentd
/var/ossec/bin/ossec-analysisd
/var/ossec/bin/ossec-logcollector
/var/ossec/bin/verify-agent-conf
/var/ossec/bin/ossec-dbd
/var/ossec/bin/ossec-remoted
/var/ossec/bin/ossec-regex
/var/ossec/bin/clear_stats
/var/ossec/bin/ossec-maild
/var/ossec/bin/list_agents
/var/ossec/bin/ossec-agentlessd
/var/ossec/bin/ossec-monitord
/var/ossec/bin/ossec-syscheckd
/var/ossec/bin/ossec-control
/var/ossec/bin/syscheck_control
/var/ossec/bin/ossec-csyslogd
/var/lib/update-rc.d/ossec
/etc/ossec-init.conf
/etc/init.d/ossec
More information about the Pkg-ossec-devel
mailing list