no
root@example.com
smtp.example.com
ossecm@ossec.example.com
rules_config.xml
pam_rules.xml
sshd_rules.xml
telnetd_rules.xml
syslog_rules.xml
arpwatch_rules.xml
symantec-av_rules.xml
symantec-ws_rules.xml
pix_rules.xml
named_rules.xml
smbd_rules.xml
vsftpd_rules.xml
pure-ftpd_rules.xml
proftpd_rules.xml
ms_ftpd_rules.xml
ftpd_rules.xml
hordeimp_rules.xml
roundcube_rules.xml
wordpress_rules.xml
cimserver_rules.xml
vpopmail_rules.xml
vmpop3d_rules.xml
courier_rules.xml
web_rules.xml
web_appsec_rules.xml
apache_rules.xml
nginx_rules.xml
php_rules.xml
mysql_rules.xml
postgresql_rules.xml
ids_rules.xml
squid_rules.xml
firewall_rules.xml
apparmor_rules.xml
cisco-ios_rules.xml
netscreenfw_rules.xml
sonicwall_rules.xml
postfix_rules.xml
sendmail_rules.xml
imapd_rules.xml
mailscanner_rules.xml
dovecot_rules.xml
ms-exchange_rules.xml
racoon_rules.xml
vpn_concentrator_rules.xml
spamd_rules.xml
msauth_rules.xml
mcafee_av_rules.xml
trend-osce_rules.xml
ms-se_rules.xml
zeus_rules.xml
solaris_bsm_rules.xml
vmware_rules.xml
ms_dhcp_rules.xml
asterisk_rules.xml
ossec_rules.xml
attack_rules.xml
systemd_rules.xml
firewalld_rules.xml
dropbear_rules.xml
unbound_rules.xml
sysmon_rules.xml
opensmtpd_rules.xml
local_rules.xml
72000
/etc,/usr/bin,/usr/sbin
/bin,/sbin,/boot
/etc/mtab
/etc/hosts.deny
/etc/mail/statistics
/etc/random-seed
/etc/adjtime
/etc/ntp/drift
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt
127.0.0.1
::1
1
7
host-deny
host-deny.sh
srcip
yes
firewall-drop
firewall-drop.sh
srcip
yes
disable-account
disable-account.sh
user
yes
host-deny
local
6
600
firewall-drop
local
6
600
syslog
/var/log/messages
syslog
/var/log/syslog
syslog
/var/log/debug
syslog
/var/log/secure
syslog
/var/log/cron
syslog
/var/log/maillog
syslog
/var/log/spooler
apache
/var/log/httpd/access_log
apache
/var/log/httpd/error_log
command
df -h
full_command
netstat -tan | grep LISTEN | grep -v 127.0.0.1 | sort
full_command
last -n 5
full_command
lastb -n 5