no root@example.com smtp.example.com ossecm@ossec.example.com rules_config.xml pam_rules.xml sshd_rules.xml telnetd_rules.xml syslog_rules.xml arpwatch_rules.xml symantec-av_rules.xml symantec-ws_rules.xml pix_rules.xml named_rules.xml smbd_rules.xml vsftpd_rules.xml pure-ftpd_rules.xml proftpd_rules.xml ms_ftpd_rules.xml ftpd_rules.xml hordeimp_rules.xml roundcube_rules.xml wordpress_rules.xml cimserver_rules.xml vpopmail_rules.xml vmpop3d_rules.xml courier_rules.xml web_rules.xml web_appsec_rules.xml apache_rules.xml nginx_rules.xml php_rules.xml mysql_rules.xml postgresql_rules.xml ids_rules.xml squid_rules.xml firewall_rules.xml apparmor_rules.xml cisco-ios_rules.xml netscreenfw_rules.xml sonicwall_rules.xml postfix_rules.xml sendmail_rules.xml imapd_rules.xml mailscanner_rules.xml dovecot_rules.xml ms-exchange_rules.xml racoon_rules.xml vpn_concentrator_rules.xml spamd_rules.xml msauth_rules.xml mcafee_av_rules.xml trend-osce_rules.xml ms-se_rules.xml zeus_rules.xml solaris_bsm_rules.xml vmware_rules.xml ms_dhcp_rules.xml asterisk_rules.xml ossec_rules.xml attack_rules.xml systemd_rules.xml firewalld_rules.xml dropbear_rules.xml unbound_rules.xml sysmon_rules.xml opensmtpd_rules.xml local_rules.xml 72000 /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/adjtime /etc/ntp/drift /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt /var/ossec/etc/shared/system_audit_rcl.txt /var/ossec/etc/shared/cis_debian_linux_rcl.txt /var/ossec/etc/shared/cis_rhel_linux_rcl.txt /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt 127.0.0.1 ::1 1 7 host-deny host-deny.sh srcip yes firewall-drop firewall-drop.sh srcip yes disable-account disable-account.sh user yes host-deny local 6 600 firewall-drop local 6 600 syslog /var/log/messages syslog /var/log/syslog syslog /var/log/debug syslog /var/log/secure syslog /var/log/cron syslog /var/log/maillog syslog /var/log/spooler apache /var/log/httpd/access_log apache /var/log/httpd/error_log command df -h full_command netstat -tan | grep LISTEN | grep -v 127.0.0.1 | sort full_command last -n 5 full_command lastb -n 5