diff --git a/extras/default.config b/extras/default.config
new file mode 100644
index 0000000..9f35e35
--- /dev/null
+++ b/extras/default.config
@@ -0,0 +1,192 @@
+
+
+
+
+
+ MANAGER_IP
+ 1514
+ tcp
+
+ debian, debian10
+ 10
+ 60
+ yes
+ aes
+
+
+
+
+ no
+ 5000
+ 500
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ etc/shared/rootkit_files.txt
+ etc/shared/rootkit_trojans.txt
+
+ yes
+
+ /var/lib/containerd
+ /var/lib/docker/overlay2
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ 10
+
+
+
+
+ yes
+ yes
+ 12h
+ yes
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+
+
+ .log$|.swp$
+
+
+ /etc/ssl/private.key
+
+ yes
+ yes
+ yes
+ yes
+
+
+ 10
+
+
+ 50
+
+
+
+ yes
+ 5m
+ 10
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ no
+ etc/wpk_root.pem
+ yes
+
+
+
+
+ plain
+
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
+ syslog
+ /var/log/dpkg.log
+
+
+
\ No newline at end of file
diff --git a/ossec.jinja2 b/ossec.jinja2
index 85562d3..21cb4e7 100644
--- a/ossec.jinja2
+++ b/ossec.jinja2
@@ -3,7 +3,7 @@
{{ join_manager_hostname }}
{{ join_manager_port | default('1514', true) }}
-
+ tcp
ubuntu, ubuntu20, ubuntu20.04, ubuntu16, ubuntu16.04, centos, windows
10
@@ -11,19 +11,6 @@
yes
aes
-
- no
- yes
- {{ join_manager_port | default('1514', true) }}
- no
-
- yes
- 0
- 0
- yes
- yes
-
-
diff --git a/render-config.py b/render-config.py
index 73c2509..d162057 100644
--- a/render-config.py
+++ b/render-config.py
@@ -3,7 +3,7 @@
import os
def create_config_file():
- print(f"Create Wazuh agent configuration for node {node_name}")
+ print(f"Create Wazuh agent configuration for node")
with open("ossec.jinja2") as file_:
template = Template(file_.read(), autoescape=True)
config = template.render(
@@ -28,4 +28,4 @@ def create_config_file():
if not join_manager_worker:
os.environ["WAZUH_MANAGER"] = "wazuh-workers.wazuh.svc.cluster.local"
join_manager_worker = "wazuh-workers.wazuh.svc.cluster.local"
-
+ create_config_file()