Skip to content

Commit

Permalink
Defined sys. audit files for both linux and windows & removed auxilia…
Browse files Browse the repository at this point in the history
…ry var.
  • Loading branch information
rshad committed Mar 18, 2020
1 parent 96e2e89 commit 624daa7
Showing 1 changed file with 5 additions and 8 deletions.
13 changes: 5 additions & 8 deletions manifests/params_agent.pp
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,6 @@

$active_response_ca_verification = 'yes'

## system audit
$ossec_rootcheck_system_audit = $::wazuh::params_agent::default_rootcheck_system_audit

# OS specific configurations
case $::kernel {
'Linux': {
Expand Down Expand Up @@ -119,6 +116,10 @@
$ossec_rootcheck_rootkit_files = '/var/ossec/etc/shared/rootkit_files.txt'
$ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/shared/rootkit_trojans.txt'
$ossec_rootcheck_skip_nfs = 'yes'
$ossec_rootcheck_system_audit = [
"/var/ossec/etc/shared/system_audit_rcl.txt",
"/var/ossec/etc/shared/system_audit_ssh.txt",
]

# SCA

Expand Down Expand Up @@ -236,11 +237,6 @@

$manage_repo = true

$default_rootcheck_system_audit = [
"./shared/system_audit_rcl.txt",
"./shared/system_audit_ssh.txt",
]

case $::osfamily {
'Debian': {
$service_has_status = false
Expand Down Expand Up @@ -409,6 +405,7 @@
$ossec_rootcheck_windows_disabled = 'no'
$ossec_rootcheck_windows_windows_apps = './shared/win_applications_rcl.txt'
$ossec_rootcheck_windows_windows_malware = './shared/win_malware_rcl.txt'
$ossec_rootcheck_system_audit = []

# sca
$sca_windows_enabled = 'yes'
Expand Down

0 comments on commit 624daa7

Please sign in to comment.