d75dd772ea
- Fix wazuh-agent segment fault (agent and manager) [1] - Improve configuration files (agent and manager) - Update py-pyarrow into cache file to 15.0.2 (manager) - Update cache files used by wazuh-manager. - Other minor modifications ChangeLog at: https://documentation.wazuh.com/current/release-notes/release-4-7-4.html Obtained from: https://github.com/wazuh/wazuh/issues/23154 [1]
64 lines
1.9 KiB
Plaintext
64 lines
1.9 KiB
Plaintext
--- etc/ossec-server.conf 2024-05-10 18:10:43.842257000 -0500
|
|
+++ etc/ossec-server.conf 2024-05-10 18:15:26.471699000 -0500
|
|
@@ -28,7 +28,8 @@
|
|
<remote>
|
|
<connection>secure</connection>
|
|
<port>1514</port>
|
|
- <protocol>tcp</protocol>
|
|
+ <protocol>udp</protocol>
|
|
+ <queue_size>131072</queue_size>
|
|
</remote>
|
|
|
|
<!-- Policy monitoring -->
|
|
@@ -200,7 +201,7 @@
|
|
|
|
<localfile>
|
|
<log_format>syslog</log_format>
|
|
- <location>/var/log/syslog</location>
|
|
+ <location>/var/log/userlog</location>
|
|
</localfile>
|
|
|
|
<localfile>
|
|
@@ -211,7 +212,7 @@
|
|
|
|
<localfile>
|
|
<log_format>full_command</log_format>
|
|
- <command>netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort</command>
|
|
+ <command>(netstat -n -f inet && netstat -n -f inet) | grep -e "udp" -e "tcp" | sed 's/\([[:alnum:]]*\)\ *[[:digit:]]*\ *[[:digit:]]*\ *\([[:digit:]\.]*\)\.\([[:digit:]]*\)\ *\([[:digit:]\.]*\).*/\1 \2 == \3 == \4/' | sort -k4 -g | sed 's/ == \(.*\) ==/.\1/'</command>
|
|
<frequency>360</frequency>
|
|
</localfile>
|
|
|
|
@@ -233,4 +234,32 @@
|
|
<rule_dir>etc/rules</rule_dir>
|
|
</ruleset>
|
|
|
|
+ <!-- Configuration for wazuh-authd -->
|
|
+ <auth>
|
|
+ <disabled>no</disabled>
|
|
+ <port>1515</port>
|
|
+ <use_source_ip>no</use_source_ip>
|
|
+ <purge>yes</purge>
|
|
+ <use_password>yes</use_password>
|
|
+ <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
|
|
+ <!-- <ssl_agent_ca></ssl_agent_ca> -->
|
|
+ <ssl_verify_host>no</ssl_verify_host>
|
|
+ <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
|
|
+ <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
|
|
+ <ssl_auto_negotiate>no</ssl_auto_negotiate>
|
|
+ </auth>
|
|
+
|
|
+ <cluster>
|
|
+ <name>wazuh</name>
|
|
+ <node_name>indexer1</node_name>
|
|
+ <node_type>master</node_type>
|
|
+ <key></key>
|
|
+ <port>1516</port>
|
|
+ <bind_addr>0.0.0.0</bind_addr>
|
|
+ <nodes>
|
|
+ <node>NODE_IP</node>
|
|
+ </nodes>
|
|
+ <hidden>no</hidden>
|
|
+ <disabled>yes</disabled>
|
|
+ </cluster>
|
|
</ossec_config>
|