Added CIS benchmarks. Improved profiles.

1 files changed, 22 insertions, 0 deletions

diff --git a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in
new file mode 100644
index 0000000..37c2166
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%ROOTCHECK_BASIC_PROFILE%%">
+
+  <rootcheck>
+    <rootkit_files>%%OSSEC_HOME%%/etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>%%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+    <system_audit>%%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt</system_audit>
+    <system_audit>%%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt</system_audit>
+  </rootcheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%ROOTCHECK_BASIC_PROFILE%%">
+
+  <rootcheck>
+    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
+  </rootcheck>
+
+</template_config>