1 files changed, 29 insertions, 0 deletions

diff --git a/security/ossec-hids-local-config/pkg-help-agent b/security/ossec-hids-local-config/pkg-help-agent
new file mode 100644
index 0000000..f16999a
--- /dev/null
+++ b/security/ossec-hids-local-config/pkg-help-agent
@@ -0,0 +1,29 @@
+Unless stated otherwise, every option here corresponds to certain configuration
+block which would be placed in one of the configuration files in "ossec.conf.d"
+directory. Disabled options will do the same, but for "ossec.conf.d/disabled"
+directory. All "*.conf" files from the "ossec.conf.d" directory will be merged
+into "ossec.conf" in alphabetic order. If you are not satisfied with the
+generated configuration, you can disable the corresponding option and use files
+from "ossec.conf.d/disabled" directory as samples.
+
+Most of the options are disabled by default, because it is expected that the
+server will push the agent configuration using "agent.conf". FreeBSD port of
+OSSEC server extended with similar "config" port does this by default. If this
+is the case, then the "ossec.conf" should only enable required profiles.
+
+Files generated by the port will be overwritten during port upgrades so any
+additional configuration should be put in separate files.
+
+Command Output Monitoring:
+
+  Adds additional commands, the output of which can be monitored. To actually
+  send alerts about the changing output, the proper rules need to be configured
+  on the server as well. For security reasons commands cannot be pushed by the
+  server and thus must be configured locally on every agent.
+  These commands can be tweaked in "command.conf".
+
+Active Response Firewall:
+
+  Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC.
+  This option is only meaningful if this OSSEC instance will be the target of
+  "firewall-drop" active response (configured on the server).