yes paul.h@....com relay.....com. ossecm@....com 24 xxx.xxx.xxx.222 127.0.0.1 ossec_user ... ossecdb postgresql rules_config.xml pam_rules.xml sshd_rules.xml telnetd_rules.xml syslog_rules.xml arpwatch_rules.xml symantec-av_rules.xml symantec-ws_rules.xml pix_rules.xml named_rules.xml smbd_rules.xml vsftpd_rules.xml pure-ftpd_rules.xml proftpd_rules.xml ms_ftpd_rules.xml ftpd_rules.xml hordeimp_rules.xml roundcube_rules.xml wordpress_rules.xml cimserver_rules.xml vmpop3d_rules.xml courier_rules.xml web_rules.xml web_appsec_rules.xml apache_rules.xml nginx_rules.xml php_rules.xml mysql_rules.xml postgresql_rules.xml ids_rules.xml squid_rules.xml firewall_rules.xml cisco-ios_rules.xml netscreenfw_rules.xml sonicwall_rules.xml postfix_rules.xml sendmail_rules.xml imapd_rules.xml mailscanner_rules.xml dovecot_rules.xml ms-exchange_rules.xml racoon_rules.xml vpn_concentrator_rules.xml spamd_rules.xml msauth_rules.xml mcafee_av_rules.xml trend-osce_rules.xml ms-se_rules.xml policy_rules.xml zeus_rules.xml solaris_bsm_rules.xml vmware_rules.xml ms_dhcp_rules.xml asterisk_rules.xml ossec_rules.xml attack_rules.xml local_rules.xml /etc,/usr/bin,/usr/sbin /bin,/sbin %WINDIR%/system32 C:/Admin yes no no /etc/mtab /etc/mnttab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile %WINDIR%/System32/LogFiles C:\WINDOWS/Debug C:\WINDOWS/WindowsUpdate.log C:\WINDOWS/iis6.log %WINDIR%/System32/wbem/Logs %WINDIR%/System32/wbem/Repository C:\WINDOWS/Prefetch C:\WINDOWS/PCHEALTH/HELPCTR/DataColl C:\WINDOWS/SoftwareDistribution C:\WINDOWS/Temp %WINDIR%/System32/config %WINDIR%/System32/spool %WINDIR%/System32/CatRoot %WINDIR%/System32/dllcache %WINDIR%/System32/inetsrv/History .log$|.htm$|.png$|.chm$|.pnf$ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\State HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Prefetcher HKEY_LOCAL_MACHINE\Software\Classes\Interface HKEY_LOCAL_MACHINE\Software\Classes\TypeLib HKEY_LOCAL_MACHINE\Software\Classes\MIME HKEY_LOCAL_MACHINE\Software\Classes\Software HKEY_LOCAL_MACHINE\Software\Classes\CLSID HKEY_LOCAL_MACHINE\Security\Policy\Secrets HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Watchdog HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaCategories HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\hivelist HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ServiceCurrent HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Performance HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient \Enum$ HKEY_LOCAL_MACHINE\Software\Policies HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer HKEY_LOCAL_MACHINE\Software\Classes HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services HKEY_LOCAL_MACHINE\Security /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt 127.0.0.1 192.168.2.1 192.168.2.190 192.168.2.32 192.168.2.10 secure 1 7 host-deny host-deny.sh srcip yes firewall-drop firewall-drop.sh srcip yes disable-account disable-account.sh user yes syslog /var/log/messages syslog /var/log/secure syslog /var/log/maillog iis d:\wwwlogs\W3SVC1\u_ex%y%m%d.log iis c:\System32\LogFiles\W3SVC1\ex%y%m%d.log iis c:\inetpub\wwwroot iis c:\inetpub\logs\LogFiles\W3SVC1\ex%y%m%d.log mysql_log d:\SQLTrace