yes
paul.h@....com
relay.....com.
ossecm@....com
24
xxx.xxx.xxx.222
127.0.0.1
ossec_user
...
ossecdb
postgresql
rules_config.xml
pam_rules.xml
sshd_rules.xml
telnetd_rules.xml
syslog_rules.xml
arpwatch_rules.xml
symantec-av_rules.xml
symantec-ws_rules.xml
pix_rules.xml
named_rules.xml
smbd_rules.xml
vsftpd_rules.xml
pure-ftpd_rules.xml
proftpd_rules.xml
ms_ftpd_rules.xml
ftpd_rules.xml
hordeimp_rules.xml
roundcube_rules.xml
wordpress_rules.xml
cimserver_rules.xml
vmpop3d_rules.xml
courier_rules.xml
web_rules.xml
web_appsec_rules.xml
apache_rules.xml
nginx_rules.xml
php_rules.xml
mysql_rules.xml
postgresql_rules.xml
ids_rules.xml
squid_rules.xml
firewall_rules.xml
cisco-ios_rules.xml
netscreenfw_rules.xml
sonicwall_rules.xml
postfix_rules.xml
sendmail_rules.xml
imapd_rules.xml
mailscanner_rules.xml
dovecot_rules.xml
ms-exchange_rules.xml
racoon_rules.xml
vpn_concentrator_rules.xml
spamd_rules.xml
msauth_rules.xml
mcafee_av_rules.xml
trend-osce_rules.xml
ms-se_rules.xml
policy_rules.xml
zeus_rules.xml
solaris_bsm_rules.xml
vmware_rules.xml
ms_dhcp_rules.xml
asterisk_rules.xml
ossec_rules.xml
attack_rules.xml
local_rules.xml
/etc,/usr/bin,/usr/sbin
/bin,/sbin
%WINDIR%/system32
C:/Admin
yes
no
no
/etc/mtab
/etc/mnttab
/etc/hosts.deny
/etc/mail/statistics
/etc/random-seed
/etc/adjtime
/etc/httpd/logs
/etc/utmpx
/etc/wtmpx
/etc/cups/certs
/etc/dumpdates
/etc/svc/volatile
%WINDIR%/System32/LogFiles
C:\WINDOWS/Debug
C:\WINDOWS/WindowsUpdate.log
C:\WINDOWS/iis6.log
%WINDIR%/System32/wbem/Logs
%WINDIR%/System32/wbem/Repository
C:\WINDOWS/Prefetch
C:\WINDOWS/PCHEALTH/HELPCTR/DataColl
C:\WINDOWS/SoftwareDistribution
C:\WINDOWS/Temp
%WINDIR%/System32/config
%WINDIR%/System32/spool
%WINDIR%/System32/CatRoot
%WINDIR%/System32/dllcache
%WINDIR%/System32/inetsrv/History
.log$|.htm$|.png$|.chm$|.pnf$
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\State
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Prefetcher
HKEY_LOCAL_MACHINE\Software\Classes\Interface
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MIME
HKEY_LOCAL_MACHINE\Software\Classes\Software
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
HKEY_LOCAL_MACHINE\Security\Policy\Secrets
HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Watchdog
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaCategories
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\hivelist
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ServiceCurrent
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Performance
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
\Enum$
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\Security
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
127.0.0.1
192.168.2.1
192.168.2.190
192.168.2.32
192.168.2.10
secure
1
7
host-deny
host-deny.sh
srcip
yes
firewall-drop
firewall-drop.sh
srcip
yes
disable-account
disable-account.sh
user
yes
syslog
/var/log/messages
syslog
/var/log/secure
syslog
/var/log/maillog
iis
d:\wwwlogs\W3SVC1\u_ex%y%m%d.log
iis
c:\System32\LogFiles\W3SVC1\ex%y%m%d.log
iis
c:\inetpub\wwwroot
iis
c:\inetpub\logs\LogFiles\W3SVC1\ex%y%m%d.log
mysql_log
d:\SQLTrace