From deff8a3bce38b6ae67cab21d0985b4aed8642396 Mon Sep 17 00:00:00 2001 From: "felix.suarez" Date: Tue, 28 Nov 2023 10:21:15 -0600 Subject: [PATCH] Change some defaults on pandora_agent.conf --- pandora_agents/pc/Linux/pandora_agent.conf | 32 +++++++++++++++---- pandora_agents/pc/Win32/pandora_agent.conf | 26 ++++++++++++++- .../shellscript/linux/pandora_agent.conf | 27 ++++++++++++++-- .../shellscript/mac_osx/pandora_agent.conf | 31 ++++++++++++++---- pandora_agents/unix/Linux/pandora_agent.conf | 14 +++++--- 5 files changed, 109 insertions(+), 21 deletions(-) diff --git a/pandora_agents/pc/Linux/pandora_agent.conf b/pandora_agents/pc/Linux/pandora_agent.conf index 4ad837f943..ee63d8b6a0 100644 --- a/pandora_agents/pc/Linux/pandora_agent.conf +++ b/pandora_agents/pc/Linux/pandora_agent.conf @@ -234,6 +234,21 @@ module_description Number of cron task files module_unit files module_end +# This module /var/log/syslog file, under the module name "syslog" +# And search for "ssh" string into it, sending only that information. +# module_begin +# module_name Syslog +# module_description Search for ssh string into /var/log/syslog file +# module_type log +# module_regexp /var/log/syslog +# module_pattern ssh +# module_end + +#Hardening plugin for security compliance analysis. Enable to use it. +#module_begin +#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150 +#module_absoluteinterval 7d +#module_end # Plugin example @@ -241,11 +256,6 @@ module_end module_plugin pandora_df -# This parses /var/log/syslog file, under the module name "syslog" -# And search for "ssh" string into it, sending only that information. - -module_plugin grep_log /var/log/syslog Syslog ssh - # Get disk space free in MB #module_begin #module_name disk_root_free @@ -270,7 +280,6 @@ module_plugin grep_log /var/log/syslog Syslog ssh #module_end # Plugin for inventory on the agent. - # module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users process ip route # Example of preconditions @@ -303,4 +312,13 @@ module_plugin grep_log /var/log/syslog Syslog ssh # This plugin runs several security checks in a Linux system -#module_plugin pandora_security_check \ No newline at end of file +#module_plugin pandora_security_check + +# Extraction module example +#module_begin +#module_name Collector +#module_description Logs extraction module +#module_type log +#module_regexp /var/log/logfile.log +#module_pattern .* +#module_end \ No newline at end of file diff --git a/pandora_agents/pc/Win32/pandora_agent.conf b/pandora_agents/pc/Win32/pandora_agent.conf index 621c1d24ac..9d938c256b 100644 --- a/pandora_agents/pc/Win32/pandora_agent.conf +++ b/pandora_agents/pc/Win32/pandora_agent.conf @@ -1,6 +1,6 @@ # Base config file for Pandora FMS Windows Agent # (c) 2006-2023 Pandora FMS -# Version 7.0NG.774 +# Version 7.0NG.774 # This program is Free Software, you can redistribute it and/or modify it # under the terms of the GNU General Public Licence as published by the Free Software # Foundation; either version 2 of the Licence or any later version @@ -219,6 +219,21 @@ module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs" # module_description Free space on drive D: (%) # module_end +# Hardening plugin for security compliance analysis. +# module_begin +# module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_hardening.exe -t 150" +# module_absoluteinterval 7d +# module_end + +# Logs extraction +#module_begin +#module_name X_Server_log +#module_description Logs extraction module +#module_type log +#module_regexp C:\server\logs\xserver.log +#module_pattern .* +#module_end + # Sample of Windows inventory module (ONLY ENTERPRISE)! #module_begin #module_name Inventory @@ -344,4 +359,13 @@ module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs" #module_condition (3,8) cmd.exe /c echo range >> c:\log.txt #module_exec echo 5 #module_description Postcondition test module +#module_end + +# Example of collector module +#module_begin +#module_name Collector +#module_description Logs extraction module +#module_type log +#module_regexp /var/log/logfile.log +#module_pattern .* #module_end \ No newline at end of file diff --git a/pandora_agents/shellscript/linux/pandora_agent.conf b/pandora_agents/shellscript/linux/pandora_agent.conf index 98c137741e..fa0e0f9ff8 100644 --- a/pandora_agents/shellscript/linux/pandora_agent.conf +++ b/pandora_agents/shellscript/linux/pandora_agent.conf @@ -157,12 +157,33 @@ module_exec last | head -1 module_description Last Login module_end -# Plugin example +#Hardening plugin for security compliance analysis. Enable to use it. +#module_begin +#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150 +#module_absoluteinterval 7d +#module_end -# This parses /var/log/syslog file, under the module name "syslog" +# This module parses /var/log/syslog file, under the module name "syslog" # And search for "ssh" string into it, sending only that information. -module_plugin grep_log /var/log/syslog Syslog ssh +module_begin +module_name Syslog +module_description Search for ssh string into /var/log/syslog file +module_type log +module_regexp /var/log/syslog +module_pattern ssh +module_end + +# Plugin example # Plugin for inventory on the agent. # module_plugin inventory 1 cpu ram video nic hd cdrom software + +# Extraction module example +#module_begin +#module_name Collector +#module_description Logs extraction module +#module_type log +#module_regexp /var/log/logfile.log +#module_pattern .* +#module_end \ No newline at end of file diff --git a/pandora_agents/shellscript/mac_osx/pandora_agent.conf b/pandora_agents/shellscript/mac_osx/pandora_agent.conf index b4b3c35ac8..190f12a3da 100644 --- a/pandora_agents/shellscript/mac_osx/pandora_agent.conf +++ b/pandora_agents/shellscript/mac_osx/pandora_agent.conf @@ -372,13 +372,32 @@ module_end #module_description XGrid #module_end +#Hardening plugin for security compliance analysis. Enable to use it. +#module_begin +#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150 +#module_absoluteinterval 7d +#module_end + +# This module parses /var/log/syslog file, under the module name "syslog" +# And search for "ssh" string into it, sending only that information. +#module_begin +#module_name Syslog +#module_description Log collection modules +#module_type log +#module_regexp /var/log/syslog +#module_pattern ssh +#module_end + # Plugin example -# This parses /var/log/syslog file, under the module name "syslog" -# And search for "ssh" string into it, sending only that information. - -#module_plugin grep_log /var/log/syslog Syslog ssh - # Plugin for inventory on the agent. - # module_plugin inventory 1 cpu ram video nic hd cdrom software + +# Extraction module example +#module_begin +#module_name Collector +#module_description Logs extraction module +#module_type log +#module_regexp /var/log/logfile.log +#module_pattern .* +#module_end \ No newline at end of file diff --git a/pandora_agents/unix/Linux/pandora_agent.conf b/pandora_agents/unix/Linux/pandora_agent.conf index 10458ddba5..1a4678da28 100644 --- a/pandora_agents/unix/Linux/pandora_agent.conf +++ b/pandora_agents/unix/Linux/pandora_agent.conf @@ -271,11 +271,17 @@ module_plugin pandora_netusage module_plugin autodiscover --default # Plugin for inventory on the agent. -#module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route +# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route # Log collection modules. This will collect log files for forensic analysis and store everything # This is for LOG monitoring. Different than log monitoring. -#module_plugin grep_log_module /var/log/messages Syslog \.\* +#module_begin +#module_name Syslog +#module_description Log collection modules +#module_type log +#module_regexp /var/log/messages +#module_pattern .* +#module_end # Another samples of monitoring modules @@ -317,9 +323,9 @@ module_plugin autodiscover --default #module_absoluteinterval 7d #module_end -# Logs extraction +# Extraction module example #module_begin -#module_name Syslog +#module_name Collector #module_description Logs extraction module #module_type log #module_regexp /var/log/logfile.log