path: root/security/wazuh-manager/files/patch-etc_ossec-server.conf

--- etc/ossec-server.conf	2024-05-10 18:10:43.842257000 -0500
+++ etc/ossec-server.conf	2024-05-10 18:15:26.471699000 -0500
@@ -28,7 +28,8 @@
   <remote>
     <connection>secure</connection>
     <port>1514</port>
-    <protocol>tcp</protocol>
+    <protocol>udp</protocol>
+    <queue_size>131072</queue_size>
   </remote>
 
   <!-- Policy monitoring -->
@@ -200,7 +201,7 @@
 
   <localfile>
     <log_format>syslog</log_format>
-    <location>/var/log/syslog</location>
+    <location>/var/log/userlog</location>
   </localfile>
 
   <localfile>
@@ -211,7 +212,7 @@
 
   <localfile>
     <log_format>full_command</log_format>
-    <command>netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort</command>
+    <command>(netstat -n -f inet && netstat -n -f inet) | grep -e "udp" -e "tcp" | sed 's/\([[:alnum:]]*\)\ *[[:digit:]]*\ *[[:digit:]]*\ *\([[:digit:]\.]*\)\.\([[:digit:]]*\)\ *\([[:digit:]\.]*\).*/\1 \2 == \3 == \4/' | sort -k4 -g | sed 's/ == \(.*\) ==/.\1/'</command>
     <frequency>360</frequency>
   </localfile>
 
@@ -233,4 +234,32 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
+  <!-- Configuration for wazuh-authd -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <purge>yes</purge>
+    <use_password>yes</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>indexer1</node_name>
+    <node_type>master</node_type>
+    <key></key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>NODE_IP</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>yes</disabled>
+  </cluster>
 </ossec_config>