I'm new to OSSEC and have successfully installed the latest version with
agentless monitoring. I installed the example config and received my first
notification alerts for my agentless linux host:
<agentless>
<type>ssh_generic_diff</type>
<frequency>60</frequency>
<host>[email protected]</host>
<state>periodic_diff</state>
<arguments>ls -la /etc; cat /etc/passwd</arguments>
</agentless>
However, I don't understand how to add the rules that I see in my ossec.conf
(see below) to my agentless linux host. I would appreciate any guidance (I
read the OSSEC HIDS book, but it doesn't address agentless monitoring).
Basically I want my linux servers to run agentless and use the default
include rules.
<rules>
<include>rules_config.xml</include>
<include>pam_rules.xml</include>
<include>sshd_rules.xml</include>
<include>telnetd_rules.xml</include>
....
</rules>
Gil Vidals
