CHANGE_MANAGER_IP

CHANGE_MANAGER_PORT tcp amzn, amzn2023 10 60 yes aes yes CHANGE_ENROLL_IP CHANGE_ENROLL_PORT CHANGEE_AGENT_NAME etc/authd.pass no 5000 500 no yes yes yes yes yes yes yes 43200 etc/shared/rootkit_files.txt etc/shared/rootkit_trojans.txt yes /var/lib/containerd /var/lib/docker/overlay2 yes 1800 1d yes wodles/java wodles/ciscat yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes no 1h yes yes yes yes yes yes yes 10 yes yes 12h yes no 43200 yes /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 50 yes 5m 10 command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360 no etc/wpk_root.pem yes plain syslog /var/ossec/logs/active-responses.log