[ossec-cvs] ossec-hids: setup-win.c (HEAD) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	07/09/13 23:38:20

Modified files:
	setup-win.c

Log message:
Description: More updates to the automatic reload of keys. Changing default monitored files on Windows...
Reviewed by: dcid
Bug:

Index: setup-win.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/setup-win.c,v
diff -u -r1.36 -r1.37
--- setup-win.c	3 Sep 2007 00:07:32 -0000	1.36
+++ setup-win.c	14 Sep 2007 02:38:19 -0000	1.37
@@ -130,7 +130,7 @@
             "  <syscheck>\r\n"
             "    <frequency>64800</frequency>\r\n"
             "    <directories check_all=\"yes\">"
-            "%s</directories>\r\n"
+            "%s/system32</directories>\r\n"
             "  </syscheck>\r\n"
             "</ossec_config>\r\n", win_dir);
     fclose(fp);
@@ -185,10 +185,14 @@
                 "    <windows_registry>%s</windows_registry>\r\n"
                 "    <windows_registry>%s</windows_registry>\r\n"
                 "    <windows_registry>%s</windows_registry>\r\n"
+                "    <windows_registry>%s</windows_registry>\r\n"
+                "    <windows_registry>%s</windows_registry>\r\n"
                 "  </syscheck>\r\n"
                 "</ossec_config>\r\n",
                 "HKEY_LOCAL_MACHINE\\Software\\Classes",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft",
+                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer",
+                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
+                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
                 "HKEY_LOCAL_MACHINE\\Software\\Policies",
                 "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control",
                 "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services",
@@ -228,14 +232,6 @@
                 "    <registry_ignore>%s</registry_ignore>\r\n"
                 "    <registry_ignore>%s</registry_ignore>\r\n"
                 "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
-                "    <registry_ignore>%s</registry_ignore>\r\n"
                 "    <registry_ignore type=\"sregex\">\\Enum$</registry_ignore>\r\n"
                 "  </syscheck>\r\n"
                 "</ossec_config>\r\n\r\n",
@@ -243,14 +239,6 @@
                 "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State",
                 "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate",
                 "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Cryptography\\RNG",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PCHealth\\PchSvc",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Dfrg",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WBEM",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectDraw",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D",
-                "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
                 "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
                 "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Prefetcher",
                 "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface",