From OSSEC Wiki

Contents 1 Workgroup for creating Syscheck Profiles 1.1 For Unix 1.1.1 General system files 1.1.2 Apache 1.1.3 Named 1.1.4 Postfix 1.1.5 Qmail 1.1.6 Squid 1.2 For Windows

Workgroup for creating Syscheck Profiles

The idea here is to make the integrity checking module more friendly and targeted to each system.

We need to document the important directories and files for the most common applications (*Nix and Windows).

For Unix

General system files

* General UNIX:
/etc/
/bin/
/sbin/
/usr/bin/
/usr/sbin/

* Mac OS X additional folders:
/Applications/
/Library/
/System/
/System/Library/

* Mac OS X with additional folders for Fink:
/sw/etc
/sw/bin
/sw/sbin
/sw/usr/bin
/sw/usr/sbin

Apache

*OpenBSD:
/var/www/conf/
/var/www/htdocs/

*Ubuntu/Debian:
/var/www/

*Redhat:
/var/www/html/

*Slackware:
/var/www/htdocs/

* Mac OS X:
/Library/Webserver/Documents/

Named

*OpenBSD / Mac OS X:
/var/named/etc/

*Redhat
/var/named/chroot/etc
/var/named/data

Postfix

*Ubuntu/Debian:
/etc/postfix/

Qmail

*All:
/var/qmail/control/
/var/qmail/rc

Squid

Slackware:
/usr/local/squid/etc/

For Windows