# This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # wazuh-agent # wazuh-agent/Makefile # wazuh-agent/distinfo # wazuh-agent/pkg-descr # wazuh-agent/files # wazuh-agent/files/patch-etc_preloaded-vars.conf # wazuh-agent/files/patch-install.sh # wazuh-agent/files/patch-src_init_init.sh # wazuh-agent/pkg-plist # echo c - wazuh-agent mkdir -p wazuh-agent > /dev/null 2>&1 echo x - wazuh-agent/Makefile sed 's/^X//' >wazuh-agent/Makefile << '0b7710b42ec63aaad4f97d788c5dbeed' X# $FreeBSD$ X XPORTNAME= wazuh XDISTVERSIONPREFIX= v XDISTVERSION= 3.9.2 XCATEGORIES= security XMASTER_SITES= https://packages.wazuh.com/deps/3.9/ XPKGNAMESUFFIX= -agent XDISTFILES= cJSON.tar.gz src_cpython.tar.gz curl.tar.gz libdb.tar.gz libffi.tar.gz \ X libyaml.tar.gz openssl.tar.gz procps.tar.gz sqlite.tar.gz zlib.tar.gz \ X audit-userspace.tar.gz msgpack.tar.gz XDIST_SUBDIR= ${PORTNAME}-${DISTVERSION} XEXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} X XMAINTAINER= m.muenz@gmail.com XCOMMENT= Security tool to monitor and check logs and intrusions X XLICENSE= GPLv2 XLICENSE_FILE= ${WRKSRC}/LICENSE X XBUILD_DEPENDS= curl:ftp/curl XRUN_DEPENDS= curl:ftp/curl X XUSES= gmake perl5 readline shebangfix uidfix X XUSE_GITHUB= yes X XCONFLICTS_INSTALL= ossec-* X XSHEBANG_FILES= ${WRKSRC}/contrib/util.sh \ X ${WRKSRC}/src/init/ossec-client.sh \ X ${WRKSRC}/wodles/oscap/oscap.py \ X ${WRKSRC}/active-response/*.sh \ X XUSERS= ossec ossecm ossecr XGROUPS= ossec X XOSSEC_GROUP= ossec XOSSEC_USER= ossec X XWAZUHPREFIX= /var/ossec X XWAZUHMOD750= / /logs/ossec /bin /lib /queue /queue/diff /ruleset /ruleset/sca /wodles \ X /active-response /active-response/bin /agentless /var /backup /queue/rids \ X /wodles/oscap /wodles/oscap/content X XWAZUHMOD770= /logs /queue/alerts /queue/ossec /etc /etc/shared /.ssh /var/run /var/upgrade \ X /var/wodles /var/incoming X X# extract all extra distfiles in src/external Xpost-extract: X @for file in ${DISTFILES}; do \ X if ! (cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/$$file ${EXTRACT_AFTER_ARGS}); \ X then \ X exit 1; \ X fi; \ X done X Xdo-build: X @cd ${WRKSRC}/src && ${GMAKE} TARGET=agent X Xdo-install: X @for mod750 in ${WAZUHMOD750}; do \ X ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}$$mod750; \ X done X X @for mod770 in ${WAZUHMOD770}; do \ X ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}$$mod770; \ X done X X ${MKDIR} -m 1770 ${STAGEDIR}${WAZUHPREFIX}/tmp X ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-logcollector ${STAGEDIR}${WAZUHPREFIX}/bin X ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin X ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-execd ${STAGEDIR}${WAZUHPREFIX}/bin X ${INSTALL_PROGRAM} ${WRKSRC}/src/manage_agents ${STAGEDIR}${WAZUHPREFIX}/bin X ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-modulesd ${STAGEDIR}${WAZUHPREFIX}/bin/ X ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-agentd ${STAGEDIR}${WAZUHPREFIX}/bin X ${INSTALL_PROGRAM} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib X ${INSTALL_PROGRAM} ${WRKSRC}/src/agent-auth ${STAGEDIR}${WAZUHPREFIX}/bin X ${CP} ${WRKSRC}/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/ X ${CP} ${WRKSRC}/active-response/firewalls/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/ X ${CP} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ X ${CP} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf X ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf X ${CP} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys X ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log X ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json X ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log X ${INSTALL_SCRIPT} ${WRKSRC}/contrib/util.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ X ${INSTALL_SCRIPT} ${WRKSRC}/src/init/ossec-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ossec-control X ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/ X ${INSTALL_SCRIPT} ${WRKSRC}/src/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/ X ${INSTALL_SCRIPT} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/ X ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/oscap.py ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap X ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/template_*.xsl ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap X X.include 0b7710b42ec63aaad4f97d788c5dbeed echo x - wazuh-agent/distinfo sed 's/^X//' >wazuh-agent/distinfo << '0f051aa68c30350db60aebbbe4aefb63' XTIMESTAMP = 1561290425 XSHA256 (wazuh-3.9.2/cJSON.tar.gz) = 8c517c658209cb96c2dcdfdd6bf7bb434adfb2fff3484b3464d2750cafd74e76 XSIZE (wazuh-3.9.2/cJSON.tar.gz) = 20001 XSHA256 (wazuh-3.9.2/src_cpython.tar.gz) = c82f7b62c086379bfd3f91d0a36293f889e66d7ae2aca122a16af3dbb67fd32f XSIZE (wazuh-3.9.2/src_cpython.tar.gz) = 78216338 XSHA256 (wazuh-3.9.2/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66 XSIZE (wazuh-3.9.2/curl.tar.gz) = 3692998 XSHA256 (wazuh-3.9.2/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b XSIZE (wazuh-3.9.2/libdb.tar.gz) = 4283467 XSHA256 (wazuh-3.9.2/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69 XSIZE (wazuh-3.9.2/libffi.tar.gz) = 964576 XSHA256 (wazuh-3.9.2/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a XSIZE (wazuh-3.9.2/libyaml.tar.gz) = 424656 XSHA256 (wazuh-3.9.2/openssl.tar.gz) = ed55973f4b604b9c27bb660fcdf85f69335b80b07c3bf4c63528ed8fcd74a678 XSIZE (wazuh-3.9.2/openssl.tar.gz) = 5603935 XSHA256 (wazuh-3.9.2/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2 XSIZE (wazuh-3.9.2/procps.tar.gz) = 55692 XSHA256 (wazuh-3.9.2/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2 XSIZE (wazuh-3.9.2/sqlite.tar.gz) = 1980218 XSHA256 (wazuh-3.9.2/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01 XSIZE (wazuh-3.9.2/zlib.tar.gz) = 643568 XSHA256 (wazuh-3.9.2/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434 XSIZE (wazuh-3.9.2/audit-userspace.tar.gz) = 1682820 XSHA256 (wazuh-3.9.2/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2 XSIZE (wazuh-3.9.2/msgpack.tar.gz) = 591294 XSHA256 (wazuh-3.9.2/wazuh-wazuh-v3.9.2_GH0.tar.gz) = 6014009740967ff2cc768471577a97e72fe5c4ec950aba82937d26fb36a4f10e XSIZE (wazuh-3.9.2/wazuh-wazuh-v3.9.2_GH0.tar.gz) = 14779485 0f051aa68c30350db60aebbbe4aefb63 echo x - wazuh-agent/pkg-descr sed 's/^X//' >wazuh-agent/pkg-descr << '72dfc1290a3d32bac7e221ca468631dc' XThe Wazuh agent runs on the hosts that you want to monitor. XIt is multi-platform and provides the following capabilities: X X- Log and data collection X- File integrity monitoring X- Rootkit and malware detection X- Security policy monitoring. X- Configuration assessments X- Software inventory X XIn addition, it communicates with the Wazuh manager, sending data in near Xreal-time through an encrypted and authenticated channel. X XWWW: https://github.com/wazuh/wazuh 72dfc1290a3d32bac7e221ca468631dc echo c - wazuh-agent/files mkdir -p wazuh-agent/files > /dev/null 2>&1 echo x - wazuh-agent/files/patch-etc_preloaded-vars.conf sed 's/^X//' >wazuh-agent/files/patch-etc_preloaded-vars.conf << '1bd991792f4254b3e4bed4aaa49d9fae' X--- etc/preloaded-vars.conf.orig 2019-06-06 17:01:00 UTC X+++ etc/preloaded-vars.conf X@@ -23,57 +23,57 @@ X # It can be "en", "br", "tr", "it", "de" or "pl". X # In case of an invalid language, it will default X # to English "en" X-# USER_LANGUAGE="en" # For english X+USER_LANGUAGE="en" # For english X # USER_LANGUAGE="br" # For portuguese X X X # If USER_NO_STOP is set to anything, the confirmation X # messages are not going to be asked. X-# USER_NO_STOP="y" X+USER_NO_STOP="y" X X X # USER_INSTALL_TYPE defines the installation type to X # be used during install. It can only be "local", X # "agent" or "server". X #USER_INSTALL_TYPE="local" X-#USER_INSTALL_TYPE="agent" X+USER_INSTALL_TYPE="agent" X #USER_INSTALL_TYPE="server" X X X # USER_DIR defines the location to install ossec X-#USER_DIR="/var/ossec" X+USER_DIR="/var/ossec" X X X # If USER_DELETE_DIR is set to "y", the directory X # to install OSSEC will be removed if present. X-#USER_DELETE_DIR="y" X+USER_DELETE_DIR="y" X X X # If USER_ENABLE_ACTIVE_RESPONSE is set to "n", X # active response will be disabled. X-#USER_ENABLE_ACTIVE_RESPONSE="y" X+USER_ENABLE_ACTIVE_RESPONSE="y" X X X # If USER_ENABLE_SYSCHECK is set to "y", X # syscheck will be enabled. Set to "n" to X # disable it. X-#USER_ENABLE_SYSCHECK="y" X+USER_ENABLE_SYSCHECK="y" X X X # If USER_ENABLE_ROOTCHECK is set to "y", X # rootcheck will be enabled. Set to "n" to X # disable it. X-#USER_ENABLE_ROOTCHECK="y" X+USER_ENABLE_ROOTCHECK="y" X X # If USER_ENABLE_OPENSCAP is set to "y", X # the OpenSCAP module will be enabled. X # Set to "n" to disable it. X-#USER_ENABLE_OPENSCAP="y" X+USER_ENABLE_OPENSCAP="y" X X # If USER_ENABLE_SYSCOLLECTOR is set to "y", X # syscollector will be enabled. Set to "n" to X # disable it. X-#USER_ENABLE_SYSCOLLECTOR="y" X+USER_ENABLE_SYSCOLLECTOR="y" X X # If USER_ENABLE_SECURITY_CONFIGURATION_ASSESSMENT is set to "y", X # the configuration assessment module will be enabled. X@@ -105,13 +105,13 @@ USER_ENABLE_SECURITY_CONFIGURATION_ASSESSMENT="y" X # Specifies the IP address or hostname of the X # ossec server. Only used on agent installations. X # Choose only one, not both. X-# USER_AGENT_SERVER_IP="1.2.3.4" X+USER_AGENT_SERVER_IP="127.0.0.1" X # USER_AGENT_SERVER_NAME X X X # USER_CREATE_SSL_CERT creates the manager certificate X # and key when set to yes X-#USER_CREATE_SSL_CERT="y" X+USER_CREATE_SSL_CERT="n" X X # USER_AGENT_CONFIG_PROFILE specifies the agent's config profile X # name. This is used to create agent.conf configuration profiles X@@ -124,10 +124,10 @@ USER_ENABLE_SECURITY_CONFIGURATION_ASSESSMENT="y" X ### Server/Local Installation variables. ### X X # USER_ENABLE_EMAIL enables or disables email alerting. X-#USER_ENABLE_EMAIL="y" X+USER_ENABLE_EMAIL="n" X X # USER_AUTO_START enables or disables the auto-start of Wazuh X-#USER_AUTO_START="y" X+USER_AUTO_START="n" X X # USER_EMAIL_ADDRESS defines the destination e-mail of the alerts. X #USER_EMAIL_ADDRESS="dcid@test.ossec.net" X@@ -146,7 +146,7 @@ USER_ENABLE_SECURITY_CONFIGURATION_ASSESSMENT="y" X X # USER_CA_STORE is a path to a X509 certificate or to a folder X # containing certificates to verify incoming WPK packages for remote upgrades. X-#USER_CA_STORE="/path/to/my_cert.pem" X+USER_CA_STORE="n" X X # OPTIMIZE_CPYTHON activate all the Python optimizations when X # building the CPython interpeter. This can take a while. 1bd991792f4254b3e4bed4aaa49d9fae echo x - wazuh-agent/files/patch-install.sh sed 's/^X//' >wazuh-agent/files/patch-install.sh << 'e8f7a85515d4d48fe7d6cd1a4fa566ab' X--- install.sh.orig 2019-04-30 19:12:01 UTC X+++ install.sh X@@ -879,11 +879,6 @@ main() X catError "0x1-location"; X fi X X- # Must be root X- if [ ! "X$ME" = "Xroot" ]; then X- catError "0x2-beroot"; X- fi X- X # Checking dependencies X checkDependencies X e8f7a85515d4d48fe7d6cd1a4fa566ab echo x - wazuh-agent/files/patch-src_init_init.sh sed 's/^X//' >wazuh-agent/files/patch-src_init_init.sh << '91f2878dd1eaf0430e2365969949ab25' X--- src/init/init.sh.orig 2019-06-11 13:41:05 UTC X+++ src/init/init.sh X@@ -164,7 +164,7 @@ runInit() X return 0; X fi X X- if [ "X${UN}" = "XOpenBSD" -o "X${UN}" = "XNetBSD" -o "X${UN}" = "XFreeBSD" -o "X${UN}" = "XDragonFly" ]; then X+ if [ "X${UN}" = "XOpenBSD" -o "X${UN}" = "XNetBSD" -o "X${UN}" = "XDragonFly" ]; then X # Checking for the presence of ossec-control on rc.local X grep ossec-control /etc/rc.local > /dev/null 2>&1 X if [ $? != 0 ]; then 91f2878dd1eaf0430e2365969949ab25 echo x - wazuh-agent/pkg-plist sed 's/^X//' >wazuh-agent/pkg-plist << '96137c8c6244327e03ff3561e76db4eb' X@info(root,ossec,0750) /var/ossec/active-response/bin/default-firewall-drop.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/disable-account.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/firewalld-drop.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/host-deny.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/ip-customblock.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/ipfw.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/ipfw_mac.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/kaspersky.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/npf.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/ossec-slack.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/ossec-tweeter.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/pf.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/restart-ossec.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/restart.sh X@info(root,ossec,0750) /var/ossec/active-response/bin/route-null.sh X@info(root,ossec,0750) /var/ossec/agentless/main.exp X@info(root,ossec,0750) /var/ossec/agentless/register_host.sh X@info(root,ossec,0750) /var/ossec/agentless/ssh.exp X@info(root,ossec,0750) /var/ossec/agentless/ssh_asa-fwsmconfig_diff X@info(root,ossec,0750) /var/ossec/agentless/ssh_foundry_diff X@info(root,ossec,0750) /var/ossec/agentless/ssh_generic_diff X@info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_bsd X@info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_linux X@info(root,ossec,0750) /var/ossec/agentless/ssh_nopass.exp X@info(root,ossec,0750) /var/ossec/agentless/ssh_pixconfig_diff X@info(root,ossec,0750) /var/ossec/agentless/sshlogin.exp X@info(root,ossec,0750) /var/ossec/agentless/su.exp X@info(root,root,0750) /var/ossec/bin/agent-auth X@info(root,root,0750) /var/ossec/bin/manage_agents X@info(root,root,0750) /var/ossec/bin/ossec-agentd X@info(root,root,0750) /var/ossec/bin/ossec-control X@info(root,root,0750) /var/ossec/bin/ossec-execd X@info(root,root,0750) /var/ossec/bin/ossec-logcollector X@info(root,root,0750) /var/ossec/bin/ossec-syscheckd X@info(root,root,0750) /var/ossec/bin/util.sh X@info(root,root,0750) /var/ossec/bin/wazuh-modulesd X@info(root,ossec,0640) /var/ossec/etc/client.keys X@info(root,ossec,0640) /var/ossec/etc/internal_options.conf X@info(root,ossec,0640) /var/ossec/etc/local_internal_options.conf X@info(root,ossec,0640) /var/ossec/etc/ossec.conf X@info(root,ossec,0660) /var/ossec/etc/shared/cis_apache2224_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_debian_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_sles11_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_sles12_linux_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/rootkit_files.txt X@info(root,ossec,0660) /var/ossec/etc/shared/rootkit_trojans.txt X@info(root,ossec,0660) /var/ossec/etc/shared/system_audit_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/system_audit_ssh.txt X@info(root,ossec,0660) /var/ossec/etc/shared/win_applications_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/win_audit_rcl.txt X@info(root,ossec,0660) /var/ossec/etc/shared/win_malware_rcl.txt X@info(root,ossec,0640) /var/ossec/etc/wpk_root.pem X@info(root,ossec,0750) /var/ossec/lib/libwazuhext.so X@info(ossec,ossec,0666) /var/ossec/logs/active-responses.log X@info(ossec,ossec,0666) /var/ossec/logs/ossec.json X@info(ossec,ossec,0666) /var/ossec/logs/ossec.log X@info(root,ossec,0750) /var/ossec/wodles/oscap/oscap.py X@info(root,ossec,0750) /var/ossec/wodles/oscap/template_oval.xsl X@info(root,ossec,0750) /var/ossec/wodles/oscap/template_xccdf.xsl X@dir(root,ossec,0770) /var/ossec/.ssh X@dir(root,ossec,0750) /var/ossec/active-response/bin X@dir(root,ossec,0750) /var/ossec/active-response X@dir(root,ossec,0750) /var/ossec/agentless X@dir(root,ossec,0750) /var/ossec/backup X@dir(root,wheel,0750) /var/ossec/bin X@dir(root,ossec,0770) /var/ossec/etc/shared X@dir(ossec,ossec,0770) /var/ossec/etc X@dir(root,ossec,0750) /var/ossec/lib X@dir(ossec,ossec,0750) /var/ossec/logs/ossec X@dir(ossec,ossec,0770) /var/ossec/logs X@dir(ossec,ossec,0770) /var/ossec/queue/alerts X@dir(ossec,ossec,0750) /var/ossec/queue/diff X@dir(ossec,ossec,0770) /var/ossec/queue/ossec X@dir(ossec,ossec,0750) /var/ossec/queue/rids X@dir(root,ossec,0750) /var/ossec/queue X@dir(root,ossec,0750) /var/ossec/ruleset/sca X@dir(root,ossec,0750) /var/ossec/ruleset X@dir(root,ossec,1770) /var/ossec/tmp X@dir(root,ossec,0770) /var/ossec/var/incoming X@dir(root,ossec,0770) /var/ossec/var/run X@dir(root,ossec,0770) /var/ossec/var/upgrade X@dir(root,ossec,0770) /var/ossec/var/wodles X@dir(root,ossec,0750) /var/ossec/var X@dir(root,ossec,0750) /var/ossec/wodles/oscap/content X@dir(root,ossec,0750) /var/ossec/wodles/oscap X@dir(root,ossec,0750) /var/ossec/wodles X@dir(root,ossec,0750) /var/ossec 96137c8c6244327e03ff3561e76db4eb exit