Comparer le texte

Encuentra la diferencia entre dos archivos de texto

Real-time diff

Unified diff

Collapse lines

Highlight change

Syntax highlighting

Outils

Diffchecker Desktop The most secure way to run Diffchecker. Get the Diffchecker Desktop app: your diffs never leave your computer!Get Desktop

macOS default vs macOS Ansible

Created 2 years agoDiff never expires

Lines
Total
Removed

Words
Total
Removed

To continue using this feature, upgrade to Diffchecker Pro View Pricing

162 lines

Lines
Total
Added

Words
Total
Added

To continue using this feature, upgrade to Diffchecker Pro View Pricing

182 lines

<!--

Wazuh - Agent - Default configuration for darwin 21.1

Wazuh - Agent

More info at: https://documentation.wazuh.com

Mailing list: https://groups.google.com/forum/#!forum/wazuh

-->

<ossec_config>

<max_retries>5</max_retries>

<retry_interval>5</retry_interval>

</server>

<config-profile>darwin, darwin21, darwin21.1</config-profile>

<notify_time>10</notify_time>

<time-reconnect>60</time-reconnect>

<auto_restart>yes</auto_restart>

<crypto_method>aes</crypto_method>

</client>

<client_buffer>

<queue_size>5000</queue_size>

<events_per_second>500</events_per_second>

</client_buffer>

<check_files>yes</check_files>

<check_trojans>yes</check_trojans>

<check_dev>yes</check_dev>

<check_sys>yes</check_sys>

<check_pids>yes</check_pids>

<check_ports>yes</check_ports>

<check_if>yes</check_if>

<rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>

<rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>

<skip_nfs>yes</skip_nfs>

</rootcheck>

<run_daemon>yes</run_daemon>

<log_path>/var/log/osquery/osqueryd.results.log</log_path>

<config_path>/etc/osquery/osquery.conf</config_path>

<add_labels>yes</add_labels>

</wodle>

<scan_on_start>yes</scan_on_start>

<max_eps>10</max_eps>

</synchronization>

</wodle>

<sca>

<scan_on_start>yes</scan_on_start>

<skip_nfs>yes</skip_nfs>

</sca>

<scan_on_start>yes</scan_on_start>

<ignore>/etc/hosts.deny</ignore>

<ignore>/etc/mail/statistics</ignore>

<ignore>/etc/random-seed</ignore>

<ignore>/etc/random.seed</ignore>

<ignore>/etc/adjtime</ignore>

<ignore>/etc/httpd/logs</ignore>

<ignore>/etc/utmpx</ignore>

<ignore>/etc/wtmpx</ignore>

<ignore>/etc/cups/certs</ignore>

<ignore>/etc/dumpdates</ignore>

<ignore>/etc/svc/volatile</ignore>

<nodiff>/etc/ssl/private.key</nodiff>

<skip_nfs>yes</skip_nfs>

<skip_dev>yes</skip_dev>

<skip_proc>yes</skip_proc>

<skip_sys>yes</skip_sys>

<process_priority>10</process_priority>

<max_eps>100</max_eps>

<max_interval>1h</max_interval>

<max_eps>10</max_eps>

</synchronization>

</syscheck>

<log_format>full_command</log_format>

<command>netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u</command>

<alias>netstat listening ports</alias>

</localfile>

<location>macos</location>

<log_format>macos</log_format>

<query type="trace,log,activity" level="info">(process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")</query>

<location>macos</location>

(process == "sudo")

or (process == "sessionlogoutd" and message contains "logout is complete.")

or (process == "sshd")

or (process == "tccd" and message contains "Update Access Record")

or (message contains "SessionAgentNotificationCenter")

or (process == "screensharingd" and message contains "Authentication")

or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")

</query>

</localfile>

<active-response>

<ca_store>etc/wpk_root.pem</ca_store>

<ca_store>

etc/wpk_root.pem

</ca_store>

<ca_verification>yes</ca_verification>

</active-response>

<log_format>plain</log_format>

</logging>

</ossec_config>

Les différences enregistrées

Texte d'origine

Ouvrir un fichier

<ossec_config>
  <client>
    <server>
      <address></address>
      <port>1514</port>
      <protocol>tcp</protocol>
    </server>
    <config-profile>darwin, darwin21, darwin21.1</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>60</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>
  </client>

<client_buffer>
    
    <disabled>no</disabled>
    <queue_size>5000</queue_size>
    <events_per_second>500</events_per_second>
  </client_buffer>

<rootcheck>
    <disabled>no</disabled>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>

<frequency>43200</frequency>

<rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>

<skip_nfs>yes</skip_nfs>
  </rootcheck>

<wodle name="osquery">
    <disabled>yes</disabled>
    <run_daemon>yes</run_daemon>
    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
    <config_path>/etc/osquery/osquery.conf</config_path>
    <add_labels>yes</add_labels>
  </wodle>

<wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="no">yes</ports>
    <processes>yes</processes>

<synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>

<frequency>43200</frequency>

<scan_on_start>yes</scan_on_start>

<directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin</directories>

<ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>

<ignore type="sregex">.log$|.swp$</ignore>

<nodiff>/etc/ssl/private.key</nodiff>

<skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>

<process_priority>10</process_priority>

<max_eps>100</max_eps>

<synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_interval>1h</max_interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>

<localfile>
    <log_format>full_command</log_format>
    <command>netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>

<localfile>
    <location>macos</location>
    <log_format>macos</log_format>
    <query type="trace,log,activity" level="info">(process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")</query>
  </localfile>

<active-response>
    <disabled>no</disabled>
    <ca_store>etc/wpk_root.pem</ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

<logging>
    <log_format>plain</log_format>
  </logging>

</ossec_config>

Texte modifié

Ouvrir un fichier

<ossec_config>
  <client>
    <server>
      <address>3.88.154.40</address>
      <port>1514</port>
      <protocol>tcp</protocol>
      <max_retries>5</max_retries>
      <retry_interval>5</retry_interval>
    </server>
    <config-profile>darwin, darwin21, darwin21.1</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>60</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>

</client>

<client_buffer>
    
    <disabled>no</disabled>
    <queue_size>5000</queue_size>
    <events_per_second>500</events_per_second>
  </client_buffer>

<frequency>43200</frequency>

<rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
    <skip_nfs>yes</skip_nfs>

</rootcheck>

<syscheck>
    <disabled>no</disabled>
    <frequency>43200</frequency>
    <scan_on_start>yes</scan_on_start>
    
    <directories >/etc,/usr/bin,/usr/sbin</directories>
    <directories >/bin,/sbin</directories>

<ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>

<ignore type="sregex">.log$|.swp$</ignore>

<nodiff>/etc/ssl/private.key</nodiff>

<skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>

<process_priority>10</process_priority>

<max_eps>100</max_eps>

<localfile>
    <log_format>full_command</log_format>
    <command>netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u</command>
    <frequency>360</frequency>
    <alias>netstat listening ports</alias>
  </localfile>

<localfile>
    <log_format>macos</log_format>
    <location>macos</location>
    <query type="trace,log,activity" level="info">
(process == "sudo")
 or (process == "sessionlogoutd" and message contains "logout is complete.")
 or (process == "sshd")
 or (process == "tccd" and message contains "Update Access Record")
 or (message contains "SessionAgentNotificationCenter")
 or (process == "screensharingd" and message contains "Authentication")
 or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")
    </query>
  </localfile>

<active-response>
    <disabled>no</disabled>
    <ca_store>
etc/wpk_root.pem
    
    </ca_store>
    <ca_verification>yes</ca_verification>
  </active-response>

<logging>
    <log_format>plain</log_format>
  </logging>

</ossec_config>