We are trying to make syscheck (the integrity checking module on ossec) more useful than what it is now and we are looking for contributions to create application profiles. What we are looking exactly is a list of files/directories (or registry entries) per application to be added to ossec.
For example, files used by qmail:
/var/qmail/control/
/var/qmail/rc
by Named:
/var/named/chroot/etc
/var/named/data/
By Apache:
/var/www/htdocs/
A few more is on the wiki: http://www.ossec.net/wiki/index.php/Dev:Syscheck
We need that for Windows and Unix applications (including IIS, Anti virus, etc), open source and commercial… Any feedback is more than welcome.
*You can add on your own to the wiki or just reply in here..