Unless stated otherwise, every option here corresponds to certain configuration block which would be placed in one of the configuration files in "ossec.conf.d" directory. Disabled options will do the same, but for "ossec.conf.d/disabled" directory. All "*.conf" files from the "ossec.conf.d" directory will be merged into "ossec.conf" in alphabetic order. If you are not satisfied with the generated configuration, you can disable the corresponding option and use files from "ossec.conf.d/disabled" directory as samples. Most of the options are disabled by default, because it is expected that the server will push the agent configuration using "agent.conf". FreeBSD port of OSSEC server extended with similar "config" port does this by default. If this is the case, then the "ossec.conf" should only enable required profiles. Files generated by the port will be overwritten during port upgrades so any additional configuration should be put in separate files. Command Output Monitoring: Adds additional commands, the output of which can be monitored. To actually send alerts about the changing output, the proper rules need to be configured on the server as well. For security reasons commands cannot be pushed by the server and thus must be configured locally on every agent. These commands can be tweaked in "command.conf". Active Response Firewall: Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. This option is only meaningful if this OSSEC instance will be the target of "firewall-drop" active response (configured on the server).