source: branches/samhain-2_2-branch/docs/sh_mounts.txt@ 204

Last change on this file since 204 was 1, checked in by katerina, 19 years ago

Initial import

File size: 1.7 KB
Line 
1Documentation for sh_mounts, the samhain "Mounts" module.
2---------------------------------------------------------
3sh_mounts implements functionality we had in a policy-checking Perl script we
4have here at eircom; basically, all it does is ensure that certain mounts are
5there (for example, /, /tmp, /var, /usr, /home) and that certain options are
6specified on those mounts (for example noexec,nosuid on /tmp).
7
8All quite simple. It wouldn't be too hard to extend this module somewhat, to
9report any NFS mounts found, for example, or to test that _only_ the mounts
10specified are mounted on the machine.
11
12Here's a bit for the manual:
13
14<Begin manual entry>
15
16Checking mounted filesystem policies
17------------------------------------
18samhain can be compiled to check if certain filesystems are mounted, and if they
19are mounted with the appropriate options. This module currently supports Linux,
20Solaris and FreeBSD. The configuration of the module is done in the Mounts
21section of the configuration file:
22
23-------->8---------
24
25[Mounts]
26#
27# Activate (0 is off).
28#
29MountCheckActive=1
30
31#
32# Interval between checks.
33#
34MountCheckInterval=7200
35
36#
37# Logging severities. We have two checks: to see if a mount is there, and to
38# see if it is mounted with the correct options.
39#
40SeverityMountMissing=warn
41SeverityOptionMissing=warn
42
43#
44# Mounts to check for, followed by lists of options to check on them.
45#
46checkmount=/
47checkmount=/var
48checkmount=/usr
49checkmount=/tmp noexec,nosuid,nodev
50checkmount=/home noexec,nosuid,nodev
51
52-------->8---------
53
54<End manual entry>
55
56The module is enabled as part of the compilation of samhain by specifying
57--enable-mounts-check
58
59This module by the eircom.net Computer Incident Response Team
Note: See TracBrowser for help on using the repository browser.