source: branches/samhain-2_2-branch/test/testrc_2.in@ 430

Last change on this file since 430 was 34, checked in by rainer, 18 years ago

Code cleanup and minor fixes

File size: 4.6 KB
Line 
1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[ReadOnly]
31#
32# for these files, only access time is ignored
33#
34# dir=/usr/bin
35# dir=/bin
36
37file = /var
38file = /bin
39file = /usr
40file = /tmp
41file = /etc
42
43dir=1/usr
44
45[EventSeverity]
46#
47# Here you can assign severities to policy violations.
48# If this severity exceeds the treshold of a log facility (see below),
49# a policy violation will be logged to that facility.
50#
51# Severity for verification failures.
52#
53SeverityReadOnly=crit
54SeverityLogFiles=crit
55SeverityGrowingLogs=crit
56SeverityIgnoreNone=crit
57SeverityAttributes=crit
58#
59# We have a file in IgnoreAll that might or might not be present.
60# Setting the severity to 'info' prevents messages about deleted/new file.
61#
62SeverityIgnoreAll=info
63
64#
65# Files : file access problems
66# Dirs : directory access problems
67# Names : suspect (non-printable) characters in a pathname
68#
69SeverityFiles=crit
70SeverityDirs=crit
71SeverityNames=warn
72
73[Log]
74#
75# Set threshold severity for log facilities
76# Values: debug, info, notice, warn, mark, err, crit, alert, none.
77# 'mark' is used for timestamps.
78#
79# By default, everything equal to and above the threshold is logged.
80# The specifiers '*', '!', and '=' are interpreted as
81# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
82# at least on Linux).
83#
84# MailSeverity=*
85# MailSeverity=!warn
86# MailSeverity==crit
87#
88MailSeverity=none
89PrintSeverity=info
90#PRINTClass = "RUN FIL STAMP"
91LogSeverity=none
92SyslogSeverity=none
93ExportSeverity=none
94DatabaseSeverity=none
95
96#databaseseverity=info
97
98[Database]
99# setdbname=samhain
100# setdbtable=log
101setdbuser=samhain
102setdbpassword=samhain
103#AddToDBHash=log_msg
104# AddToDBHash=log_host
105
106
107[Utmp]
108#
109# 0 to switch off, 1 to activate
110#
111LoginCheckActive=1
112
113# Severity for logins, multiple logins, logouts
114#
115SeverityLogin=info
116SeverityLoginMulti=warn
117SeverityLogout=info
118
119# interval for login/logout checks
120#
121LoginCheckInterval=60
122
123[Misc]
124#
125# whether to become a daemon process
126Daemon=no
127
128SetOutgoingIP = 127.0.0.1
129SetServerInterface = 127.0.0.1
130
131UseSeparateLogs=no
132
133SetUseSocket = yes
134SetSocketAllowUid=0
135SetSocketPassword=samhain
136
137SetClientFromAccept = yes
138
139SetUdpActive=no
140
141# the maximum time between client messages (seconds)
142# (this is a log server-only option; the default is 86400 sec = 1 day
143#
144# SetClientTimeLimit=1800
145
146UseClientSeverity = yes
147UseClientClass = yes
148
149# Format for message headers
150#
151# MessageHeader="%S %T %F %L "
152
153# priority for peer != address as notified by client
154# (lookup may fail on firewalled client)
155#
156# SeverityLookup = warn
157
158# time till next file check (seconds)
159SetFilecheckTime=600
160
161# Only highest-level (alert) reports will be mailed immediately,
162# others will be queued. Here you can define, when the queue will
163# be flushed (Note: the queue is automatically flushed after
164# completing a file check).
165#
166# maximum time till next mail (seconds)
167SetMailTime=86400
168
169# maximum number of queued mails
170SetMailNum=10
171
172# where to send mail to
173SetMailAddress=root@localhost
174
175# mail relay host
176# SetMailRelay=relay.yourdomain.de
177
178# The binary. Setting the path will allow
179# samhain to check for modifications between
180# startup and exit.
181#
182# SamhainPath=/usr/local/bin/samhain
183
184# where to get time from
185# SetTimeServer=www.yourdomain.de
186
187# where to export logs to
188SetLogServer=localhost
189
190# timer for time stamps
191SetLoopTime=10
192
193# trusted users (root and the effective user are always trusted)
194# TrustedUser=bin
195
196# whether to test signature of files (init/check/none)
197# - if 'none', then we have to decide this on the command line -
198#
199ChecksumTest=check
200
201
202[Clients]
Note: See TracBrowser for help on using the repository browser.