source: tags/4.1.0/samhainrc.aix5.2.0

Last change on this file was 1, checked in by katerina, 15 years ago

Initial import

File size: 5.5 KB
Line 
1#####################################################################
2#
3#               AIX 5.2.0 configuration file for Samhain.
4#
5####################################################################
6#       
7# Date    : 23.10.2003
8# Author  : Christoph Kiefer (chkiefer@intergga.ch)
9# Comment : Samhain client configuration file. Should work
10#           for AIX 5.1.0. The Samhain version is 1.7.12
11#               This configuration fits MY needs, YOU will
12#               probably have to modify it.
13#
14# Changes : Date          Name                          Remarks
15#           23.10.2003    Christoph Kiefer      Initial Version
16#
17#####################################################################
18#
19# -- empty lines and lines starting with '#', ';' or '//' are ignored
20# -- boolean options can be Yes/No or True/False or 1/0
21# -- you can PGP clearsign this file -- samhain will check (if compiled
22#    with support) or otherwise ignore the signature
23# -- CHECK mail address
24#
25# To each log facility, you can assign a threshold severity. Only
26# reports with at least the threshold severity will be logged
27# to the respective facility (even further below).
28#
29#####################################################################
30# SETUP for file system checking:
31# (i)   There are several policies, each has its own section. Put files
32#       into the section for the appropriate policy (see below).
33# (ii)  Section [EventSeverity]:
34#       To each policy, you can assign a severity (further below).
35# (iii) Section [Log]:
36#       To each log facility, you can assign a threshold severity. Only
37#       reports with at least the threshold severity will be logged
38#       to the respective facility (even further below).
39#####################################################################
40
41#####################################################################
42#
43# Files are defined with: file = /absolute/path
44#
45# Directories are defined with:                  dir = /absolute/path
46# or with an optional recursion depth (N <= 99): dir = N/absolute/path
47#
48# Directory inodes are checked. If you only want to check files
49# in a directory, but not the directory inode itself, use (e.g.):
50#
51# [ReadOnly]
52# dir = /some/directory
53# [IgnoreAll]
54# file = /some/directory
55#
56# You can use shell-style globbing patterns, like: file = /path/foo*
57#
58######################################################################
59
60[Misc]
61MessageHeader=""
62RedefLogFiles=-INO
63SetFilecheckTime=3600
64SetLoopTime=3600
65SetRecursionLevel=99
66DigestAlgo=SHA1
67ChecksumTest=check
68SetTimeServer=localhost
69ReportFullDetail=no
70Daemon=yes
71HideSetup=yes
72ReportOnlyOnce=yes
73UseLocalTime=yes
74
75## The Prelude-IDS profile to use for reporting
76## default value is "samhain"
77#
78# PreludeProfile = samhain
79
80## Map these samhain severities to impact severity 'info' severity
81#
82# PreludeMapToInfo =
83
84## Map these samhain severities to impact severity 'low' severity
85#
86# PreludeMapToLow = debug info
87
88## Map these samhain severities to impact severity 'medium' severity
89#
90# PreludeMapToMedium = notice warn err
91
92## Map these samhain severities to impact severity 'high' severity
93#
94# PreludeMapToHigh = crit alert
95
96[IgnoreAll]
97dir=-1/etc/objrepos
98dir=-1/etc/vg
99dir=-1/dev/.SRC-unix
100dir=-1/dev/pts
101dir=-1/opt
102dir=-1/tmp
103dir=-1/usr/share/lib/objrepos
104dir=-1/usr/share/man
105dir=-1/var/adm/cron
106dir=-1/var/tmp
107file=/dev/log*
108
109[Attributes]
110file=/etc/lpp/diagnostics/data/*
111file=/audit/auditb
112file=/dev
113# file=/etc/bootpd.dump
114file=/etc/bootptab
115file=/etc/inittab
116file=/etc/xtab
117dir=/dev
118dir=/usr/dt
119dir=/usr/lib/instl
120dir=/usr/lib/lpd
121dir=/usr/lib/mh
122dir=/usr/lib/sa
123dir=/usr/lpp
124
125[LogFiles]
126file=/etc/rmtab
127file=/etc/security/failedlogin
128file=/etc/security/lastlog
129file=/etc/security/portlog
130file=/etc/utmp
131# file=/smit.log
132file=/var/adm/*log*
133file=/var/adm/ras/*log*
134file=/var/adm/wtmp
135file=/var/log/*log*
136
137[IgnoreNone]
138file=/etc/tsh_profile
139
140[ReadOnly]
141dir=/etc/security/ldap
142file=/etc/*.cnf
143file=/etc/*conf*
144file=/etc/aliases
145file=/etc/dumpdates
146file=/etc/environment
147file=/etc/exports
148file=/etc/filesystems
149file=/etc/ftpusers
150file=/etc/group
151file=/etc/hosts*
152file=/etc/motd
153file=/etc/passwd
154file=/etc/profile
155file=/etc/protocols
156file=/etc/publickey
157file=/etc/rc.*
158file=/etc/rpc
159file=/etc/security/acl
160file=/etc/security/environ
161file=/etc/security/group
162file=/etc/security/limits
163file=/etc/security/login.cfg
164file=/etc/security/passwd
165file=/etc/security/roles
166file=/etc/security/smitacl.*
167file=/etc/security/user*
168file=/etc/sendmail.cf
169file=/etc/services
170file=/etc/sudoers
171file=/etc/swapspaces
172file=/etc/vfs
173# file=/smit.script
174dir=/etc/mail
175dir=/etc/rc.d
176dir=/etc/security/audit
177dir=/home/root
178dir=/sbin
179dir=/usr/X11R6
180dir=/usr/bin
181dir=/usr/ccs
182dir=/usr/etc
183dir=/usr/include
184dir=/usr/lib/boot
185dir=/usr/lib/methods
186dir=/usr/lib/microcode
187dir=/usr/lib/security
188dir=/usr/lib/smit
189dir=/usr/local/bin
190dir=/usr/sbin
191dir=/usr/share
192dir=/usr/ucb
193
194[EventSeverity]
195SeverityAttributes=crit
196SeverityDirs=err
197SeverityFiles=err
198SeverityGrowingLogs=warn
199SeverityIgnoreNone=crit
200SeverityLogFiles=crit
201SeverityReadOnly=crit
202SeverityIgnoreAll=info
203SeverityNames=info
204
205[Log]
206ExportClass=RUN FIL PANIC ERR ENET EINPUT
207LogSeverity=none
208MailSeverity=none
209PrintSeverity=none
210ExportSeverity=warn
211SyslogSeverity=warn
212
213## Logging to a Prelude-IDS
214##
215# PreludeSeverity = crit
216
217[SuidCheck]
218SuidCheckExclude=/proc
219SuidCheckActive=1
220SuidCheckInterval=1800
221SuidCheckFps=250
222#SuidCheckYield=no
223SeveritySuidCheck=alert
224#SuidCheckQuarantineFiles=yes
225#SuidCheckQuarantineMethod=0
226# SuidCheckQuarantineDelete = yes
227
228
229[Utmp]
230LoginCheckActive=1
231LoginCheckInterval=30
232SeverityLogin=info
233SeverityLogout=info
234SeverityLoginMulti=warn
235
236[EOF]
Note: See TracBrowser for help on using the repository browser.