| Rev | Line | |
|---|
| [1] | 1 | Checking sensitive files owned by users.
|
|---|
| 2 | ------------------------------------
|
|---|
| 3 | samhain can be compiled to support checking of files that are specified
|
|---|
| 4 | as being relative to the a user's home directory. It is intended to
|
|---|
| 5 | detect interference with files that influence process behaviour such as
|
|---|
| 6 | .profile
|
|---|
| 7 | It simply adds the appropriate file entries to the main samhain list, at
|
|---|
| 8 | the specified alerting level.
|
|---|
| 9 |
|
|---|
| 10 |
|
|---|
| 11 | -------->8---------
|
|---|
| 12 |
|
|---|
| 13 | [UserFiles]
|
|---|
| 14 | #
|
|---|
| 15 | # Activate (0 is off).
|
|---|
| 16 | #
|
|---|
| 17 | UserfilesActive=1
|
|---|
| 18 |
|
|---|
| 19 | #
|
|---|
| 20 | # Files to check for under each $HOME
|
|---|
| 21 | # A specific level can be specified.
|
|---|
| 22 | # The allowed values are:
|
|---|
| 23 | # allignore
|
|---|
| 24 | # attributes
|
|---|
| 25 | # logfiles
|
|---|
| 26 | # loggrow
|
|---|
| 27 | # noignore
|
|---|
| 28 | # readonly
|
|---|
| 29 | # user0
|
|---|
| 30 | # user1
|
|---|
| 31 | #
|
|---|
| 32 | #Ê The default is noignore
|
|---|
| 33 | UserfilesName=.login noignore
|
|---|
| 34 | UserfilesName=.profile readonly
|
|---|
| 35 | UserfilesName=.ssh/authorized_keys
|
|---|
| 36 |
|
|---|
| 37 | -------->8---------
|
|---|
| 38 |
|
|---|
| 39 | This module by the eircom.net Computer Incident Response Team.
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
