source: trunk/test/testrc_1@ 1

Last change on this file since 1 was 1, checked in by katerina, 19 years ago

Initial import

File size: 5.9 KB
RevLine 
[1]1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[Misc]
31RedefUser0=-ATM
32
33[Attributes]
34#
35# for these files, only changes in permissions and ownership are checked
36#
37file=/etc/mtab
38#file=/etc/ssh_random_seed
39#file=/etc/asound.conf
40#file=/etc/resolv.conf
41#file=/etc/localtime
42#file=/etc/ioctl.save
43#file=/etc/passwd.backup
44#file=/etc/shadow.backup
45
46
47#
48# There are files in /etc that might change (see above),
49# thus changing the timestamps on the directory special file.
50# Put it here as 'file', and in the ReadOnly section as 'dir'.
51#
52file=/etc
53
54[GrowingLogFiles]
55#
56# for these files, changes in signature, timestamps, and increase in size
57# are ignored
58#
59# Example for shell-style wildcard pattern
60#
61#file=/var/log/n*
62
63[IgnoreAll]
64#dir=-1/etc
65
66[IgnoreNone]
67#dir=-1/etc
68
69[Attributes]
70# dir=/opt/gnome/bin/
71# file=/usr/bin/ssh
72
73
74[ReadOnly]
75#
76# for these files, only access time is ignored
77#
78#dir=/dev
79# dir=/usr/bin
80
81dir=/usr/bin
82#dir=/lib
83#dir=/usr/lib
84
85#dir=/lib
86#dir=3/etc
87#dir=/tmp
88# file=/usr/bin/ssh
89# dir=1/home/rainer
90
91#[SuidCheck]
92#SuidCheckActive=T
93# SuidCheckExclude=/net/localhost
94
95[EventSeverity]
96#
97# Here you can assign severities to policy violations.
98# If this severity exceeds the treshold of a log facility (see below),
99# a policy violation will be logged to that facility.
100#
101# Severity for verification failures.
102#
103SeverityUser0=crit
104SeverityUser1=crit
105SeverityReadOnly=crit
106SeverityLogFiles=crit
107SeverityGrowingLogs=crit
108SeverityIgnoreNone=crit
109SeverityAttributes=crit
110#
111# We have a file in IgnoreAll that might or might not be present.
112# Setting the severity to 'info' prevents messages about deleted/new file.
113#
114SeverityIgnoreAll=warn
115
116#
117# Files : file access problems
118# Dirs : directory access problems
119# Names : suspect (non-printable) characters in a pathname
120#
121SeverityFiles=notice
122SeverityDirs=info
123SeverityNames=warn
124
125[Log]
126#
127# Set threshold severity for log facilities
128# Values: debug, info, notice, warn, mark, err, crit, alert, none.
129# 'mark' is used for timestamps.
130#
131# By default, everything equal to and above the threshold is logged.
132# The specifiers '*', '!', and '=' are interpreted as
133# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
134# at least on Linux).
135#
136# MailSeverity=*
137# MailSeverity=!warn
138# MailSeverity==crit
139#
140MailSeverity=none
141LogSeverity=warn
142SyslogSeverity=none
143#ExportSeverity=none
144PrintSeverity=info
145# Restrict to certain classes of messages
146# MailClass = RUN
147PreludeSeverity = err
148
149# Which system calls to log (execve, utime, unlink, dup, chdir, open, kill,
150# exit, fork, setuid, setgid, pipe)
151#
152# LogCalls = open
153
154
155#[Kernel]
156#
157# Setings this to 1/true/yes will activate the check for loadable
158# kernel module rootkits (Linux only)
159#
160#KernelCheckActive=1
161#KernelCheckInterval = 20
162
163[Utmp]
164#
165# 0 to switch off, 1 to activate
166#
167LoginCheckActive=1
168
169# Severity for logins, multiple logins, logouts
170#
171SeverityLogin=info
172SeverityLoginMulti=warn
173SeverityLogout=info
174
175# interval for login/logout checks
176#
177LoginCheckInterval=60
178
179[Misc]
180#
181# whether to become a daemon process
182Daemon=no
183
184# Custom format for message header
185#
186# %S severity
187# %T timestamp
188# %C class
189#
190# %F source file
191# %L source line
192#
193# MessageHeader="%S %T - %F - %L "
194# MessageHeader="<log sev="%S" time="%T" "
195
196# the maximum time between client messages (seconds)
197# (this is a log server-only option; the default is 86400 sec = 1 day
198#
199# SetClientTimeLimit=1800
200
201# time till next file check (seconds)
202SetFilecheckTime=120
203
204# DigestAlgo=MD5
205
206# Only highest-level (alert) reports will be mailed immediately,
207# others will be queued. Here you can define, when the queue will
208# be flushed (Note: the queue is automatically flushed after
209# completing a file check).
210#
211# maximum time till next mail (seconds)
212SetMailTime=86400
213
214# maximum number of queued mails
215SetMailNum=10
216
217# where to send mail to
218SetMailAddress=root@localhost
219# MailSubject=* body %H # %M
220
221TrustedUser=uucp,fax,fnet
222
223# Watch syslog port
224#
225# SetUDPActive = yes
226
227# mail relay host
228# SetMailRelay=localhost
229
230# The binary. Setting the path will allow
231# samhain to check for modifications between
232# startup and exit.
233#
234# SamhainPath=/usr/local/bin/samhain
235
236# where to get time from
237# SetTimeServer=www.yourdomain.de
238
239# where to export logs to
240# SetLogServer=localhost
241
242SetRecursionLevel=10
243
244#setdatabasepath=AUTO
245#setlogfilepath=AUTO
246#setlockfilepath=AUTO
247
248# timer for time stamps
249SetLoopTime=60
250
251# report in full detail on modified files
252#
253ReportFullDetail = no
254
255# trusted users (root and the effective user are always trusted)
256# TrustedUser=bin
257
258# whether to test signature of files (init/check/none)
259# - if 'none', then we have to decide this on the command line -
260#
261ChecksumTest=check
262
263# Set the facility for syslog
264#
265# SyslogFacility=LOG_MAIL
266
267# Don't log names of configuration/database files on startup
268#
269# HideSetup=yes
270
271
272# everything below is ignored
273[EOF]
Note: See TracBrowser for help on using the repository browser.