source: trunk/test/testrc_1@ 249

Last change on this file since 249 was 19, checked in by rainer, 19 years ago

Rewrite of test suite, checksum for growing logs, fix for minor bug with dead client detection.

File size: 5.9 KB
RevLine 
[1]1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[Misc]
31RedefUser0=-ATM
32
33[Attributes]
34#
35# for these files, only changes in permissions and ownership are checked
36#
[19]37#file=/etc/mtab
[1]38#file=/etc/ssh_random_seed
39#file=/etc/asound.conf
40#file=/etc/resolv.conf
41#file=/etc/localtime
42#file=/etc/ioctl.save
43#file=/etc/passwd.backup
44#file=/etc/shadow.backup
45
46
47#
48# There are files in /etc that might change (see above),
49# thus changing the timestamps on the directory special file.
50# Put it here as 'file', and in the ReadOnly section as 'dir'.
51#
52file=/etc
53
54[GrowingLogFiles]
55#
56# for these files, changes in signature, timestamps, and increase in size
57# are ignored
58#
59# Example for shell-style wildcard pattern
60#
61#file=/var/log/n*
62
63[IgnoreAll]
64#dir=-1/etc
65
66[IgnoreNone]
67#dir=-1/etc
68
69[Attributes]
70# dir=/opt/gnome/bin/
71# file=/usr/bin/ssh
72
73
74[ReadOnly]
75#
76# for these files, only access time is ignored
77#
78#dir=/dev
79# dir=/usr/bin
80
[19]81#dir=/usr/bin
[1]82#dir=/lib
83#dir=/usr/lib
84
85#dir=/lib
86#dir=3/etc
87#dir=/tmp
88# file=/usr/bin/ssh
89# dir=1/home/rainer
90
91#[SuidCheck]
92#SuidCheckActive=T
[19]93#SuidCheckExclude=/home
[1]94
95[EventSeverity]
96#
97# Here you can assign severities to policy violations.
98# If this severity exceeds the treshold of a log facility (see below),
99# a policy violation will be logged to that facility.
100#
101# Severity for verification failures.
102#
103SeverityUser0=crit
104SeverityUser1=crit
105SeverityReadOnly=crit
106SeverityLogFiles=crit
107SeverityGrowingLogs=crit
108SeverityIgnoreNone=crit
109SeverityAttributes=crit
110#
111# We have a file in IgnoreAll that might or might not be present.
112# Setting the severity to 'info' prevents messages about deleted/new file.
113#
114SeverityIgnoreAll=warn
115
116#
117# Files : file access problems
118# Dirs : directory access problems
119# Names : suspect (non-printable) characters in a pathname
120#
121SeverityFiles=notice
122SeverityDirs=info
123SeverityNames=warn
124
125[Log]
126#
127# Set threshold severity for log facilities
128# Values: debug, info, notice, warn, mark, err, crit, alert, none.
129# 'mark' is used for timestamps.
130#
131# By default, everything equal to and above the threshold is logged.
132# The specifiers '*', '!', and '=' are interpreted as
133# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
134# at least on Linux).
135#
136# MailSeverity=*
137# MailSeverity=!warn
138# MailSeverity==crit
139#
140MailSeverity=none
141LogSeverity=warn
142SyslogSeverity=none
143#ExportSeverity=none
144PrintSeverity=info
145# Restrict to certain classes of messages
146# MailClass = RUN
[19]147#PreludeSeverity = err
[1]148
149# Which system calls to log (execve, utime, unlink, dup, chdir, open, kill,
150# exit, fork, setuid, setgid, pipe)
151#
152# LogCalls = open
153
154
155#[Kernel]
156#
157# Setings this to 1/true/yes will activate the check for loadable
158# kernel module rootkits (Linux only)
159#
160#KernelCheckActive=1
161#KernelCheckInterval = 20
162
[19]163#[Utmp]
[1]164#
165# 0 to switch off, 1 to activate
166#
[19]167#LoginCheckActive=1
[1]168
169# Severity for logins, multiple logins, logouts
170#
[19]171#SeverityLogin=info
172#SeverityLoginMulti=warn
173#SeverityLogout=info
[1]174
175# interval for login/logout checks
176#
[19]177#LoginCheckInterval=60
[1]178
179[Misc]
180#
181# whether to become a daemon process
182Daemon=no
183
184# Custom format for message header
185#
186# %S severity
187# %T timestamp
188# %C class
189#
190# %F source file
191# %L source line
192#
193# MessageHeader="%S %T - %F - %L "
194# MessageHeader="<log sev="%S" time="%T" "
195
196# the maximum time between client messages (seconds)
197# (this is a log server-only option; the default is 86400 sec = 1 day
198#
199# SetClientTimeLimit=1800
200
201# time till next file check (seconds)
202SetFilecheckTime=120
203
204# DigestAlgo=MD5
205
206# Only highest-level (alert) reports will be mailed immediately,
207# others will be queued. Here you can define, when the queue will
208# be flushed (Note: the queue is automatically flushed after
209# completing a file check).
210#
211# maximum time till next mail (seconds)
212SetMailTime=86400
213
214# maximum number of queued mails
215SetMailNum=10
216
217# where to send mail to
218SetMailAddress=root@localhost
219# MailSubject=* body %H # %M
220
[19]221#TrustedUser=uucp,fax,fnet
[1]222
223# Watch syslog port
224#
225# SetUDPActive = yes
226
227# mail relay host
228# SetMailRelay=localhost
229
230# The binary. Setting the path will allow
231# samhain to check for modifications between
232# startup and exit.
233#
234# SamhainPath=/usr/local/bin/samhain
235
236# where to get time from
237# SetTimeServer=www.yourdomain.de
238
239# where to export logs to
240# SetLogServer=localhost
241
242SetRecursionLevel=10
243
244#setdatabasepath=AUTO
245#setlogfilepath=AUTO
246#setlockfilepath=AUTO
247
248# timer for time stamps
249SetLoopTime=60
250
251# report in full detail on modified files
252#
253ReportFullDetail = no
254
255# trusted users (root and the effective user are always trusted)
256# TrustedUser=bin
257
258# whether to test signature of files (init/check/none)
259# - if 'none', then we have to decide this on the command line -
260#
261ChecksumTest=check
262
263# Set the facility for syslog
264#
265# SyslogFacility=LOG_MAIL
266
267# Don't log names of configuration/database files on startup
268#
269# HideSetup=yes
270
271
272# everything below is ignored
273[EOF]
Note: See TracBrowser for help on using the repository browser.