source: trunk/test/testrc_1ext.in@ 316

Last change on this file since 316 was 1, checked in by katerina, 19 years ago

Initial import

File size: 4.4 KB
RevLine 
[1]1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[Attributes]
31#
32# for these files, only changes in permissions and ownership are checked
33#
34
35#
36# There are files in /etc that might change, thus changing the directory
37# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'.
38#
39
40
41[GrowingLogFiles]
42#
43# for these files, changes in signature, timestamps, and increase in size
44# are ignored
45#
46
47
48[ReadOnly]
49#
50# for these files, only access time is ignored
51#
52#dir=/usr/bin
53#dir=/bin
54#dir=3/etc
55
56[EventSeverity]
57#
58# Here you can assign severities to policy violations.
59# If this severity exceeds the treshold of a log facility (see below),
60# a policy violation will be logged to that facility.
61#
62# Severity for verification failures.
63#
64SeverityReadOnly=crit
65SeverityLogFiles=crit
66SeverityGrowingLogs=crit
67SeverityIgnoreNone=crit
68SeverityAttributes=crit
69#
70# We have a file in IgnoreAll that might or might not be present.
71# Setting the severity to 'info' prevents messages about deleted/new file.
72#
73SeverityIgnoreAll=info
74
75#
76# Files : file access problems
77# Dirs : directory access problems
78# Names : suspect (non-printable) characters in a pathname
79#
80SeverityFiles=crit
81SeverityDirs=crit
82SeverityNames=warn
83
84[Log]
85#
86# Set threshold severity for log facilities
87# Values: debug, info, notice, warn, mark, err, crit, alert, none.
88# 'mark' is used for timestamps.
89#
90# By default, everything equal to and above the threshold is logged.
91# The specifiers '*', '!', and '=' are interpreted as
92# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
93# at least on Linux).
94#
95# MailSeverity=*
96# MailSeverity=!warn
97# MailSeverity==crit
98#
99MailSeverity=none
100PrintSeverity=none
101LogSeverity=none
102SyslogSeverity=none
103ExportSeverity=none
104ExternalSeverity=info
105
106
107
108[Utmp]
109#
110# 0 to switch off, 1 to activate
111#
112LoginCheckActive=1
113
114# Severity for logins, multiple logins, logouts
115#
116SeverityLogin=info
117SeverityLoginMulti=warn
118SeverityLogout=info
119
120# interval for login/logout checks
121#
122LoginCheckInterval=60
123
124[Misc]
125#
126# whether to become a daemon process
127Daemon=no
128
129# MessageHeader="%S %T - %F - %L :%C: "
130
131# the maximum time between client messages (seconds)
132# (this is a log server-only option; the default is 86400 sec = 1 day
133#
134# SetClientTimeLimit=1800
135
136# time till next file check (seconds)
137SetFilecheckTime=600
138
139# Only highest-level (alert) reports will be mailed immediately,
140# others will be queued. Here you can define, when the queue will
141# be flushed (Note: the queue is automatically flushed after
142# completing a file check).
143#
144# maximum time till next mail (seconds)
145SetMailTime=86400
146
147# maximum number of queued mails
148SetMailNum=10
149
150# where to send mail to
151SetMailAddress=root@localhost
152
153
154# mail relay host
155# SetMailRelay=relay.yourdomain.de
156
157# The binary. Setting the path will allow
158# samhain to check for modifications between
159# startup and exit.
160#
161# SamhainPath=/usr/local/bin/samhain
162
163# where to get time from
164# SetTimeServer=www.yourdomain.de
165
166# where to export logs to
167SetLogServer=localhost
168
169# timer for time stamps
170SetLoopTime=60
171
172# report in full detail on modified files
173#
174ReportFullDetail = no
175
176# trusted users (root and the effective user are always trusted)
177# TrustedUser=bin
178
179# whether to test signature of files (init/check/none)
180# - if 'none', then we have to decide this on the command line -
181#
182ChecksumTest=init
183
184[External]
185
186
187
Note: See TracBrowser for help on using the repository browser.