source: trunk/test/testrc_2.in@ 441

Last change on this file since 441 was 86, checked in by rainer, 18 years ago

More thorough fix for ticket #47, and corresponding regression test.
File size: 4.8 KB
RevLine 
[86]1-----BEGIN PGP SIGNED MESSAGE-----
2Hash: SHA1
3
[1]4#####################################################################
5#
6# Configuration file template for samhain.
7#
8#####################################################################
9#
10# -- empty lines and lines starting with '#' are ignored
11# -- you can PGP clearsign this file -- samhain will check (if compiled
12# with support) or otherwise ignore the signature
13# -- CHECK mail address
14#
15# To each log facility, you can assign a threshold severity. Only
16# reports with at least the threshold severity will be logged
17# to the respective facility (even further below).
18#
19#####################################################################
20#
21# SETUP for file system checking:
22#
23# (i) There are several policies, each has its own section. Put files
24# into the section for the appropriate policy (see below).
25# (ii) To each policy, you can assign a severity (further below).
26# (iii) To each log facility, you can assign a threshold severity. Only
27# reports with at least the threshold severity will be logged
28# to the respective facility (even further below).
29#
30#####################################################################
31
32
33[ReadOnly]
34#
35# for these files, only access time is ignored
36#
[19]37# dir=/usr/bin
38# dir=/bin
[1]39
[19]40file = /var
41file = /bin
42file = /usr
43file = /tmp
44file = /etc
45
[34]46dir=1/usr
47
[1]48[EventSeverity]
49#
50# Here you can assign severities to policy violations.
51# If this severity exceeds the treshold of a log facility (see below),
52# a policy violation will be logged to that facility.
53#
54# Severity for verification failures.
55#
56SeverityReadOnly=crit
57SeverityLogFiles=crit
58SeverityGrowingLogs=crit
59SeverityIgnoreNone=crit
60SeverityAttributes=crit
61#
62# We have a file in IgnoreAll that might or might not be present.
63# Setting the severity to 'info' prevents messages about deleted/new file.
64#
65SeverityIgnoreAll=info
66
67#
68# Files : file access problems
69# Dirs : directory access problems
70# Names : suspect (non-printable) characters in a pathname
71#
72SeverityFiles=crit
73SeverityDirs=crit
74SeverityNames=warn
75
76[Log]
77#
78# Set threshold severity for log facilities
79# Values: debug, info, notice, warn, mark, err, crit, alert, none.
80# 'mark' is used for timestamps.
81#
82# By default, everything equal to and above the threshold is logged.
83# The specifiers '*', '!', and '=' are interpreted as
84# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
85# at least on Linux).
86#
87# MailSeverity=*
88# MailSeverity=!warn
89# MailSeverity==crit
90#
91MailSeverity=none
92PrintSeverity=info
93#PRINTClass = "RUN FIL STAMP"
94LogSeverity=none
95SyslogSeverity=none
96ExportSeverity=none
[19]97DatabaseSeverity=none
[1]98
99#databaseseverity=info
100
101[Database]
102# setdbname=samhain
103# setdbtable=log
104setdbuser=samhain
105setdbpassword=samhain
106#AddToDBHash=log_msg
107# AddToDBHash=log_host
[86]108UsePersistent = True
[1]109
110[Utmp]
111#
112# 0 to switch off, 1 to activate
113#
114LoginCheckActive=1
115
116# Severity for logins, multiple logins, logouts
117#
118SeverityLogin=info
119SeverityLoginMulti=warn
120SeverityLogout=info
121
122# interval for login/logout checks
123#
124LoginCheckInterval=60
125
126[Misc]
127#
128# whether to become a daemon process
129Daemon=no
130
[19]131SetOutgoingIP = 127.0.0.1
132SetServerInterface = 127.0.0.1
[1]133
[19]134UseSeparateLogs=no
[1]135
136SetUseSocket = yes
[22]137SetSocketAllowUid=0
138SetSocketPassword=samhain
[1]139
[19]140SetClientFromAccept = yes
[1]141
142SetUdpActive=no
143
144# the maximum time between client messages (seconds)
145# (this is a log server-only option; the default is 86400 sec = 1 day
146#
147# SetClientTimeLimit=1800
148
149UseClientSeverity = yes
150UseClientClass = yes
151
152# Format for message headers
153#
154# MessageHeader="%S %T %F %L "
155
156# priority for peer != address as notified by client
157# (lookup may fail on firewalled client)
158#
159# SeverityLookup = warn
160
161# time till next file check (seconds)
162SetFilecheckTime=600
163
164# Only highest-level (alert) reports will be mailed immediately,
165# others will be queued. Here you can define, when the queue will
166# be flushed (Note: the queue is automatically flushed after
167# completing a file check).
168#
169# maximum time till next mail (seconds)
170SetMailTime=86400
171
172# maximum number of queued mails
173SetMailNum=10
174
175# where to send mail to
176SetMailAddress=root@localhost
177
178# mail relay host
179# SetMailRelay=relay.yourdomain.de
180
181# The binary. Setting the path will allow
182# samhain to check for modifications between
183# startup and exit.
184#
185# SamhainPath=/usr/local/bin/samhain
186
187# where to get time from
188# SetTimeServer=www.yourdomain.de
189
190# where to export logs to
191SetLogServer=localhost
192
193# timer for time stamps
[19]194SetLoopTime=10
[1]195
196# trusted users (root and the effective user are always trusted)
197# TrustedUser=bin
198
199# whether to test signature of files (init/check/none)
200# - if 'none', then we have to decide this on the command line -
201#
202ChecksumTest=check
203
204
205[Clients]
[86]206-----BEGIN PGP SIGNATURE-----
207Version: GnuPG v1.4.2.2 (GNU/Linux)
208
209iD8DBQFFsTXBGq0myA9XH2wRAju6AKDsNT3cVYHVs4z+ZHdFgPwOdvESewCfcIAY
210RsnSZyhwBGtlA+rf35/gcQw=
211=Rb0p
212-----END PGP SIGNATURE-----
Note: See TracBrowser for help on using the repository browser.