source: trunk/test/testrc_2.in@ 467

Last change on this file since 467 was 463, checked in by katerina, 10 years ago

Fix for ticket #363 (database load on init when missing file in config).

File size: 4.9 KB
RevLine 
[86]1-----BEGIN PGP SIGNED MESSAGE-----
2Hash: SHA1
3
[1]4#####################################################################
5#
6# Configuration file template for samhain.
7#
8#####################################################################
9#
10# -- empty lines and lines starting with '#' are ignored
11# -- you can PGP clearsign this file -- samhain will check (if compiled
12# with support) or otherwise ignore the signature
13# -- CHECK mail address
14#
15# To each log facility, you can assign a threshold severity. Only
16# reports with at least the threshold severity will be logged
17# to the respective facility (even further below).
18#
19#####################################################################
20#
21# SETUP for file system checking:
22#
23# (i) There are several policies, each has its own section. Put files
24# into the section for the appropriate policy (see below).
25# (ii) To each policy, you can assign a severity (further below).
26# (iii) To each log facility, you can assign a threshold severity. Only
27# reports with at least the threshold severity will be logged
28# to the respective facility (even further below).
29#
30#####################################################################
31
32
33[ReadOnly]
34#
35# for these files, only access time is ignored
36#
[19]37# dir=/usr/bin
38# dir=/bin
[1]39
[19]40file = /var
41file = /bin
42file = /usr
43file = /tmp
44file = /etc
45
[463]46# hopefully does not exist
47file=/etc/toodleedoo
48
[34]49dir=1/usr
50
[1]51[EventSeverity]
52#
53# Here you can assign severities to policy violations.
54# If this severity exceeds the treshold of a log facility (see below),
55# a policy violation will be logged to that facility.
56#
57# Severity for verification failures.
58#
59SeverityReadOnly=crit
60SeverityLogFiles=crit
61SeverityGrowingLogs=crit
62SeverityIgnoreNone=crit
63SeverityAttributes=crit
64#
65# We have a file in IgnoreAll that might or might not be present.
66# Setting the severity to 'info' prevents messages about deleted/new file.
67#
68SeverityIgnoreAll=info
69
70#
71# Files : file access problems
72# Dirs : directory access problems
73# Names : suspect (non-printable) characters in a pathname
74#
75SeverityFiles=crit
76SeverityDirs=crit
77SeverityNames=warn
78
79[Log]
80#
81# Set threshold severity for log facilities
82# Values: debug, info, notice, warn, mark, err, crit, alert, none.
83# 'mark' is used for timestamps.
84#
85# By default, everything equal to and above the threshold is logged.
86# The specifiers '*', '!', and '=' are interpreted as
87# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
88# at least on Linux).
89#
90# MailSeverity=*
91# MailSeverity=!warn
92# MailSeverity==crit
93#
94MailSeverity=none
95PrintSeverity=info
96#PRINTClass = "RUN FIL STAMP"
97LogSeverity=none
98SyslogSeverity=none
99ExportSeverity=none
[19]100DatabaseSeverity=none
[1]101
102#databaseseverity=info
103
104[Database]
105# setdbname=samhain
106# setdbtable=log
107setdbuser=samhain
108setdbpassword=samhain
109#AddToDBHash=log_msg
110# AddToDBHash=log_host
[86]111UsePersistent = True
[1]112
113[Utmp]
114#
115# 0 to switch off, 1 to activate
116#
117LoginCheckActive=1
118
119# Severity for logins, multiple logins, logouts
120#
121SeverityLogin=info
122SeverityLoginMulti=warn
123SeverityLogout=info
124
125# interval for login/logout checks
126#
127LoginCheckInterval=60
128
129[Misc]
130#
131# whether to become a daemon process
132Daemon=no
133
[19]134SetOutgoingIP = 127.0.0.1
135SetServerInterface = 127.0.0.1
[1]136
[19]137UseSeparateLogs=no
[1]138
139SetUseSocket = yes
[22]140SetSocketAllowUid=0
141SetSocketPassword=samhain
[1]142
[19]143SetClientFromAccept = yes
[1]144
145SetUdpActive=no
146
147# the maximum time between client messages (seconds)
148# (this is a log server-only option; the default is 86400 sec = 1 day
149#
150# SetClientTimeLimit=1800
151
152UseClientSeverity = yes
153UseClientClass = yes
154
155# Format for message headers
156#
157# MessageHeader="%S %T %F %L "
158
159# priority for peer != address as notified by client
160# (lookup may fail on firewalled client)
161#
162# SeverityLookup = warn
163
164# time till next file check (seconds)
165SetFilecheckTime=600
166
167# Only highest-level (alert) reports will be mailed immediately,
168# others will be queued. Here you can define, when the queue will
169# be flushed (Note: the queue is automatically flushed after
170# completing a file check).
171#
172# maximum time till next mail (seconds)
173SetMailTime=86400
174
175# maximum number of queued mails
176SetMailNum=10
177
178# where to send mail to
179SetMailAddress=root@localhost
180
181# mail relay host
182# SetMailRelay=relay.yourdomain.de
183
184# The binary. Setting the path will allow
185# samhain to check for modifications between
186# startup and exit.
187#
188# SamhainPath=/usr/local/bin/samhain
189
190# where to get time from
191# SetTimeServer=www.yourdomain.de
192
193# where to export logs to
194SetLogServer=localhost
195
196# timer for time stamps
[19]197SetLoopTime=10
[1]198
199# trusted users (root and the effective user are always trusted)
200# TrustedUser=bin
201
202# whether to test signature of files (init/check/none)
203# - if 'none', then we have to decide this on the command line -
204#
205ChecksumTest=check
206
207
208[Clients]
[86]209-----BEGIN PGP SIGNATURE-----
210Version: GnuPG v1.4.2.2 (GNU/Linux)
211
212iD8DBQFFsTXBGq0myA9XH2wRAju6AKDsNT3cVYHVs4z+ZHdFgPwOdvESewCfcIAY
213RsnSZyhwBGtlA+rf35/gcQw=
214=Rb0p
215-----END PGP SIGNATURE-----
Note: See TracBrowser for help on using the repository browser.