source: trunk/test/testrc_2.in@ 485

Last change on this file since 485 was 469, checked in by katerina, 10 years ago

Fix for ticket #367 (testing scripts). Also update version and changelog.

File size: 4.9 KB
RevLine 
[86]1-----BEGIN PGP SIGNED MESSAGE-----
2Hash: SHA1
[469]3NotDashEscaped: You need GnuPG to verify this message
[86]4
[1]5#####################################################################
6#
7# Configuration file template for samhain.
8#
9#####################################################################
10#
11# -- empty lines and lines starting with '#' are ignored
12# -- you can PGP clearsign this file -- samhain will check (if compiled
13# with support) or otherwise ignore the signature
14# -- CHECK mail address
15#
16# To each log facility, you can assign a threshold severity. Only
17# reports with at least the threshold severity will be logged
18# to the respective facility (even further below).
19#
20#####################################################################
21#
22# SETUP for file system checking:
23#
24# (i) There are several policies, each has its own section. Put files
25# into the section for the appropriate policy (see below).
26# (ii) To each policy, you can assign a severity (further below).
27# (iii) To each log facility, you can assign a threshold severity. Only
28# reports with at least the threshold severity will be logged
29# to the respective facility (even further below).
30#
31#####################################################################
32
33
34[ReadOnly]
35#
36# for these files, only access time is ignored
37#
[19]38# dir=/usr/bin
39# dir=/bin
[1]40
[19]41file = /var
42file = /bin
43file = /usr
44file = /tmp
45file = /etc
46
[463]47# hopefully does not exist
48file=/etc/toodleedoo
49
[34]50dir=1/usr
51
[1]52[EventSeverity]
53#
54# Here you can assign severities to policy violations.
55# If this severity exceeds the treshold of a log facility (see below),
56# a policy violation will be logged to that facility.
57#
58# Severity for verification failures.
59#
60SeverityReadOnly=crit
61SeverityLogFiles=crit
62SeverityGrowingLogs=crit
63SeverityIgnoreNone=crit
64SeverityAttributes=crit
65#
66# We have a file in IgnoreAll that might or might not be present.
67# Setting the severity to 'info' prevents messages about deleted/new file.
68#
69SeverityIgnoreAll=info
70
71#
72# Files : file access problems
73# Dirs : directory access problems
74# Names : suspect (non-printable) characters in a pathname
75#
76SeverityFiles=crit
77SeverityDirs=crit
78SeverityNames=warn
79
80[Log]
81#
82# Set threshold severity for log facilities
83# Values: debug, info, notice, warn, mark, err, crit, alert, none.
84# 'mark' is used for timestamps.
85#
86# By default, everything equal to and above the threshold is logged.
87# The specifiers '*', '!', and '=' are interpreted as
88# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
89# at least on Linux).
90#
91# MailSeverity=*
92# MailSeverity=!warn
93# MailSeverity==crit
94#
95MailSeverity=none
96PrintSeverity=info
97#PRINTClass = "RUN FIL STAMP"
98LogSeverity=none
99SyslogSeverity=none
100ExportSeverity=none
[19]101DatabaseSeverity=none
[1]102
103#databaseseverity=info
104
105[Database]
106# setdbname=samhain
107# setdbtable=log
108setdbuser=samhain
109setdbpassword=samhain
110#AddToDBHash=log_msg
111# AddToDBHash=log_host
[86]112UsePersistent = True
[1]113
114[Utmp]
115#
116# 0 to switch off, 1 to activate
117#
118LoginCheckActive=1
119
120# Severity for logins, multiple logins, logouts
121#
122SeverityLogin=info
123SeverityLoginMulti=warn
124SeverityLogout=info
125
126# interval for login/logout checks
127#
128LoginCheckInterval=60
129
130[Misc]
131#
132# whether to become a daemon process
133Daemon=no
134
[19]135SetOutgoingIP = 127.0.0.1
136SetServerInterface = 127.0.0.1
[1]137
[19]138UseSeparateLogs=no
[1]139
140SetUseSocket = yes
[22]141SetSocketAllowUid=0
142SetSocketPassword=samhain
[1]143
[19]144SetClientFromAccept = yes
[1]145
146SetUdpActive=no
147
148# the maximum time between client messages (seconds)
149# (this is a log server-only option; the default is 86400 sec = 1 day
150#
151# SetClientTimeLimit=1800
152
153UseClientSeverity = yes
154UseClientClass = yes
155
156# Format for message headers
157#
158# MessageHeader="%S %T %F %L "
159
160# priority for peer != address as notified by client
161# (lookup may fail on firewalled client)
162#
163# SeverityLookup = warn
164
165# time till next file check (seconds)
166SetFilecheckTime=600
167
168# Only highest-level (alert) reports will be mailed immediately,
169# others will be queued. Here you can define, when the queue will
170# be flushed (Note: the queue is automatically flushed after
171# completing a file check).
172#
173# maximum time till next mail (seconds)
174SetMailTime=86400
175
176# maximum number of queued mails
177SetMailNum=10
178
179# where to send mail to
180SetMailAddress=root@localhost
181
182# mail relay host
183# SetMailRelay=relay.yourdomain.de
184
185# The binary. Setting the path will allow
186# samhain to check for modifications between
187# startup and exit.
188#
189# SamhainPath=/usr/local/bin/samhain
190
191# where to get time from
192# SetTimeServer=www.yourdomain.de
193
194# where to export logs to
195SetLogServer=localhost
196
197# timer for time stamps
[19]198SetLoopTime=10
[1]199
200# trusted users (root and the effective user are always trusted)
201# TrustedUser=bin
202
203# whether to test signature of files (init/check/none)
204# - if 'none', then we have to decide this on the command line -
205#
206ChecksumTest=check
207
208
209[Clients]
[86]210-----BEGIN PGP SIGNATURE-----
[469]211Version: GnuPG v1
[86]212
[469]213iEYEARECAAYFAlUTGCcACgkQGq0myA9XH2zINACfQb/Wfa19OBbHVkw9uBNMB+lF
214cwUAnR0Geb+sFDcv7JsrrTjY8htjPHd2
215=7wXO
[86]216-----END PGP SIGNATURE-----
Note: See TracBrowser for help on using the repository browser.