-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ##################################################################### # # Configuration file template for samhain. # ##################################################################### # # -- empty lines and lines starting with '#' are ignored # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # # SETUP for file system checking: # # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) To each policy, you can assign a severity (further below). # (iii) To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### [ReadOnly] # # for these files, only access time is ignored # # dir=/usr/bin # dir=/bin file = /var file = /bin file = /usr file = /tmp file = /etc # hopefully does not exist file=/etc/toodleedoo dir=1/usr [EventSeverity] # # Here you can assign severities to policy violations. # If this severity exceeds the treshold of a log facility (see below), # a policy violation will be logged to that facility. # # Severity for verification failures. # SeverityReadOnly=crit SeverityLogFiles=crit SeverityGrowingLogs=crit SeverityIgnoreNone=crit SeverityAttributes=crit # # We have a file in IgnoreAll that might or might not be present. # Setting the severity to 'info' prevents messages about deleted/new file. # SeverityIgnoreAll=info # # Files : file access problems # Dirs : directory access problems # Names : suspect (non-printable) characters in a pathname # SeverityFiles=crit SeverityDirs=crit SeverityNames=warn [Log] # # Set threshold severity for log facilities # Values: debug, info, notice, warn, mark, err, crit, alert, none. # 'mark' is used for timestamps. # # By default, everything equal to and above the threshold is logged. # The specifiers '*', '!', and '=' are interpreted as # 'all', 'all but', and 'only', respectively (like syslogd(8) does, # at least on Linux). # # MailSeverity=* # MailSeverity=!warn # MailSeverity==crit # MailSeverity=none PrintSeverity=info #PRINTClass = "RUN FIL STAMP" LogSeverity=none SyslogSeverity=none ExportSeverity=none DatabaseSeverity=none #databaseseverity=info [Database] # setdbname=samhain # setdbtable=log setdbuser=samhain setdbpassword=samhain #AddToDBHash=log_msg # AddToDBHash=log_host UsePersistent = True [Utmp] # # 0 to switch off, 1 to activate # LoginCheckActive=1 # Severity for logins, multiple logins, logouts # SeverityLogin=info SeverityLoginMulti=warn SeverityLogout=info # interval for login/logout checks # LoginCheckInterval=60 [Misc] # # whether to become a daemon process Daemon=no SetOutgoingIP = 127.0.0.1 SetServerInterface = 127.0.0.1 UseSeparateLogs=no SetUseSocket = yes SetSocketAllowUid=0 SetSocketPassword=samhain SetClientFromAccept = yes SetUdpActive=no # the maximum time between client messages (seconds) # (this is a log server-only option; the default is 86400 sec = 1 day # # SetClientTimeLimit=1800 UseClientSeverity = yes UseClientClass = yes # Format for message headers # # MessageHeader="%S %T %F %L " # priority for peer != address as notified by client # (lookup may fail on firewalled client) # # SeverityLookup = warn # time till next file check (seconds) SetFilecheckTime=600 # Only highest-level (alert) reports will be mailed immediately, # others will be queued. Here you can define, when the queue will # be flushed (Note: the queue is automatically flushed after # completing a file check). # # maximum time till next mail (seconds) SetMailTime=86400 # maximum number of queued mails SetMailNum=10 # where to send mail to SetMailAddress=root@localhost # mail relay host # SetMailRelay=relay.yourdomain.de # The binary. Setting the path will allow # samhain to check for modifications between # startup and exit. # # SamhainPath=/usr/local/bin/samhain # where to get time from # SetTimeServer=www.yourdomain.de # where to export logs to SetLogServer=localhost # timer for time stamps SetLoopTime=10 # trusted users (root and the effective user are always trusted) # TrustedUser=bin # whether to test signature of files (init/check/none) # - if 'none', then we have to decide this on the command line - # ChecksumTest=check [Clients] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFsTXBGq0myA9XH2wRAju6AKDsNT3cVYHVs4z+ZHdFgPwOdvESewCfcIAY RsnSZyhwBGtlA+rf35/gcQw= =Rb0p -----END PGP SIGNATURE-----