source: trunk/test/testrc_2.in@ 20

Last change on this file since 20 was 19, checked in by rainer, 19 years ago

Rewrite of test suite, checksum for growing logs, fix for minor bug with dead client detection.

File size: 4.5 KB
Line 
1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[ReadOnly]
31#
32# for these files, only access time is ignored
33#
34# dir=/usr/bin
35# dir=/bin
36
37file = /var
38file = /bin
39file = /usr
40file = /tmp
41file = /etc
42
43[EventSeverity]
44#
45# Here you can assign severities to policy violations.
46# If this severity exceeds the treshold of a log facility (see below),
47# a policy violation will be logged to that facility.
48#
49# Severity for verification failures.
50#
51SeverityReadOnly=crit
52SeverityLogFiles=crit
53SeverityGrowingLogs=crit
54SeverityIgnoreNone=crit
55SeverityAttributes=crit
56#
57# We have a file in IgnoreAll that might or might not be present.
58# Setting the severity to 'info' prevents messages about deleted/new file.
59#
60SeverityIgnoreAll=info
61
62#
63# Files : file access problems
64# Dirs : directory access problems
65# Names : suspect (non-printable) characters in a pathname
66#
67SeverityFiles=crit
68SeverityDirs=crit
69SeverityNames=warn
70
71[Log]
72#
73# Set threshold severity for log facilities
74# Values: debug, info, notice, warn, mark, err, crit, alert, none.
75# 'mark' is used for timestamps.
76#
77# By default, everything equal to and above the threshold is logged.
78# The specifiers '*', '!', and '=' are interpreted as
79# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
80# at least on Linux).
81#
82# MailSeverity=*
83# MailSeverity=!warn
84# MailSeverity==crit
85#
86MailSeverity=none
87PrintSeverity=info
88#PRINTClass = "RUN FIL STAMP"
89LogSeverity=none
90SyslogSeverity=none
91ExportSeverity=none
92DatabaseSeverity=none
93
94#databaseseverity=info
95
96[Database]
97# setdbname=samhain
98# setdbtable=log
99setdbuser=samhain
100setdbpassword=samhain
101#AddToDBHash=log_msg
102# AddToDBHash=log_host
103
104
105[Utmp]
106#
107# 0 to switch off, 1 to activate
108#
109LoginCheckActive=1
110
111# Severity for logins, multiple logins, logouts
112#
113SeverityLogin=info
114SeverityLoginMulti=warn
115SeverityLogout=info
116
117# interval for login/logout checks
118#
119LoginCheckInterval=60
120
121[Misc]
122#
123# whether to become a daemon process
124Daemon=no
125
126SetOutgoingIP = 127.0.0.1
127SetServerInterface = 127.0.0.1
128
129UseSeparateLogs=no
130
131SetUseSocket = yes
132
133SetClientFromAccept = yes
134
135SetUdpActive=no
136
137# the maximum time between client messages (seconds)
138# (this is a log server-only option; the default is 86400 sec = 1 day
139#
140# SetClientTimeLimit=1800
141
142UseClientSeverity = yes
143UseClientClass = yes
144
145# Format for message headers
146#
147# MessageHeader="%S %T %F %L "
148
149# priority for peer != address as notified by client
150# (lookup may fail on firewalled client)
151#
152# SeverityLookup = warn
153
154# time till next file check (seconds)
155SetFilecheckTime=600
156
157# Only highest-level (alert) reports will be mailed immediately,
158# others will be queued. Here you can define, when the queue will
159# be flushed (Note: the queue is automatically flushed after
160# completing a file check).
161#
162# maximum time till next mail (seconds)
163SetMailTime=86400
164
165# maximum number of queued mails
166SetMailNum=10
167
168# where to send mail to
169SetMailAddress=root@localhost
170
171# mail relay host
172# SetMailRelay=relay.yourdomain.de
173
174# The binary. Setting the path will allow
175# samhain to check for modifications between
176# startup and exit.
177#
178# SamhainPath=/usr/local/bin/samhain
179
180# where to get time from
181# SetTimeServer=www.yourdomain.de
182
183# where to export logs to
184SetLogServer=localhost
185
186# timer for time stamps
187SetLoopTime=10
188
189# trusted users (root and the effective user are always trusted)
190# TrustedUser=bin
191
192# whether to test signature of files (init/check/none)
193# - if 'none', then we have to decide this on the command line -
194#
195ChecksumTest=check
196
197
198[Clients]
Note: See TracBrowser for help on using the repository browser.