source: trunk/test/testrc_2.in@ 31

Last change on this file since 31 was 22, checked in by rainer, 19 years ago

Minor code revisions.
File size: 4.6 KB
Line 
1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[ReadOnly]
31#
32# for these files, only access time is ignored
33#
34# dir=/usr/bin
35# dir=/bin
36
37file = /var
38file = /bin
39file = /usr
40file = /tmp
41file = /etc
42
43[EventSeverity]
44#
45# Here you can assign severities to policy violations.
46# If this severity exceeds the treshold of a log facility (see below),
47# a policy violation will be logged to that facility.
48#
49# Severity for verification failures.
50#
51SeverityReadOnly=crit
52SeverityLogFiles=crit
53SeverityGrowingLogs=crit
54SeverityIgnoreNone=crit
55SeverityAttributes=crit
56#
57# We have a file in IgnoreAll that might or might not be present.
58# Setting the severity to 'info' prevents messages about deleted/new file.
59#
60SeverityIgnoreAll=info
61
62#
63# Files : file access problems
64# Dirs : directory access problems
65# Names : suspect (non-printable) characters in a pathname
66#
67SeverityFiles=crit
68SeverityDirs=crit
69SeverityNames=warn
70
71[Log]
72#
73# Set threshold severity for log facilities
74# Values: debug, info, notice, warn, mark, err, crit, alert, none.
75# 'mark' is used for timestamps.
76#
77# By default, everything equal to and above the threshold is logged.
78# The specifiers '*', '!', and '=' are interpreted as
79# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
80# at least on Linux).
81#
82# MailSeverity=*
83# MailSeverity=!warn
84# MailSeverity==crit
85#
86MailSeverity=none
87PrintSeverity=info
88#PRINTClass = "RUN FIL STAMP"
89LogSeverity=none
90SyslogSeverity=none
91ExportSeverity=none
92DatabaseSeverity=none
93
94#databaseseverity=info
95
96[Database]
97# setdbname=samhain
98# setdbtable=log
99setdbuser=samhain
100setdbpassword=samhain
101#AddToDBHash=log_msg
102# AddToDBHash=log_host
103
104
105[Utmp]
106#
107# 0 to switch off, 1 to activate
108#
109LoginCheckActive=1
110
111# Severity for logins, multiple logins, logouts
112#
113SeverityLogin=info
114SeverityLoginMulti=warn
115SeverityLogout=info
116
117# interval for login/logout checks
118#
119LoginCheckInterval=60
120
121[Misc]
122#
123# whether to become a daemon process
124Daemon=no
125
126SetOutgoingIP = 127.0.0.1
127SetServerInterface = 127.0.0.1
128
129UseSeparateLogs=no
130
131SetUseSocket = yes
132SetSocketAllowUid=0
133SetSocketPassword=samhain
134
135SetClientFromAccept = yes
136
137SetUdpActive=no
138
139# the maximum time between client messages (seconds)
140# (this is a log server-only option; the default is 86400 sec = 1 day
141#
142# SetClientTimeLimit=1800
143
144UseClientSeverity = yes
145UseClientClass = yes
146
147# Format for message headers
148#
149# MessageHeader="%S %T %F %L "
150
151# priority for peer != address as notified by client
152# (lookup may fail on firewalled client)
153#
154# SeverityLookup = warn
155
156# time till next file check (seconds)
157SetFilecheckTime=600
158
159# Only highest-level (alert) reports will be mailed immediately,
160# others will be queued. Here you can define, when the queue will
161# be flushed (Note: the queue is automatically flushed after
162# completing a file check).
163#
164# maximum time till next mail (seconds)
165SetMailTime=86400
166
167# maximum number of queued mails
168SetMailNum=10
169
170# where to send mail to
171SetMailAddress=root@localhost
172
173# mail relay host
174# SetMailRelay=relay.yourdomain.de
175
176# The binary. Setting the path will allow
177# samhain to check for modifications between
178# startup and exit.
179#
180# SamhainPath=/usr/local/bin/samhain
181
182# where to get time from
183# SetTimeServer=www.yourdomain.de
184
185# where to export logs to
186SetLogServer=localhost
187
188# timer for time stamps
189SetLoopTime=10
190
191# trusted users (root and the effective user are always trusted)
192# TrustedUser=bin
193
194# whether to test signature of files (init/check/none)
195# - if 'none', then we have to decide this on the command line -
196#
197ChecksumTest=check
198
199
200[Clients]
Note: See TracBrowser for help on using the repository browser.