source: trunk/test/testrc_2.in@ 4

Last change on this file since 4 was 1, checked in by katerina, 19 years ago

Initial import

File size: 5.0 KB
Line 
1#####################################################################
2#
3# Configuration file template for samhain.
4#
5#####################################################################
6#
7# -- empty lines and lines starting with '#' are ignored
8# -- you can PGP clearsign this file -- samhain will check (if compiled
9# with support) or otherwise ignore the signature
10# -- CHECK mail address
11#
12# To each log facility, you can assign a threshold severity. Only
13# reports with at least the threshold severity will be logged
14# to the respective facility (even further below).
15#
16#####################################################################
17#
18# SETUP for file system checking:
19#
20# (i) There are several policies, each has its own section. Put files
21# into the section for the appropriate policy (see below).
22# (ii) To each policy, you can assign a severity (further below).
23# (iii) To each log facility, you can assign a threshold severity. Only
24# reports with at least the threshold severity will be logged
25# to the respective facility (even further below).
26#
27#####################################################################
28
29
30[Attributes]
31#
32# for these files, only changes in permissions and ownership are checked
33#
34file=/etc/mtab
35#file=/etc/ssh_random_seed
36#file=/etc/asound.conf
37#file=/etc/resolv.conf
38file=/etc/localtime
39#file=/etc/ioctl.save
40#file=/etc/passwd.backup
41#file=/etc/shadow.backup
42
43#
44# There are files in /etc that might change, thus changing the directory
45# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'.
46#
47file=/etc
48
49
50[GrowingLogFiles]
51#
52# for these files, changes in signature, timestamps, and increase in size
53# are ignored
54#
55file=/var/log/messages
56
57
58[ReadOnly]
59#
60# for these files, only access time is ignored
61#
62dir=/usr/bin
63#dir=/bin
64
65[EventSeverity]
66#
67# Here you can assign severities to policy violations.
68# If this severity exceeds the treshold of a log facility (see below),
69# a policy violation will be logged to that facility.
70#
71# Severity for verification failures.
72#
73SeverityReadOnly=crit
74SeverityLogFiles=crit
75SeverityGrowingLogs=crit
76SeverityIgnoreNone=crit
77SeverityAttributes=crit
78#
79# We have a file in IgnoreAll that might or might not be present.
80# Setting the severity to 'info' prevents messages about deleted/new file.
81#
82SeverityIgnoreAll=info
83
84#
85# Files : file access problems
86# Dirs : directory access problems
87# Names : suspect (non-printable) characters in a pathname
88#
89SeverityFiles=crit
90SeverityDirs=crit
91SeverityNames=warn
92
93[Log]
94#
95# Set threshold severity for log facilities
96# Values: debug, info, notice, warn, mark, err, crit, alert, none.
97# 'mark' is used for timestamps.
98#
99# By default, everything equal to and above the threshold is logged.
100# The specifiers '*', '!', and '=' are interpreted as
101# 'all', 'all but', and 'only', respectively (like syslogd(8) does,
102# at least on Linux).
103#
104# MailSeverity=*
105# MailSeverity=!warn
106# MailSeverity==crit
107#
108MailSeverity=none
109PrintSeverity=info
110#PRINTClass = "RUN FIL STAMP"
111LogSeverity=none
112SyslogSeverity=none
113ExportSeverity=none
114DatabaseSeverity=info
115
116#databaseseverity=info
117
118[Database]
119# setdbname=samhain
120# setdbtable=log
121setdbuser=samhain
122setdbpassword=samhain
123#AddToDBHash=log_msg
124# AddToDBHash=log_host
125
126
127[Utmp]
128#
129# 0 to switch off, 1 to activate
130#
131LoginCheckActive=1
132
133# Severity for logins, multiple logins, logouts
134#
135SeverityLogin=info
136SeverityLoginMulti=warn
137SeverityLogout=info
138
139# interval for login/logout checks
140#
141LoginCheckInterval=60
142
143[Misc]
144#
145# whether to become a daemon process
146Daemon=no
147
148SetOutgoingIP=127.0.0.1
149
150UseSeparateLogs=yes
151
152SetUseSocket = yes
153
154#SetClientFromAccept = yes
155
156SetUdpActive=no
157
158# the maximum time between client messages (seconds)
159# (this is a log server-only option; the default is 86400 sec = 1 day
160#
161# SetClientTimeLimit=1800
162
163UseClientSeverity = yes
164UseClientClass = yes
165
166# Format for message headers
167#
168# MessageHeader="%S %T %F %L "
169
170# priority for peer != address as notified by client
171# (lookup may fail on firewalled client)
172#
173# SeverityLookup = warn
174
175# time till next file check (seconds)
176SetFilecheckTime=600
177
178# Only highest-level (alert) reports will be mailed immediately,
179# others will be queued. Here you can define, when the queue will
180# be flushed (Note: the queue is automatically flushed after
181# completing a file check).
182#
183# maximum time till next mail (seconds)
184SetMailTime=86400
185
186# maximum number of queued mails
187SetMailNum=10
188
189# where to send mail to
190SetMailAddress=root@localhost
191
192# mail relay host
193# SetMailRelay=relay.yourdomain.de
194
195# The binary. Setting the path will allow
196# samhain to check for modifications between
197# startup and exit.
198#
199# SamhainPath=/usr/local/bin/samhain
200
201# where to get time from
202# SetTimeServer=www.yourdomain.de
203
204# where to export logs to
205SetLogServer=localhost
206
207# timer for time stamps
208SetLoopTime=30
209
210# trusted users (root and the effective user are always trusted)
211# TrustedUser=bin
212
213# whether to test signature of files (init/check/none)
214# - if 'none', then we have to decide this on the command line -
215#
216ChecksumTest=check
217
218
219[Clients]
Note: See TracBrowser for help on using the repository browser.