Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

source: trunk/yulerc.template@ 19

Last change on this file since 19 was 1, checked in by katerina, 19 years ago
Initial import
File size: 8.1 KB

Rev	Line
[1]	1	#####################################################################
	2	#
	3	# Configuration file template for yule.
	4	#
	5	#####################################################################
	6	#
	7	# NOTE: This is a log server-only configuration file TEMPLATE.
	8	#
	9	# NOTE: The log server ('yule') will look for THAT configuration file
	10	# that has been defined at compile time with the configure option
	11	# ./configure --with-config-file=FILE
	12	# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc").
	13	#
	14	#####################################################################
	15	#
	16	# -- empty lines and lines starting with '#', ';' or '//' are ignored
	17	# -- you can PGP clearsign this file -- samhain will check (if compiled
	18	# with support) or otherwise ignore the signature
	19	# -- CHECK mail address
	20	#
	21	# To each log facility, you can assign a threshold severity. Only
	22	# reports with at least the threshold severity will be logged
	23	# to the respective facility (even further below).
	24	#
	25	#####################################################################
	26
	27
	28	[Log]
	29	##
	30	## Switch on/OFF log facilities and set their threshold severity
	31	##
	32	## Values: debug, info, notice, warn, mark, err, crit, alert, none.
	33	## 'mark' is used for timestamps.
	34	##
	35	##
	36	## Use 'none' to SWITCH OFF a log facility
	37	##
	38	## By default, everything equal to and above the threshold is logged.
	39	## The specifiers '*', '!', and '=' are interpreted as
	40	## 'all', 'all but', and 'only', respectively (like syslogd(8) does,
	41	## at least on Linux). Examples:
	42	## MailSeverity=*
	43	## MailSeverity=!warn
	44	## MailSeverity==crit
	45
	46	## E-mail
	47	##
	48	# MailSeverity=none
	49	MailSeverity=crit
	50
	51	## Console
	52	##
	53	# PrintSeverity=info
	54
	55	## Logfile
	56	##
	57	# LogSeverity=none
	58
	59	## Syslog
	60	##
	61	# SyslogSeverity=none
	62
	63	## External script or program
	64	##
	65	# ExternalSeverity = none
	66
	67	## Logging to a database
	68	##
	69	# DatabaseSeverity = none
	70
	71
	72	# [Database]
	73	##
	74	## --- Logging to a relational database
	75	##
	76
	77	## Database name
	78	#
	79	# SetDBName = samhain
	80
	81	## Database table
	82	#
	83	# SetDBTable = log
	84
	85	## Database user
	86	#
	87	# SetDBUser = samhain
	88
	89	## Database password
	90	#
	91	# SetDBPassword = (default: none)
	92
	93	## Database host
	94	#
	95	# SetDBHost = localhost
	96
	97	## Log the server timestamp for received messages
	98	#
	99	SetDBServerTstamp = True
	100
	101	## Use a persistent connection
	102	#
	103	UsePersistent = True
	104
	105
	106
	107	# [External]
	108	##
	109	## Interface to call external scripts/programs for logging
	110	##
	111
	112	## The absolute path to the command
	113	## - Each invocation of this directive will end the definition of the
	114	## preceding command, and start the definition of
	115	## an additional, new command
	116	#
	117	# OpenCommand = (no default)
	118
	119	## Type (log or rv)
	120	## - log for log messages, srv for messages received by the server
	121	#
	122	# SetType = log
	123
	124	## The command (full command line) to execute
	125	#
	126	# SetCommandLine = (no default)
	127
	128	## The environment (KEY=value; repeat for more)
	129	#
	130	# SetEnviron = TZ=(your timezone)
	131
	132	## The TIGER192 checksum (optional)
	133	#
	134	# SetChecksum = (no default)
	135
	136	## User who runs the command
	137	#
	138	# SetCredentials = (default: samhain process uid)
	139
	140	## Words not allowed in message
	141	#
	142	# SetFilterNot = (none)
	143
	144	## Words required (ALL of them)
	145	#
	146	# SetFilterAnd = (none)
	147
	148	## Words required (at least one)
	149	#
	150	# SetFilterOr = (none)
	151
	152	## Deadtime between consecutive calls
	153	#
	154	# SetDeadtime = 0
	155
	156	## Add default environment (HOME, PATH, SHELL)
	157	#
	158	# SetDefault = no
	159
	160
	161	#####################################################
	162	#
	163	# Miscellaneous configuration options
	164	#
	165	#####################################################
	166
	167	[Misc]
	168
	169	## whether to become a daemon process
	170	## (this is not honoured on database initialisation)
	171	#
	172	# Daemon = no
	173	Daemon = yes
	174
	175
	176
	177	[Misc]
	178	# whether to become a daemon process
	179	Daemon=yes
	180
	181	## Interval between time stamp messages
	182	#
	183	# SetLoopTime = 60
	184	SetLoopTime = 600
	185
	186	## The maximum time between client messages (seconds)
	187	## This allows the server to flag clients that have exceeded
	188	## the timeout limits; i.e. might have died for some reason.
	189	#
	190	# SetClientTimeLimit = 86400
	191
	192	## Use client address as known to the communication layer (might be
	193	## incorrect if the client is behind NAT). The default is to use
	194	## the client name as claimed by the client, and verify it against
	195	## the former (might be incorrect if the client has several
	196	## interfaces, and its hostname resolves to the wrong interface).
	197	#
	198	# SetClientFromAccept = False
	199
	200	## If SetClientFromAccept is False (default), severity of a
	201	## failure to resolve the hostname claimed by the client
	202	## to the IP address of the socket peer.
	203	#
	204	# SeverityLookup = crit
	205
	206	## The console device (can also be a file or named pipe)
	207	## - There are two console devices. Accordingly, you can use
	208	## this directive a second time to set the second console device.
	209	## If you have not defined the second device at compile time,
	210	## and you don't want to use it, then:
	211	## setting it to /dev/null is less effective than just leaving
	212	## it alone (setting to /dev/null will waste time by opening
	213	## /dev/null and writing to it)
	214	#
	215	# SetConsole = /dev/console
	216
	217	## Use separate logfiles for individual clients
	218	#
	219	# UseSeparateLogs = False
	220
	221	## Enable listening on port 514/udp for logging of remote syslog
	222	## messages (if optionally compiled with support for this)
	223	#
	224	# SetUDPActive = False
	225
	226
	227	## Activate the SysV IPC message queue
	228	#
	229	# MessageQueueActive = False
	230
	231
	232	## If false, skip reverse lookup when connecting to a host known
	233	## by name rather than IP address (i.e. trust the DNS)
	234	#
	235	# SetReverseLookup = True
	236
	237	## If true, open a Unix domain socket to listen for commands that should
	238	## be passed to clients upon next connection. Only works on systems
	239	## that support passing of peer credentials (for authentication) via sockets.
	240	## Use yulectl to access the socket.
	241	#
	242	# SetUseSocket = False
	243
	244	## The UID of the user that is allowed to pass commands to the server
	245	## via the Unix domain socket.
	246	#
	247	# SetSocketAllowUid = 0
	248
	249	## --- E-Mail ---
	250
	251	# Only highest-level (alert) reports will be mailed immediately,
	252	# others will be queued. Here you can define, when the queue will
	253	# be flushed (Note: the queue is automatically flushed after
	254	# completing a file check).
	255	#
	256	# SetMailTime = 86400
	257
	258	## Maximum number of mails to queue
	259	#
	260	# SetMailNum = 10
	261
	262	## Recipient (max. 8)
	263	#
	264	# SetMailAddress=root@localhost
	265
	266	## Mail relay (IP address)
	267	#
	268	# SetMailRelay = NULL
	269
	270	## Custom subject format
	271	#
	272	# MailSubject = NULL
	273
	274	## --- end E-Mail ---
	275
	276	# The binary. Setting the path will allow
	277	# samhain to check for modifications between
	278	# startup and exit.
	279	#
	280	# SamhainPath=/usr/local/bin/yule
	281
	282	## The IP address of the time server
	283	#
	284	# SetTimeServer = (default: compiled-in)
	285
	286	## Trusted Users (comma delimited list of user names)
	287	#
	288	# TrustedUser = (no default; this adds to the compiled-in list)
	289
	290	## Custom format for message header.
	291	## CAREFUL if you use XML logfile format.
	292	##
	293	## %S severity
	294	## %T timestamp
	295	## %C class
	296	##
	297	## %F source file
	298	## %L source line
	299	#
	300	# MessageHeader="%S %T "
	301
	302
	303	## Don't log path to config/database file on startup
	304	#
	305	# HideSetup = False
	306
	307	## The syslog facility, if you log to syslog
	308	#
	309	# SyslogFacility = LOG_AUTHPRIV
	310
	311
	312	## The message authentication method
	313	## - If you change this, you must change it
	314	## on client and server
	315	#
	316	# MACType = HMAC-TIGER
	317
	318
	319	[Clients]
	320	##
	321	## This is a sample registry entry for a client at host 'HOSTNAME'. This entry
	322	## is valid for the default password.
	323	## You are STRONGLY ADVISED to reset te password (see the README) and
	324	## compute your own entries using 'samhain -P <password>'
	325	##
	326	## Usually, HOSTNAME should be a fully qualified hostname,
	327	## no numerical address.
	328	## -- exception: if the client (samhain) cannot determine the
	329	## fully qualified hostname of its host,
	330	## the numerical address may be required.
	331	## You will know if you get a message like:
	332	## 'Invalid connection attempt: Not in
	333	## client list what.ever.it.is'
	334	##
	335	## First entry is for challenge/response, second one for SRP authentication.
	336	#
	337	# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882
	338	# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92

Note: See TracBrowser for help on using the repository browser.

Download in other formats: