Context Navigation

source: trunk/yulerc.template@ 305

Last change on this file since 305 was 30, checked in by rainer, 18 years ago
Release candidate 3 for version 2.2.0
File size: 8.2 KB

Rev	Line
[1]	1	#####################################################################
	2	#
	3	# Configuration file template for yule.
	4	#
	5	#####################################################################
	6	#
	7	# NOTE: This is a log server-only configuration file TEMPLATE.
	8	#
	9	# NOTE: The log server ('yule') will look for THAT configuration file
	10	# that has been defined at compile time with the configure option
	11	# ./configure --with-config-file=FILE
	12	# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc").
	13	#
	14	#####################################################################
	15	#
	16	# -- empty lines and lines starting with '#', ';' or '//' are ignored
	17	# -- you can PGP clearsign this file -- samhain will check (if compiled
	18	# with support) or otherwise ignore the signature
	19	# -- CHECK mail address
	20	#
	21	# To each log facility, you can assign a threshold severity. Only
	22	# reports with at least the threshold severity will be logged
	23	# to the respective facility (even further below).
	24	#
	25	#####################################################################
	26
	27
	28	[Log]
	29	##
	30	## Switch on/OFF log facilities and set their threshold severity
	31	##
	32	## Values: debug, info, notice, warn, mark, err, crit, alert, none.
	33	## 'mark' is used for timestamps.
	34	##
	35	##
	36	## Use 'none' to SWITCH OFF a log facility
	37	##
	38	## By default, everything equal to and above the threshold is logged.
	39	## The specifiers '*', '!', and '=' are interpreted as
	40	## 'all', 'all but', and 'only', respectively (like syslogd(8) does,
	41	## at least on Linux). Examples:
	42	## MailSeverity=*
	43	## MailSeverity=!warn
	44	## MailSeverity==crit
	45
	46	## E-mail
	47	##
	48	# MailSeverity=none
	49	MailSeverity=crit
	50
	51	## Console
	52	##
	53	# PrintSeverity=info
	54
	55	## Logfile
	56	##
	57	# LogSeverity=none
	58
	59	## Syslog
	60	##
	61	# SyslogSeverity=none
	62
	63	## External script or program
	64	##
	65	# ExternalSeverity = none
	66
	67	## Logging to a database
	68	##
	69	# DatabaseSeverity = none
	70
	71
	72	# [Database]
	73	##
	74	## --- Logging to a relational database
	75	##
	76
	77	## Database name
	78	#
	79	# SetDBName = samhain
	80
	81	## Database table
	82	#
	83	# SetDBTable = log
	84
	85	## Database user
	86	#
	87	# SetDBUser = samhain
	88
	89	## Database password
	90	#
	91	# SetDBPassword = (default: none)
	92
	93	## Database host
	94	#
	95	# SetDBHost = localhost
	96
	97	## Log the server timestamp for received messages
	98	#
	99	SetDBServerTstamp = True
	100
	101	## Use a persistent connection
	102	#
	103	UsePersistent = True
	104
	105
	106
	107	# [External]
	108	##
	109	## Interface to call external scripts/programs for logging
	110	##
	111
	112	## The absolute path to the command
	113	## - Each invocation of this directive will end the definition of the
	114	## preceding command, and start the definition of
	115	## an additional, new command
	116	#
	117	# OpenCommand = (no default)
	118
	119	## Type (log or rv)
	120	## - log for log messages, srv for messages received by the server
	121	#
	122	# SetType = log
	123
	124	## The command (full command line) to execute
	125	#
	126	# SetCommandLine = (no default)
	127
	128	## The environment (KEY=value; repeat for more)
	129	#
	130	# SetEnviron = TZ=(your timezone)
	131
	132	## The TIGER192 checksum (optional)
	133	#
	134	# SetChecksum = (no default)
	135
	136	## User who runs the command
	137	#
	138	# SetCredentials = (default: samhain process uid)
	139
	140	## Words not allowed in message
	141	#
	142	# SetFilterNot = (none)
	143
	144	## Words required (ALL of them)
	145	#
	146	# SetFilterAnd = (none)
	147
	148	## Words required (at least one)
	149	#
	150	# SetFilterOr = (none)
	151
	152	## Deadtime between consecutive calls
	153	#
	154	# SetDeadtime = 0
	155
	156	## Add default environment (HOME, PATH, SHELL)
	157	#
	158	# SetDefault = no
	159
	160
	161	#####################################################
	162	#
	163	# Miscellaneous configuration options
	164	#
	165	#####################################################
	166
	167
	168	[Misc]
	169	# whether to become a daemon process
	170	Daemon=yes
	171
	172	## Interval between time stamp messages
	173	#
	174	# SetLoopTime = 60
	175	SetLoopTime = 600
	176
[30]	177	## Normally, client messages are regarded as data within a
	178	## server message of fixed severity. The following two
	179	## options cause the server to use the original severity/class
	180	## of client messages for logging.
	181	#
	182	# UseClientSeverity = False
	183	# UseClientClass = False
	184
[1]	185	## The maximum time between client messages (seconds)
	186	## This allows the server to flag clients that have exceeded
	187	## the timeout limits; i.e. might have died for some reason.
	188	#
	189	# SetClientTimeLimit = 86400
	190
	191	## Use client address as known to the communication layer (might be
	192	## incorrect if the client is behind NAT). The default is to use
	193	## the client name as claimed by the client, and verify it against
	194	## the former (might be incorrect if the client has several
	195	## interfaces, and its hostname resolves to the wrong interface).
	196	#
	197	# SetClientFromAccept = False
	198
	199	## If SetClientFromAccept is False (default), severity of a
	200	## failure to resolve the hostname claimed by the client
	201	## to the IP address of the socket peer.
	202	#
	203	# SeverityLookup = crit
	204
	205	## The console device (can also be a file or named pipe)
	206	## - There are two console devices. Accordingly, you can use
	207	## this directive a second time to set the second console device.
	208	## If you have not defined the second device at compile time,
	209	## and you don't want to use it, then:
	210	## setting it to /dev/null is less effective than just leaving
	211	## it alone (setting to /dev/null will waste time by opening
	212	## /dev/null and writing to it)
	213	#
	214	# SetConsole = /dev/console
	215
	216	## Use separate logfiles for individual clients
	217	#
	218	# UseSeparateLogs = False
	219
	220	## Enable listening on port 514/udp for logging of remote syslog
	221	## messages (if optionally compiled with support for this)
	222	#
	223	# SetUDPActive = False
	224
	225
	226	## Activate the SysV IPC message queue
	227	#
	228	# MessageQueueActive = False
	229
	230
	231	## If false, skip reverse lookup when connecting to a host known
	232	## by name rather than IP address (i.e. trust the DNS)
	233	#
	234	# SetReverseLookup = True
	235
	236	## If true, open a Unix domain socket to listen for commands that should
	237	## be passed to clients upon next connection. Only works on systems
	238	## that support passing of peer credentials (for authentication) via sockets.
	239	## Use yulectl to access the socket.
	240	#
	241	# SetUseSocket = False
	242
	243	## The UID of the user that is allowed to pass commands to the server
	244	## via the Unix domain socket.
	245	#
	246	# SetSocketAllowUid = 0
	247
	248	## --- E-Mail ---
	249
	250	# Only highest-level (alert) reports will be mailed immediately,
	251	# others will be queued. Here you can define, when the queue will
	252	# be flushed (Note: the queue is automatically flushed after
	253	# completing a file check).
	254	#
	255	# SetMailTime = 86400
	256
	257	## Maximum number of mails to queue
	258	#
	259	# SetMailNum = 10
	260
	261	## Recipient (max. 8)
	262	#
	263	# SetMailAddress=root@localhost
	264
	265	## Mail relay (IP address)
	266	#
	267	# SetMailRelay = NULL
	268
	269	## Custom subject format
	270	#
	271	# MailSubject = NULL
	272
	273	## --- end E-Mail ---
	274
	275	# The binary. Setting the path will allow
	276	# samhain to check for modifications between
	277	# startup and exit.
	278	#
	279	# SamhainPath=/usr/local/bin/yule
	280
	281	## The IP address of the time server
	282	#
	283	# SetTimeServer = (default: compiled-in)
	284
	285	## Trusted Users (comma delimited list of user names)
	286	#
	287	# TrustedUser = (no default; this adds to the compiled-in list)
	288
	289	## Custom format for message header.
	290	## CAREFUL if you use XML logfile format.
	291	##
	292	## %S severity
	293	## %T timestamp
	294	## %C class
	295	##
	296	## %F source file
	297	## %L source line
	298	#
	299	# MessageHeader="%S %T "
	300
	301
	302	## Don't log path to config/database file on startup
	303	#
	304	# HideSetup = False
	305
	306	## The syslog facility, if you log to syslog
	307	#
	308	# SyslogFacility = LOG_AUTHPRIV
	309
	310
	311	## The message authentication method
	312	## - If you change this, you must change it
	313	## on client and server
	314	#
	315	# MACType = HMAC-TIGER
	316
	317
	318	[Clients]
	319	##
	320	## This is a sample registry entry for a client at host 'HOSTNAME'. This entry
	321	## is valid for the default password.
	322	## You are STRONGLY ADVISED to reset te password (see the README) and
	323	## compute your own entries using 'samhain -P <password>'
	324	##
	325	## Usually, HOSTNAME should be a fully qualified hostname,
	326	## no numerical address.
	327	## -- exception: if the client (samhain) cannot determine the
	328	## fully qualified hostname of its host,
	329	## the numerical address may be required.
	330	## You will know if you get a message like:
	331	## 'Invalid connection attempt: Not in
	332	## client list what.ever.it.is'
	333	##
	334	## First entry is for challenge/response, second one for SRP authentication.
	335	#
	336	# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882
	337	# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92

Note: See TracBrowser for help on using the repository browser.

Download in other formats: