source: trunk/yulerc.template@ 17

Last change on this file since 17 was 1, checked in by katerina, 19 years ago

Initial import

File size: 8.1 KB
Line 
1#####################################################################
2#
3# Configuration file template for yule.
4#
5#####################################################################
6#
7# NOTE: This is a log server-only configuration file TEMPLATE.
8#
9# NOTE: The log server ('yule') will look for THAT configuration file
10# that has been defined at compile time with the configure option
11# ./configure --with-config-file=FILE
12# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc").
13#
14#####################################################################
15#
16# -- empty lines and lines starting with '#', ';' or '//' are ignored
17# -- you can PGP clearsign this file -- samhain will check (if compiled
18# with support) or otherwise ignore the signature
19# -- CHECK mail address
20#
21# To each log facility, you can assign a threshold severity. Only
22# reports with at least the threshold severity will be logged
23# to the respective facility (even further below).
24#
25#####################################################################
26
27
28[Log]
29##
30## Switch on/OFF log facilities and set their threshold severity
31##
32## Values: debug, info, notice, warn, mark, err, crit, alert, none.
33## 'mark' is used for timestamps.
34##
35##
36## Use 'none' to SWITCH OFF a log facility
37##
38## By default, everything equal to and above the threshold is logged.
39## The specifiers '*', '!', and '=' are interpreted as
40## 'all', 'all but', and 'only', respectively (like syslogd(8) does,
41## at least on Linux). Examples:
42## MailSeverity=*
43## MailSeverity=!warn
44## MailSeverity==crit
45
46## E-mail
47##
48# MailSeverity=none
49MailSeverity=crit
50
51## Console
52##
53# PrintSeverity=info
54
55## Logfile
56##
57# LogSeverity=none
58
59## Syslog
60##
61# SyslogSeverity=none
62
63## External script or program
64##
65# ExternalSeverity = none
66
67## Logging to a database
68##
69# DatabaseSeverity = none
70
71
72# [Database]
73##
74## --- Logging to a relational database
75##
76
77## Database name
78#
79# SetDBName = samhain
80
81## Database table
82#
83# SetDBTable = log
84
85## Database user
86#
87# SetDBUser = samhain
88
89## Database password
90#
91# SetDBPassword = (default: none)
92
93## Database host
94#
95# SetDBHost = localhost
96
97## Log the server timestamp for received messages
98#
99SetDBServerTstamp = True
100
101## Use a persistent connection
102#
103UsePersistent = True
104
105
106
107# [External]
108##
109## Interface to call external scripts/programs for logging
110##
111
112## The absolute path to the command
113## - Each invocation of this directive will end the definition of the
114## preceding command, and start the definition of
115## an additional, new command
116#
117# OpenCommand = (no default)
118
119## Type (log or rv)
120## - log for log messages, srv for messages received by the server
121#
122# SetType = log
123
124## The command (full command line) to execute
125#
126# SetCommandLine = (no default)
127
128## The environment (KEY=value; repeat for more)
129#
130# SetEnviron = TZ=(your timezone)
131
132## The TIGER192 checksum (optional)
133#
134# SetChecksum = (no default)
135
136## User who runs the command
137#
138# SetCredentials = (default: samhain process uid)
139
140## Words not allowed in message
141#
142# SetFilterNot = (none)
143
144## Words required (ALL of them)
145#
146# SetFilterAnd = (none)
147
148## Words required (at least one)
149#
150# SetFilterOr = (none)
151
152## Deadtime between consecutive calls
153#
154# SetDeadtime = 0
155
156## Add default environment (HOME, PATH, SHELL)
157#
158# SetDefault = no
159
160
161#####################################################
162#
163# Miscellaneous configuration options
164#
165#####################################################
166
167[Misc]
168
169## whether to become a daemon process
170## (this is not honoured on database initialisation)
171#
172# Daemon = no
173Daemon = yes
174
175
176
177[Misc]
178# whether to become a daemon process
179Daemon=yes
180
181## Interval between time stamp messages
182#
183# SetLoopTime = 60
184SetLoopTime = 600
185
186## The maximum time between client messages (seconds)
187## This allows the server to flag clients that have exceeded
188## the timeout limits; i.e. might have died for some reason.
189#
190# SetClientTimeLimit = 86400
191
192## Use client address as known to the communication layer (might be
193## incorrect if the client is behind NAT). The default is to use
194## the client name as claimed by the client, and verify it against
195## the former (might be incorrect if the client has several
196## interfaces, and its hostname resolves to the wrong interface).
197#
198# SetClientFromAccept = False
199
200## If SetClientFromAccept is False (default), severity of a
201## failure to resolve the hostname claimed by the client
202## to the IP address of the socket peer.
203#
204# SeverityLookup = crit
205
206## The console device (can also be a file or named pipe)
207## - There are two console devices. Accordingly, you can use
208## this directive a second time to set the second console device.
209## If you have not defined the second device at compile time,
210## and you don't want to use it, then:
211## setting it to /dev/null is less effective than just leaving
212## it alone (setting to /dev/null will waste time by opening
213## /dev/null and writing to it)
214#
215# SetConsole = /dev/console
216
217## Use separate logfiles for individual clients
218#
219# UseSeparateLogs = False
220
221## Enable listening on port 514/udp for logging of remote syslog
222## messages (if optionally compiled with support for this)
223#
224# SetUDPActive = False
225
226
227## Activate the SysV IPC message queue
228#
229# MessageQueueActive = False
230
231
232## If false, skip reverse lookup when connecting to a host known
233## by name rather than IP address (i.e. trust the DNS)
234#
235# SetReverseLookup = True
236
237## If true, open a Unix domain socket to listen for commands that should
238## be passed to clients upon next connection. Only works on systems
239## that support passing of peer credentials (for authentication) via sockets.
240## Use yulectl to access the socket.
241#
242# SetUseSocket = False
243
244## The UID of the user that is allowed to pass commands to the server
245## via the Unix domain socket.
246#
247# SetSocketAllowUid = 0
248
249## --- E-Mail ---
250
251# Only highest-level (alert) reports will be mailed immediately,
252# others will be queued. Here you can define, when the queue will
253# be flushed (Note: the queue is automatically flushed after
254# completing a file check).
255#
256# SetMailTime = 86400
257
258## Maximum number of mails to queue
259#
260# SetMailNum = 10
261
262## Recipient (max. 8)
263#
264# SetMailAddress=root@localhost
265
266## Mail relay (IP address)
267#
268# SetMailRelay = NULL
269
270## Custom subject format
271#
272# MailSubject = NULL
273
274## --- end E-Mail ---
275
276# The binary. Setting the path will allow
277# samhain to check for modifications between
278# startup and exit.
279#
280# SamhainPath=/usr/local/bin/yule
281
282## The IP address of the time server
283#
284# SetTimeServer = (default: compiled-in)
285
286## Trusted Users (comma delimited list of user names)
287#
288# TrustedUser = (no default; this adds to the compiled-in list)
289
290## Custom format for message header.
291## CAREFUL if you use XML logfile format.
292##
293## %S severity
294## %T timestamp
295## %C class
296##
297## %F source file
298## %L source line
299#
300# MessageHeader="%S %T "
301
302
303## Don't log path to config/database file on startup
304#
305# HideSetup = False
306
307## The syslog facility, if you log to syslog
308#
309# SyslogFacility = LOG_AUTHPRIV
310
311
312## The message authentication method
313## - If you change this, you *must* change it
314## on client *and* server
315#
316# MACType = HMAC-TIGER
317
318
319[Clients]
320##
321## This is a sample registry entry for a client at host 'HOSTNAME'. This entry
322## is valid for the default password.
323## You are STRONGLY ADVISED to reset te password (see the README) and
324## compute your own entries using 'samhain -P <password>'
325##
326## Usually, HOSTNAME should be a fully qualified hostname,
327## no numerical address.
328## -- exception: if the client (samhain) cannot determine the
329## fully qualified hostname of its host,
330## the numerical address may be required.
331## You will know if you get a message like:
332## 'Invalid connection attempt: Not in
333## client list what.ever.it.is'
334##
335## First entry is for challenge/response, second one for SRP authentication.
336#
337# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882
338# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92
Note: See TracBrowser for help on using the repository browser.