source: trunk/yulerc.template@ 142

Last change on this file since 142 was 30, checked in by rainer, 19 years ago

Release candidate 3 for version 2.2.0

File size: 8.2 KB
Line 
1#####################################################################
2#
3# Configuration file template for yule.
4#
5#####################################################################
6#
7# NOTE: This is a log server-only configuration file TEMPLATE.
8#
9# NOTE: The log server ('yule') will look for THAT configuration file
10# that has been defined at compile time with the configure option
11# ./configure --with-config-file=FILE
12# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc").
13#
14#####################################################################
15#
16# -- empty lines and lines starting with '#', ';' or '//' are ignored
17# -- you can PGP clearsign this file -- samhain will check (if compiled
18# with support) or otherwise ignore the signature
19# -- CHECK mail address
20#
21# To each log facility, you can assign a threshold severity. Only
22# reports with at least the threshold severity will be logged
23# to the respective facility (even further below).
24#
25#####################################################################
26
27
28[Log]
29##
30## Switch on/OFF log facilities and set their threshold severity
31##
32## Values: debug, info, notice, warn, mark, err, crit, alert, none.
33## 'mark' is used for timestamps.
34##
35##
36## Use 'none' to SWITCH OFF a log facility
37##
38## By default, everything equal to and above the threshold is logged.
39## The specifiers '*', '!', and '=' are interpreted as
40## 'all', 'all but', and 'only', respectively (like syslogd(8) does,
41## at least on Linux). Examples:
42## MailSeverity=*
43## MailSeverity=!warn
44## MailSeverity==crit
45
46## E-mail
47##
48# MailSeverity=none
49MailSeverity=crit
50
51## Console
52##
53# PrintSeverity=info
54
55## Logfile
56##
57# LogSeverity=none
58
59## Syslog
60##
61# SyslogSeverity=none
62
63## External script or program
64##
65# ExternalSeverity = none
66
67## Logging to a database
68##
69# DatabaseSeverity = none
70
71
72# [Database]
73##
74## --- Logging to a relational database
75##
76
77## Database name
78#
79# SetDBName = samhain
80
81## Database table
82#
83# SetDBTable = log
84
85## Database user
86#
87# SetDBUser = samhain
88
89## Database password
90#
91# SetDBPassword = (default: none)
92
93## Database host
94#
95# SetDBHost = localhost
96
97## Log the server timestamp for received messages
98#
99SetDBServerTstamp = True
100
101## Use a persistent connection
102#
103UsePersistent = True
104
105
106
107# [External]
108##
109## Interface to call external scripts/programs for logging
110##
111
112## The absolute path to the command
113## - Each invocation of this directive will end the definition of the
114## preceding command, and start the definition of
115## an additional, new command
116#
117# OpenCommand = (no default)
118
119## Type (log or rv)
120## - log for log messages, srv for messages received by the server
121#
122# SetType = log
123
124## The command (full command line) to execute
125#
126# SetCommandLine = (no default)
127
128## The environment (KEY=value; repeat for more)
129#
130# SetEnviron = TZ=(your timezone)
131
132## The TIGER192 checksum (optional)
133#
134# SetChecksum = (no default)
135
136## User who runs the command
137#
138# SetCredentials = (default: samhain process uid)
139
140## Words not allowed in message
141#
142# SetFilterNot = (none)
143
144## Words required (ALL of them)
145#
146# SetFilterAnd = (none)
147
148## Words required (at least one)
149#
150# SetFilterOr = (none)
151
152## Deadtime between consecutive calls
153#
154# SetDeadtime = 0
155
156## Add default environment (HOME, PATH, SHELL)
157#
158# SetDefault = no
159
160
161#####################################################
162#
163# Miscellaneous configuration options
164#
165#####################################################
166
167
168[Misc]
169# whether to become a daemon process
170Daemon=yes
171
172## Interval between time stamp messages
173#
174# SetLoopTime = 60
175SetLoopTime = 600
176
177## Normally, client messages are regarded as data within a
178## server message of fixed severity. The following two
179## options cause the server to use the original severity/class
180## of client messages for logging.
181#
182# UseClientSeverity = False
183# UseClientClass = False
184
185## The maximum time between client messages (seconds)
186## This allows the server to flag clients that have exceeded
187## the timeout limits; i.e. might have died for some reason.
188#
189# SetClientTimeLimit = 86400
190
191## Use client address as known to the communication layer (might be
192## incorrect if the client is behind NAT). The default is to use
193## the client name as claimed by the client, and verify it against
194## the former (might be incorrect if the client has several
195## interfaces, and its hostname resolves to the wrong interface).
196#
197# SetClientFromAccept = False
198
199## If SetClientFromAccept is False (default), severity of a
200## failure to resolve the hostname claimed by the client
201## to the IP address of the socket peer.
202#
203# SeverityLookup = crit
204
205## The console device (can also be a file or named pipe)
206## - There are two console devices. Accordingly, you can use
207## this directive a second time to set the second console device.
208## If you have not defined the second device at compile time,
209## and you don't want to use it, then:
210## setting it to /dev/null is less effective than just leaving
211## it alone (setting to /dev/null will waste time by opening
212## /dev/null and writing to it)
213#
214# SetConsole = /dev/console
215
216## Use separate logfiles for individual clients
217#
218# UseSeparateLogs = False
219
220## Enable listening on port 514/udp for logging of remote syslog
221## messages (if optionally compiled with support for this)
222#
223# SetUDPActive = False
224
225
226## Activate the SysV IPC message queue
227#
228# MessageQueueActive = False
229
230
231## If false, skip reverse lookup when connecting to a host known
232## by name rather than IP address (i.e. trust the DNS)
233#
234# SetReverseLookup = True
235
236## If true, open a Unix domain socket to listen for commands that should
237## be passed to clients upon next connection. Only works on systems
238## that support passing of peer credentials (for authentication) via sockets.
239## Use yulectl to access the socket.
240#
241# SetUseSocket = False
242
243## The UID of the user that is allowed to pass commands to the server
244## via the Unix domain socket.
245#
246# SetSocketAllowUid = 0
247
248## --- E-Mail ---
249
250# Only highest-level (alert) reports will be mailed immediately,
251# others will be queued. Here you can define, when the queue will
252# be flushed (Note: the queue is automatically flushed after
253# completing a file check).
254#
255# SetMailTime = 86400
256
257## Maximum number of mails to queue
258#
259# SetMailNum = 10
260
261## Recipient (max. 8)
262#
263# SetMailAddress=root@localhost
264
265## Mail relay (IP address)
266#
267# SetMailRelay = NULL
268
269## Custom subject format
270#
271# MailSubject = NULL
272
273## --- end E-Mail ---
274
275# The binary. Setting the path will allow
276# samhain to check for modifications between
277# startup and exit.
278#
279# SamhainPath=/usr/local/bin/yule
280
281## The IP address of the time server
282#
283# SetTimeServer = (default: compiled-in)
284
285## Trusted Users (comma delimited list of user names)
286#
287# TrustedUser = (no default; this adds to the compiled-in list)
288
289## Custom format for message header.
290## CAREFUL if you use XML logfile format.
291##
292## %S severity
293## %T timestamp
294## %C class
295##
296## %F source file
297## %L source line
298#
299# MessageHeader="%S %T "
300
301
302## Don't log path to config/database file on startup
303#
304# HideSetup = False
305
306## The syslog facility, if you log to syslog
307#
308# SyslogFacility = LOG_AUTHPRIV
309
310
311## The message authentication method
312## - If you change this, you *must* change it
313## on client *and* server
314#
315# MACType = HMAC-TIGER
316
317
318[Clients]
319##
320## This is a sample registry entry for a client at host 'HOSTNAME'. This entry
321## is valid for the default password.
322## You are STRONGLY ADVISED to reset te password (see the README) and
323## compute your own entries using 'samhain -P <password>'
324##
325## Usually, HOSTNAME should be a fully qualified hostname,
326## no numerical address.
327## -- exception: if the client (samhain) cannot determine the
328## fully qualified hostname of its host,
329## the numerical address may be required.
330## You will know if you get a message like:
331## 'Invalid connection attempt: Not in
332## client list what.ever.it.is'
333##
334## First entry is for challenge/response, second one for SRP authentication.
335#
336# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882
337# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92
Note: See TracBrowser for help on using the repository browser.