source: trunk/yulerc.template@ 581

Last change on this file since 581 was 415, checked in by katerina, 12 years ago

Fixes for tickets #314, #315, #316, #317, #318, #319, #320, and #321.

File size: 8.2 KB
Line 
1#####################################################################
2#
3# Configuration file template for yule.
4#
5#####################################################################
6#
7# NOTE: This is a log server-only configuration file TEMPLATE.
8#
9# NOTE: The log server ('yule') will look for THAT configuration file
10# that has been defined at compile time with the configure option
11# ./configure --with-config-file=FILE
12# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc").
13#
14#####################################################################
15#
16# -- empty lines and lines starting with '#', ';' or '//' are ignored
17# -- you can PGP clearsign this file -- samhain will check (if compiled
18# with support) or otherwise ignore the signature
19# -- CHECK mail address
20#
21# To each log facility, you can assign a threshold severity. Only
22# reports with at least the threshold severity will be logged
23# to the respective facility (even further below).
24#
25#####################################################################
26
27
28[Log]
29##
30## Switch on/OFF log facilities and set their threshold severity
31##
32## Values: debug, info, notice, warn, mark, err, crit, alert, none.
33## 'mark' is used for timestamps.
34##
35##
36## Use 'none' to SWITCH OFF a log facility
37##
38## By default, everything equal to and above the threshold is logged.
39## The specifiers '*', '!', and '=' are interpreted as
40## 'all', 'all but', and 'only', respectively (like syslogd(8) does,
41## at least on Linux). Examples:
42## MailSeverity=*
43## MailSeverity=!warn
44## MailSeverity==crit
45
46## E-mail
47##
48# MailSeverity=none
49
50## Console
51##
52PrintSeverity=none
53
54## Logfile
55##
56LogSeverity = warn
57
58## Syslog
59##
60# SyslogSeverity=none
61
62## External script or program
63##
64# ExternalSeverity = none
65
66## Logging to a database
67##
68# DatabaseSeverity = none
69
70
71# [Database]
72##
73## --- Logging to a relational database
74##
75
76## Database name
77#
78# SetDBName = samhain
79
80## Database table
81#
82# SetDBTable = log
83
84## Database user
85#
86# SetDBUser = samhain
87
88## Database password
89#
90# SetDBPassword = (default: none)
91
92## Database host
93#
94# SetDBHost = localhost
95
96## Log the server timestamp for received messages
97#
98# SetDBServerTstamp = True
99
100## Use a persistent connection
101#
102# UsePersistent = True
103
104
105
106# [External]
107##
108## Interface to call external scripts/programs for logging
109##
110
111## The absolute path to the command
112## - Each invocation of this directive will end the definition of the
113## preceding command, and start the definition of
114## an additional, new command
115#
116# OpenCommand = (no default)
117
118## Type (log or rv)
119## - log for log messages, srv for messages received by the server
120#
121# SetType = log
122
123## The command (full command line) to execute
124#
125# SetCommandLine = (no default)
126
127## The environment (KEY=value; repeat for more)
128#
129# SetEnviron = TZ=(your timezone)
130
131## The TIGER192 checksum (optional)
132#
133# SetChecksum = (no default)
134
135## User who runs the command
136#
137# SetCredentials = (default: samhain process uid)
138
139## Words not allowed in message
140#
141# SetFilterNot = (none)
142
143## Words required (ALL of them)
144#
145# SetFilterAnd = (none)
146
147## Words required (at least one)
148#
149# SetFilterOr = (none)
150
151## Deadtime between consecutive calls
152#
153# SetDeadtime = 0
154
155## Add default environment (HOME, PATH, SHELL)
156#
157# SetDefault = no
158
159
160#####################################################
161#
162# Miscellaneous configuration options
163#
164#####################################################
165
166
167[Misc]
168# whether to become a daemon process
169Daemon=yes
170
171## Interval between time stamp messages
172#
173# SetLoopTime = 60
174SetLoopTime = 600
175
176## Normally, client messages are regarded as data within a
177## server message of fixed severity. The following two
178## options cause the server to use the original severity/class
179## of client messages for logging.
180#
181# UseClientSeverity = False
182# UseClientClass = False
183
184## The maximum time between client messages (seconds)
185## This allows the server to flag clients that have exceeded
186## the timeout limits; i.e. might have died for some reason.
187#
188# SetClientTimeLimit = 86400
189
190## Use client address as known to the communication layer (might be
191## incorrect if the client is behind NAT). The default is to use
192## the client name as claimed by the client, and verify it against
193## the former (might be incorrect if the client has several
194## interfaces, and its hostname resolves to the wrong interface).
195#
196# SetClientFromAccept = False
197
198## If SetClientFromAccept is False (default), severity of a
199## failure to resolve the hostname claimed by the client
200## to the IP address of the socket peer.
201#
202# SeverityLookup = crit
203
204## The console device (can also be a file or named pipe)
205## - There are two console devices. Accordingly, you can use
206## this directive a second time to set the second console device.
207## If you have not defined the second device at compile time,
208## and you don't want to use it, then:
209## setting it to /dev/null is less effective than just leaving
210## it alone (setting to /dev/null will waste time by opening
211## /dev/null and writing to it)
212#
213# SetConsole = /dev/console
214
215## Use separate logfiles for individual clients
216#
217# UseSeparateLogs = False
218
219## Enable listening on port 514/udp for logging of remote syslog
220## messages (if optionally compiled with support for this)
221#
222# SetUDPActive = False
223
224
225## Activate the SysV IPC message queue
226#
227# MessageQueueActive = False
228
229
230## If false, skip reverse lookup when connecting to a host known
231## by name rather than IP address (i.e. trust the DNS)
232#
233# SetReverseLookup = True
234
235## If true, open a Unix domain socket to listen for commands that should
236## be passed to clients upon next connection. Only works on systems
237## that support passing of peer credentials (for authentication) via sockets.
238## Use yulectl to access the socket.
239#
240# SetUseSocket = False
241
242## The UID of the user that is allowed to pass commands to the server
243## via the Unix domain socket.
244#
245# SetSocketAllowUid = 0
246
247## --- E-Mail ---
248
249# Only highest-level (alert) reports will be mailed immediately,
250# others will be queued. Here you can define, when the queue will
251# be flushed (Note: the queue is automatically flushed after
252# completing a file check).
253#
254# SetMailTime = 86400
255
256## Maximum number of mails to queue
257#
258# SetMailNum = 10
259
260## Recipient (max. 8)
261#
262# SetMailAddress=root@localhost
263
264## Mail relay (IP address)
265#
266# SetMailRelay = NULL
267
268## Custom subject format
269#
270# MailSubject = NULL
271
272## --- end E-Mail ---
273
274# The binary. Setting the path will allow
275# samhain to check for modifications between
276# startup and exit.
277#
278# SamhainPath=/usr/local/bin/yule
279
280## The IP address of the time server
281#
282# SetTimeServer = (default: compiled-in)
283
284## Trusted Users (comma delimited list of user names)
285#
286# TrustedUser = (no default; this adds to the compiled-in list)
287
288## Custom format for message header.
289## CAREFUL if you use XML logfile format.
290##
291## %S severity
292## %T timestamp
293## %C class
294##
295## %F source file
296## %L source line
297#
298# MessageHeader="%S %T "
299
300
301## Don't log path to config/database file on startup
302#
303# HideSetup = False
304
305## The syslog facility, if you log to syslog
306#
307# SyslogFacility = LOG_AUTHPRIV
308
309
310## The message authentication method
311## - If you change this, you *must* change it
312## on client *and* server
313#
314# MACType = HMAC-TIGER
315
316
317[Clients]
318##
319## This is a sample registry entry for a client at host 'HOSTNAME'. This entry
320## is valid for the default password.
321## You are STRONGLY ADVISED to reset te password (see the README) and
322## compute your own entries using 'samhain -P <password>'
323##
324## Usually, HOSTNAME should be a fully qualified hostname,
325## no numerical address.
326## -- exception: if the client (samhain) cannot determine the
327## fully qualified hostname of its host,
328## the numerical address may be required.
329## You will know if you get a message like:
330## 'Invalid connection attempt: Not in
331## client list what.ever.it.is'
332##
333## First entry is for challenge/response, second one for SRP authentication.
334#
335# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882
336# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92
Note: See TracBrowser for help on using the repository browser.