Index: trunk/samhainrc.freebsd
===================================================================
--- trunk/samhainrc.freebsd	(revision 1)
+++ trunk/samhainrc.freebsd	(revision 14)
@@ -61,18 +61,126 @@
 # RedefUser1=(no default)
 
+#
+# --------- / --------------
+#
+
+[ReadOnly]
+dir = 0/
+
 [Attributes]
+file = /
+file = /proc
+file = /entropy
+file = /tmp
+file = /var
+
+#
+# --------- /dev -----------
+#
+
+[Attributes]
+dir = 99/dev
+
+[IgnoreAll]
+file = /dev/ttyp?
+
+[Misc]
+##
+## pseudo terminals are created/removed as needed
+##
+IgnoreAdded = /dev/(p|t)typ.*
+IgnoreMissing = /dev/(p|t)typ.*
+
+
+#
+# --------- /etc -----------
+#
+
+[ReadOnly]
+##
+## for these files, only access time is ignored
+##
+dir = 99/etc
+
+
+#
+# --------- /boot -----------
+#
+
+[ReadOnly]
+dir = 99/boot
+
+#
+# --------- /bin, /sbin -----------
+#
+
+[ReadOnly]
+dir = 99/bin
+dir = 99/sbin
+
+#
+# --------- /lib -----------
+#
+
+[ReadOnly]
+dir = 99/lib
+
+#
+# --------- /libexec -----------
+#
+
+[ReadOnly]
+dir = 99/libexec
+
+#
+# --------- /rescue -----------
+#
+
+[ReadOnly]
+dir = 99/rescue
+
+#
+# --------- /root -----------
+#
+
+[Attributes]
 ##
 ## for these files, only changes in permissions and ownership are checked
 ##
-
-file=/usr/compat/linux/etc
-file=/usr/compat/linux/etc/ld.so.cache
-
-dir=/var/mail
-dir=/var/spool/lp/tmp
-dir=/var/tmp
-# dir=/var/dt/tmp
-dir=/tmp
-
+dir = 99/root
+
+#
+# --------- /stand -----------
+#
+
+[ReadOnly]
+dir = 99/stand
+
+#
+# --------- /usr -----------
+#
+
+[ReadOnly]
+dir = 99/usr
+
+[Attributes]
+dir = /usr/.snap
+dir = /usr/share/man/cat?
+file = /usr/compat/linux/etc
+file = /usr/compat/linux/etc/ld.so.cache
+
+[IgnoreAll]
+dir = -1/usr/home
+
+#
+# --------- /var -----------
+#
+
+[ReadOnly]
+file = /var
+
+[Attributes]
+
+dir = 0/var
 
 [LogFiles]
@@ -83,28 +191,33 @@
 file=/var/run/utmp
 
-
 [GrowingLogFiles]
 ##
-## for these files, changes in signature, timestamps, and increase in size
-##                  are ignored 
-##
-
-file=/var/log/wtmp
-file=/var/log/messages
-file=/var/log/maillog
-file=/var/log/lastlog
-file=/var/log/cron
-file=/var/log/auth.log
-
-
-[IgnoreAll]
-##
-## for these files, no modifications are reported
-##
-
-dir=/usr/share/man
-dir=/usr/share/games
-dir=/usr/share/misc
-dir=/usr/X11R6/man
+## For these files, changes in signature, timestamps, and increase in size
+## are ignored. Logfile rotation will cause a report because of shrinking
+## size and different inode. 
+##
+dir = 99/var/log
+
+[Attributes]
+#
+# rotated logs will change inode
+#
+file = /var/log/*.[0-9].bz2
+file = /var/log/*.[0-9].log
+file = /var/log/*.[0-9]
+file = /var/log/*.[0-9][0-9]
+file = /var/log/*.old
+
+file = /var/log/sendmail.st
+
+
+[Misc]
+#
+# Various naming schemes for rotated logs
+#
+IgnoreAdded = /var/log/.*\.[0-9]+$
+IgnoreAdded = /var/log/.*\.[0-9]+\.gz$
+IgnoreAdded = /var/log/.*\.[0-9]+\.bz2$
+IgnoreAdded = /var/log/.*\.[0-9]+\.log$
 
 
@@ -117,21 +230,4 @@
 
 
-[ReadOnly]
-##
-## for these files, only access time is ignored
-##
-
-dir=/bin
-dir=/boot
-dir=3/etc
-dir=/sbin
-dir=1/stand
-dir=/stand/etc
-dir=/stand/modules
-dir=/usr
-dir=2/var/cron
-
-file=/kernel
-dir=/modules
 
 [User0]