Changeset 481 for trunk/man

Timestamp:

Jul 18, 2015, 5:06:52 PM (9 years ago)

Author:

katerina

Message:

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

Location:

trunk/man

Files:

• samhain.8 (modified) (5 diffs)
• samhainrc.5 (modified) (2 diffs)

trunk/man/samhain.8

@@ -1 @@
-.TH SAMHAIN 8 "07 August 2004" "" "Samhain manual"
+.TH SAMHAIN 8 "26 June 2015" "" "Samhain manual"
 .SH NAME
 samhain \- check file integrity
@@ -21 +21 @@
 } [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH,\-\-recursion=DEPTH] [log-options]
 
+.B samhain 
+[ \-p threshold ] {
+.I \-\-verify\-database=database
+} 
+
+.B samhain 
+[ \-p threshold ] {
+.I \-\-create\-database=file\-list
+} 
+
+
+
 .SS "LISTING THE DATABASE"
 .PP
@@ -27 +39 @@
 [\-a | \-\-full\-detail]
 [\-\-delimited]
+[\-\-binary]
+[\-\-list\-filter=file]
 \-d 
 .IR file | 
@@ -245 +259 @@
 configuration file.
 
+.PP
+.B samhain
+[ \-p\ threshold ]
+.I "\-\-verify\-database=database"
+
+Check the filesystem against the database given as argument,
+and exit with an appropriate exit status. The configuration file
+will 
+.B not
+be read.
+
+.PP
+.B samhain
+[ \-p\ threshold ]
+.I "\-\-create\-database=file\-list"
+
+Initialize a database from the given file list. 
+The configuration file
+will 
+.B not
+be read. The policy used will be
+.I ReadOnly.
+File content will be stored for a file
+if its path in the list is preceded with a 
+.B +
+sign.
+
 .SS "OPTIONS FOR LISTING THE DATABASE"
 .PP
@@ -267 +308 @@
 List all informations for each file, in a comma-separated format.
 Must precede the \-d option.
+.TP
+[\-\-binary]
+List data in the binary format of the database, thus writing another
+database.
+Must precede the \-d option.
+.TP
+.RI [\-\-list\-filter= file ]
+Filter the output of the database listing by a list of files given
+in a text file. Together with \-\-binary this allows to write a
+partial database. Must precede the \-d option.
 .TP
 .RI [\-\-list\-file= file ]

trunk/man/samhainrc.5

@@ -253 +253 @@
 by same user, and logouts.
 .TP
-.I "[Kernel]"
-Configuration for detecting kernel rootkits.
-.br
-.BI KernelCheckActive= 0|1
-Switch off/on checking of kernel syscalls to detect kernel module rootkits.
-.br
-.BI KernelCheckInterval= val
-Interval (seconds) between checks.
-.br
-.BI SeverityKernel= val
-Severity level for clobbered kernel syscalls.
-.br
-.BI KernelCheckIDT= 0|1
-Whether to check the interrrupt descriptor table.
-.br
-.BI KernelSystemCall= address
-The address of system_call (grep system_call System.map). 
-Required after a kernel update.
-.br
-.BI KernelProcRoot= address
-The address of proc_root (grep ' proc_root$' System.map).
-Required after a kernel update.
-.br
-.BI KernelProcRootIops= address 
-The address of proc_root_inode_operations 
-(grep proc_root_inode_operations System.map).
-Required after a kernel update.
-.br
-.BI KernelProcRootLookup= address 
-The address of proc_root_lookup (grep proc_root_lookup System.map).
-Required after a kernel update.
-.TP
 .I "[SuidCheck]"
 Settings for finding SUID/SGID files on disk.
@@ -473 +441 @@
 Set type of message authentication code (HMAC). 
 Must be identical on client and server. 
+.br
+.BI StartupLoadDelay= val
+Defines the interval (in seconds) to wait after startup before
+loading the databse from the server. Default is no wait.
 .br
 .BI SetLoopTime= val