- Timestamp:
- Jul 18, 2015, 5:06:52 PM (9 years ago)
- Location:
- trunk/man
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/man/samhain.8
r169 r481 1 .TH SAMHAIN 8 " 07 August 2004" "" "Samhain manual"1 .TH SAMHAIN 8 "26 June 2015" "" "Samhain manual" 2 2 .SH NAME 3 3 samhain \- check file integrity … … 21 21 } [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH,\-\-recursion=DEPTH] [log-options] 22 22 23 .B samhain 24 [ \-p threshold ] { 25 .I \-\-verify\-database=database 26 } 27 28 .B samhain 29 [ \-p threshold ] { 30 .I \-\-create\-database=file\-list 31 } 32 33 34 23 35 .SS "LISTING THE DATABASE" 24 36 .PP … … 27 39 [\-a | \-\-full\-detail] 28 40 [\-\-delimited] 41 [\-\-binary] 42 [\-\-list\-filter=file] 29 43 \-d 30 44 .IR file | … … 245 259 configuration file. 246 260 261 .PP 262 .B samhain 263 [ \-p\ threshold ] 264 .I "\-\-verify\-database=database" 265 266 Check the filesystem against the database given as argument, 267 and exit with an appropriate exit status. The configuration file 268 will 269 .B not 270 be read. 271 272 .PP 273 .B samhain 274 [ \-p\ threshold ] 275 .I "\-\-create\-database=file\-list" 276 277 Initialize a database from the given file list. 278 The configuration file 279 will 280 .B not 281 be read. The policy used will be 282 .I ReadOnly. 283 File content will be stored for a file 284 if its path in the list is preceded with a 285 .B + 286 sign. 287 247 288 .SS "OPTIONS FOR LISTING THE DATABASE" 248 289 .PP … … 267 308 List all informations for each file, in a comma-separated format. 268 309 Must precede the \-d option. 310 .TP 311 [\-\-binary] 312 List data in the binary format of the database, thus writing another 313 database. 314 Must precede the \-d option. 315 .TP 316 .RI [\-\-list\-filter= file ] 317 Filter the output of the database listing by a list of files given 318 in a text file. Together with \-\-binary this allows to write a 319 partial database. Must precede the \-d option. 269 320 .TP 270 321 .RI [\-\-list\-file= file ] -
trunk/man/samhainrc.5
r169 r481 253 253 by same user, and logouts. 254 254 .TP 255 .I "[Kernel]"256 Configuration for detecting kernel rootkits.257 .br258 .BI KernelCheckActive= 0|1259 Switch off/on checking of kernel syscalls to detect kernel module rootkits.260 .br261 .BI KernelCheckInterval= val262 Interval (seconds) between checks.263 .br264 .BI SeverityKernel= val265 Severity level for clobbered kernel syscalls.266 .br267 .BI KernelCheckIDT= 0|1268 Whether to check the interrrupt descriptor table.269 .br270 .BI KernelSystemCall= address271 The address of system_call (grep system_call System.map).272 Required after a kernel update.273 .br274 .BI KernelProcRoot= address275 The address of proc_root (grep ' proc_root$' System.map).276 Required after a kernel update.277 .br278 .BI KernelProcRootIops= address279 The address of proc_root_inode_operations280 (grep proc_root_inode_operations System.map).281 Required after a kernel update.282 .br283 .BI KernelProcRootLookup= address284 The address of proc_root_lookup (grep proc_root_lookup System.map).285 Required after a kernel update.286 .TP287 255 .I "[SuidCheck]" 288 256 Settings for finding SUID/SGID files on disk. … … 473 441 Set type of message authentication code (HMAC). 474 442 Must be identical on client and server. 443 .br 444 .BI StartupLoadDelay= val 445 Defines the interval (in seconds) to wait after startup before 446 loading the databse from the server. Default is no wait. 475 447 .br 476 448 .BI SetLoopTime= val
Note:
See TracChangeset
for help on using the changeset viewer.