- Timestamp:
- Dec 19, 2006, 10:01:59 PM (18 years ago)
- Location:
- trunk/man
- Files:
-
- 2 edited
-
samhain.8 (modified) (2 diffs)
-
samhainrc.5 (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/man/samhain.8
r27 r76 60 60 .B samhain 61 61 \-c | \-\-copyright 62 63 .B samhain 64 \-v | \-\-version 62 65 63 66 .B samhain … … 325 328 326 329 .B samhain 330 \-v | \-\-version 331 332 Show version and compiled-in options. 333 334 .B samhain 327 335 \-h | \-\-help 328 336 329 Print supported options (depending on compilation options).337 Print supported command line options (depending on compilation options). 330 338 331 339 .B samhain -
trunk/man/samhainrc.5
r27 r76 304 304 Limit files per seconds for SUID check. 305 305 .TP 306 .I "[Mounts]" 307 Configuration for checking mounts. 308 .br 309 .BI MountCheckActive= 0|1 310 Switch off/on this module. 311 .br 312 .BI MountCheckInterval= seconds 313 The interval between checks (default 300). 314 .br 315 .BI SeverityMountMissing= severity 316 Severity for reports on missing mounts. 317 .br 318 .BI SeverityOptionMissing= severity 319 Severity for reports on missing mount options. 320 .br 321 .BI CheckMount= path 322 [mount_options] 323 .br 324 Mount point to check. Mount options must be given as 325 comma-separated list, separated by a blank from the preceding mount point. 326 .TP 327 .I "[UserFiles]" 328 Configuration for checking paths relative to user home directories. 329 .br 330 .BI UserFilesActive= 0|1 331 Switch off/on this module. 332 .br 333 .BI UserFilesName= filename 334 policy 335 .br 336 Files to check for under each $HOME. Allowed values for 'policy' 337 are: allignore, attributes, logfiles, loggrow, noignore (default), 338 readonly, user0, user1, user2, user3, and user4. 339 .br 340 .BI UserFilesCheckUids= uid_list 341 A list of UIDs where we want to check. The default 342 is all. Ranges (e.g. 100-500) are allowed. If there is an open range (e.g. 343 1000-), it must be last in the list. 344 .TP 345 .I "[ProcessCheck]" 346 Settings for finding hidden/fake,required processes on the local host. 347 .br 348 .BI ProcessCheckActive= 0|1 349 Switch off/on the check. 350 .br 351 .BI ProcessCheckInterval= seconds 352 The interval between checks (default 300). 353 .br 354 .BI SeverityProcessCheck= severity 355 Severity for events (default crit). 356 .br 357 .BI ProcessCheckMinPID= pid 358 The minimum PID to check (default 0). 359 .br 360 .BI ProcessCheckMaxPID= pid 361 The maximum PID to check (default 32767). 362 .br 363 .BI ProcessCheckPSPath= path 364 The path to ps (autodetected at compile time). 365 .br 366 .BI ProcessCheckPSArg= argument 367 The argument to ps (autodetected at compile time). 368 Must yield PID in first column. 369 .br 370 .BI ProcessCheckExists= regular_expression 371 Check for existence of a process matching the given regular expression. 372 .TP 373 .I "[PortCheck]" 374 Settings for checking open ports on the local host. 375 .br 376 .BI PortCheckActive= 0|1 377 Switch off/on the check. 378 .br 379 .BI PortCheckInterval= seconds 380 The interval between checks (default 300). 381 .br 382 .BI PortCheckUDP= yes|no 383 Whether to check UPD ports as well (default yes). 384 .br 385 .BI SeverityPortCheck= severity 386 Severity for events (default crit). 387 .br 388 .BI PortCheckInterface= ip_address 389 Additional interface to check. 390 .br 391 .BI PortCheckOptional= ip_address:list 392 Ports that may, but need not be open. The ip_address is the one 393 of the interface, the list must be 394 comma or whitespace separated, each item must be (port|service)/protocol, 395 e.g. 22/tcp,nfs/tcp/nfs/udp. 396 .br 397 .BI PortCheckRequired= ip_address:list 398 Ports that are required to be open. The ip_address is the one 399 of the interface, the list must be 400 comma or whitespace separated, each item must be (port|service)/protocol, 401 e.g. 22/tcp,nfs/tcp/nfs/udp. 402 .TP 306 403 .I "[Database]" 307 404 Settings for
Note:
See TracChangeset
for help on using the changeset viewer.
