#####################################################################
#
# Configuration file template for samhain.
#
#####################################################################
# 
# -- empty lines and lines starting with '#' are ignored 
# -- you can PGP clearsign this file -- samhain will check (if compiled
#    with support) or otherwise ignore the signature
# -- CHECK mail address
#
# To each log facility, you can assign a threshold severity. Only
# reports with at least the threshold severity will be logged
# to the respective facility (even further below).
#
#####################################################################
#
# SETUP for file system checking:
# 
# (i)   There are several policies, each has its own section. Put files
#       into the section for the appropriate policy (see below).
# (ii)  To each policy, you can assign a severity (further below).
# (iii) To each log facility, you can assign a threshold severity. Only
#       reports with at least the threshold severity will be logged
#       to the respective facility (even further below).
#
#####################################################################


[Misc]
# RedefReadOnly=-CHK-MTM-CTM-SIZ+CHK

[Attributes]
#
# for these files, only changes in permissions and ownership are checked
#
file=/etc/mtab
#file=/etc/ssh_random_seed
#file=/etc/asound.conf
#file=/etc/resolv.conf
file=/etc/localtime
#file=/etc/ioctl.save
#file=/etc/passwd.backup
#file=/etc/shadow.backup


#
# There are files in /etc that might change (see above), 
# thus changing the timestamps on the directory special file.
# Put it here as 'file', and in the ReadOnly section as 'dir'.
#
file=/etc

[GrowingLogFiles]
#
# for these files, changes in signature, timestamps, and increase in size
#                  are ignored 
#
# Example for shell-style wildcard pattern
#
file=/var/log/n*

[IgnoreAll]
# dir=-1/etc/xxx
# file=/etc/xxx

[ReadOnly]
#
# for these files, only access time is ignored
#
#dir=/dev
# dir=/usr/bin
#dir=/bin
#dir=/lib
#dir=3/etc

[Attributes]
dir=/opt/gnome/bin/

[SuidCheck]
SuidCheckActive=T

[EventSeverity]
#
# Here you can assign severities to policy violations.
# If this severity exceeds the treshold of a log facility (see below),
# a policy violation will be logged to that facility.
#
# Severity for verification failures.
#
SeverityReadOnly=crit
SeverityLogFiles=crit
SeverityGrowingLogs=crit
SeverityIgnoreNone=crit
SeverityAttributes=crit
#
# We have a file in IgnoreAll that might or might not be present.
# Setting the severity to 'info' prevents messages about deleted/new file.
#
SeverityIgnoreAll=warn

#
# Files : file access problems
# Dirs  : directory access problems
# Names : suspect (non-printable) characters in a pathname
#
SeverityFiles=crit
SeverityDirs=crit
SeverityNames=warn

[Log]
#
# Set threshold severity for log facilities
# Values: debug, info, notice, warn, mark, err, crit, alert, none.
# 'mark' is used for timestamps.
#
# By default, everything equal to and above the threshold is logged.
# The specifiers '*', '!', and '=' are interpreted as  
# 'all', 'all but', and 'only', respectively (like syslogd(8) does, 
# at least on Linux). 
# 
# MailSeverity=*
# MailSeverity=!warn
# MailSeverity==crit
#
MailSeverity=none
LogSeverity=info
SyslogSeverity=none
ExportSeverity=none
PrintSeverity=info
# Restrict to certain classes of messages
# MailClass = RUN

# Which system calls to log (execve, utime, unlink, dup, chdir, open, kill,
#  exit, fork, setuid, setgid, pipe)
#
# LogCalls = open



[Utmp]
#
# 0 to switch off, 1 to activate
#
LoginCheckActive=1

# Severity for logins, multiple logins, logouts
# 
SeverityLogin=info
SeverityLoginMulti=warn
SeverityLogout=info

# interval for login/logout checks
#
LoginCheckInterval=60

[Misc]
#
# whether to become a daemon process
Daemon=no

# Custom format for message header
#
# %S severity
# %T timestamp
# %C class
#
# %F source file
# %L source line
#
# MessageHeader="%S %T - %F - %L  "

# the maximum time between client messages (seconds)
# (this is a log server-only option; the default is 86400 sec = 1 day
#
# SetClientTimeLimit=1800

# time till next file check (seconds)
SetFilecheckTime=20

# Only highest-level (alert) reports will be mailed immediately,
# others will be queued. Here you can define, when the queue will
# be flushed (Note: the queue is automatically flushed after
# completing a file check).
#
# maximum time till next mail (seconds)
SetMailTime=86400

# maximum number of queued mails
SetMailNum=10

# where to send mail to
SetMailAddress=root@localhost


# mail relay host
# SetMailRelay=localhost

# The binary. Setting the path will allow
# samhain to check for modifications between
# startup and exit.
#
# SamhainPath=/usr/local/bin/samhain

# where to get time from
# SetTimeServer=www.yourdomain.de

# where to export logs to
SetLogServer=localhost

SetRecursionLevel=1

setdatabasepath=AUTO
setlogfilepath=AUTO
setlockfilepath=/home/rainer/samhain/devel/.samhain_foo

# timer for time stamps
SetLoopTime=60

# report in full detail on modified files
#
ReportFullDetail = no

# trusted users (root and the effective user are always trusted)
# TrustedUser=bin

# whether to test signature of files (init/check/none)
# - if 'none', then we have to decide this on the command line -
#
ChecksumTest=check

# Set the facility for syslog
#
# SyslogFacility=LOG_MAIL

# Don't log names of configuration/database files on startup
#
# HideSetup=yes

# pre1_1_9 = yes


# everything below is ignored
[EOF]
