Configuring the source

Before you can start to compile, it is neccessary to configure the source for your particular platform and your personal requirements. This is done by running the configure in the source directory. If you type ./configure with no options, the source will get configured with the default options. In particular, a standalone version of samhain will get built which uses the Filesystem Hierarchy Standard (FHS) for file/directory layout. This is not the standard GNU layout of 'everything under /usr/local'.

To change the defaults, ./configure accepts a variety of command-line options and environment variables (use ./configure --help for a complete list). The available command line options are listed and explained in the appendix called List of options for the ./configure script>.

TipPaths
 

(A) samhain is a Filesystem Hierarchy Standard (FHS) compliant application. Thus the default directory layout is not the standard GNU layout (see the Section called Files and directory layout>).

(B) samhain has a concept of trusted users, and will refuse to run if the path to critical files is writeable by users not in its list of trusted users (default: root, and the user who has started samhain). Please read the Section called Trusted users and trusted paths> for details.

Also, if you want to use any options/modules that are not enabled by default (e.g. because they require additional programs and/or libraries), at this point you need to specify them. This is true in particular if you want to use signed configuration and database files (see the chapter called Additional Features — Signed Configuration/Database Files>), use the options for a stealth mode of operation (see the chapter called Additional Features — Stealth>), log to a relational database (--enable-xml-log --with-database=[mysql|postgresql|oracle|odbc]), watch for login/logout events (--enable-login-watch), check the disk for rogue SUID/SGID files (--enable-suidcheck) and/or check for kernel rootkits (on Linux/FreeBSD; --with-kcheck=SYSTEM_MAP).

To configure a standalone version of samhain:
sh$ ./configure [more options]

To configure a client version of samhain that can connect to a central server:
sh$ ./configure --enable-network=client [more options]

To configure a server version of samhain that will act as a central log server:
sh$ ./configure --enable-network=server [more options]

WarningIMPORTANT:
 

Please read the chapter called yule, the log server> if you intend to use samhain as a client/server system. Things will not work automagically just because you compiled a client and a server version of samhain. In particular, clients need to authenticate themselves to the server, and special configure options are required if you want to keep the configuration file(s) and the baseline database(s) on the central server.