Files and directory layout

TipTIP
 

samhain has its own set of trusted users. Paths to critical files (e.g. the configuration file) must be writeable by trusted users only. Failure to ensure this (e.g. by compiling in an appropriate set of trusted users) is one of the most frequent reasons for problems. See below for details.

Trusted users and trusted paths

If a path element is group writeable, all group members must be trusted. If the path to the configuration file itself is writeable by other users than root and the effective user these must be defined as trusted already at compile time.

NoteNOTE
 

The list of group members in /etc/group may be incomplete or even empty. samhain will check /etc/passwd (where each user has a GID field) in addition to /etc/group to find all members of a group.

Directory layout

samhain conforms to the FHS, which mandates a directory layout that is different from the default GNU layout (everything in subdirectories under /etc/local).

TipTIP
 

There is an option ./configure --enable-install-name=NAME. When this option is used, not only the executable is installed as NAME, but also in all the paths, samhain is replaced with NAME.

NoteNOTE
 

For the yule server, replace samhain with yule in the paths explained below.

The following table explains which directory layout results from ./configure --prefix=PREFIX

The file signature database will be written to localstatedir/lib/samhain/samhain_file, the pid file to localstatedir/run/samhain.pid, and the log file to localstatedir/log/samhain_log. In addition, yule writes an HTML status file to localstatedir/log/yule/yule.html

To get a more fine-grained control on the layout, the following configure options are provided

Runtime files

Server

NoteNOTE
 

The server will drop root privileges after startup. I does not need write access to the data files, thus the data file directory is chmod 555 on installation. It does need write access to the log file directory. As the system logfile directory usually is owned by root, the install script will by default create a subdirectory and chown it to the unprivileged yule user. The PID file is written before dropping root.

Installed files