Samhain | ||
---|---|---|
<<< Previous | General usage notes | Next >>> |
To get a good signal-to-noise ratio (i.e. few false alerts), you need to know which files should be checked, and which not (looking at the 'last modified' timestamp may be helpful, if in doubt).
To see how to set recursion depths, implement 'check all but xxx' policies etc., have a look at the Section called Monitoring policies in the chapter called Configuration — samhain, the file monitor.
As samhain runs a a daemon, it is capable to 'remember' all file system changes, thus you won't get bothered twice about the same problem.
<<< Previous | Home | Next >>> |
Updating the file signature database | Up | Runtime options: command-line & configuration file |