Samhain | ||
---|---|---|
<<< Previous | List of configuration file options | Next >>> |
Section heading:
[Misc]
Entries:
Daemon=yes/no — Whether to become a daemon (default: no)
SetUseSocket=yes/no — If unset, do not open the command socket (server only). This socket allows to advise the server to transmit commands to clients as soon as they connect to the server next time.
SetSocketAllowUid=UID — Which user can connect to the command socket. The default is 0 (root).
SetSocketPassword=password — Password (max. 14 chars, no '@') for password-based authentication on the command socket (only if the OS does not support passing credentials via sockets).
SetChrootDir=path — If set, chroot to this directory (server only).
SetStripDomain=yes/no — Whether to strip the domain from the client hostname when logging client messages (server only; default: yes).
VersionString=string — Set version string to include in file signature database (along with hostname and date).
SetNiceLevel=-19..19 — Set scheduling priority during file check. — (see 'man nice').
SetIOLimit=bps — Set IO limits (kilobytes per second) for file check.
SetLoopTime=seconds — Interval between timestamp messages (60).
SetFilecheckTime=seconds — Interval between file checks (600).
FileCheckScheduleOne=schedule— Crontab-like schedule for file checks.
UseHardlinkCheck=yes/no— Compare number of hardlinks to number of subdirectories for directories.
HardlinkOffset=N:/path — Exception (use multiple times for multiple exceptions). N is offset (actual - expected hardlinks) for /path.
AddOKChars=N1, N2, .. — List of acceptable characters (byte value(s)) for the check for weird filenames. Nn may be hex (leading '0x': 0xNN), octal (leading zero: 0NNN), or decimal.
IgnoreAdded=path_regex— Ignore if this file/directory is added/created.
IgnoreMissing=path_regex— Ignore if this file/directory is missing/deleted.
ReportOnlyOnce=yes/no — Report only once on a modified file (yes).
ReportFullDetail=yes/no — Report in full detail on modified files (no).
UseLocalTime=yes/no — Report file timestamps in local time rather than GMT (no). Do not use this with Beltane.
ChecksumTest=none/init/update/check — The default action (none).
SetPrelinkPath=path — The path to the prelink binary (default is /usr/sbin/prelink).
SetPrelinkChecksum=checksum — The checksum of the prelink binary.
SetConsole=device — Set the console device (/dev/console).
MessageQueueActive=1/0 — Use SysV IPC message queue — (off).
SetMailTime=seconds — Maximum time interval between mail messages (86400 sec).
SetMailNum=0 -- 127 — Maximum number of pending mails on internal queue (10).
SetMailAddress=recepient — Add a recepient e-mail address (max. 8).
SetMailRelay=IP address — The mail relay (for offsite mail; default: none).
MailSubject=string — Custom format for the email subject (none).
SamhainPath=path — The path of the process image.
SetBindAddress=IP address — The IP address (i.e. interface on multi-interface box) to use for outgoing connections.
SetLogServer=IP address — The log server.
SetTimeServer=IP address — The time server. Note that the simple 'time' service (port 37/tcp) is used.
TrustedUser=username(,username,..). — List of additional trusted users.
SetDatabasePath=AUTO or /path— Path to database (AUTO to tack hostname on compiled-in path).
SetLogfilePath=AUTO or /path — Path to log file (AUTO to tack hostname on compiled-in path).
SetLockfilePath=AUTO or /path— Path to lock file (AUTO to tack hostname on compiled-in path).
DigestAlgo=SHA1 or MD5 — Use SHA1 or MD5 instead of the TIGER checksum (default: TIGER192).
RedefReadOnly=+XXX or -XXX — Add or subtract test XXX from the ReadOnly policy.
RedefAttributes=+XXX or -XXX — Add or subtract test XXX from the Attributes policy.
RedefLogFiles=+XXX or -XXX — Add or subtract test XXX from the LogFiles policy.
RedefGrowingLogFiles=-XXX or ~XXX — Add or subtract test XXX from the GrowingLogFiles policy.
RedefIgnoreAll=+XXX or -XXX — Add or subtract test XXX from the IgnoreAll policy.
RedefIgnoreNone=+XXX or -XXX — Add or subtract test XXX from the IgnoreNone policy.
RedefUser0=+XXX or -XXX — Add or subtract test XXX from the User0 policy.
RedefUser1=+XXX or -XXX — Add or subtract test XXX from the User1 policy.
SetClientFromAccept=true/false — If true, use client address as known to the communication layer. Else (default) use client name as claimed by the client, try to verify against the address known to the communication layer, and accept (with a warning message) even if this fails.
UseClientSeverity=yes|no — If set to 'yes', don't assign a special severity (priority) to client messages.
UseClientClass=yes|no — If set to 'yes', don't assign a special class to client messages.
SeverityLookup=severity — Severity for name lookup errors when verifying (on the server side) that the socket peer matches the hostname claimed by the client. See the preceding option.
SetReverseLookup=true/false — If false, skip reverse lookups when connecting to a host known by name rather than IP address.
UseSeparateLogs=true/false — If true, messages from different clients will be logged to separate log files (the name of the client will be appended to the name of the main log file to construct the logfile name).
SetClientTimeLimit=seconds — Time limit until next client message (server-only).
MessageHeader="\%S \%T \%F \%L \%C" — Specify custom format for message header.
SetUDPActive=yes/no — yule 1.2.8+: Listen on 514/udp (syslog).
HideSetup=yes/no — Don't log names of config/database files on startup.
SyslogFacility=LOG_xxx — Set syslog facility (default is LOG_AUTHPRIV).
MACType=HASH-TIGER/HMAC-TIGER — Set type of message authentication code (HMAC). Must be identical on client and server.
Remarks: (i) root and the effective user are always trusted. (ii) If no time server is given, the local host clock is used. (iii) If the path of the process image is given, the process image will be checksummed at startup and exit, and both checksums compared.
<<< Previous | Home | Next >>> |
Database | Up | External |