diff options
| -rw-r--r-- | roles/common/files/etc/samhain/samhainrc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/roles/common/files/etc/samhain/samhainrc b/roles/common/files/etc/samhain/samhainrc index 1fd9d42..7f304b7 100644 --- a/roles/common/files/etc/samhain/samhainrc +++ b/roles/common/files/etc/samhain/samhainrc @@ -46,55 +46,57 @@ # # You can use shell-style globbing patterns, like: file = /path/foo* # ###################################################################### [Misc] ## ## Add or subtract tests from the policies ## - if you want to change their definitions, ## you need to do that before using the policies ## # RedefReadOnly = (no default) # RedefAttributes=(no default) # RedefLogFiles=(no default) # RedefGrowingLogFiles=(no default) # RedefIgnoreAll=(no default) # RedefIgnoreNone=(no default) # RedefUser0=(no default) # RedefUser1=(no default) FileNamesAreUTF8 = yes +# Switch off hardlink check for BTRFS +UseHardlinkCheck=no [Attributes] ## ## for these files, only changes in permissions and ownership are checked ## file=/etc/mtab #file=/etc/ssh_random_seed #file=/etc/asound.conf file=/etc/resolv.conf file=/etc/localtime #file=/etc/ioctl.save #file=/etc/passwd.backup #file=/etc/shadow.backup #file=/etc/postfix/prng_exch -#file=/etc/adjtime +file=/etc/adjtime file=/etc/network/run/ifstate #file=/etc/lvm/.cache file=/etc/ld.so.cache # # There are files in /etc that might change, thus changing the directory # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. # file=/etc [LogFiles] ## ## for these files, changes in signature, timestamps, and size are ignored ## file=/var/run/utmp file=/etc/motd ##################################################################### @@ -114,59 +116,59 @@ file=/etc/motd # @end # # These are two examples for conditional inclusion/exclusion # of a machine based on the output from 'uname -srm' # # $Linux:2.*.7:i666 # file=/foo/bar3 # $end # # !$Linux:2.*.7:i686 # file=/foo/bar2 # $end # ##################################################################### [GrowingLogFiles] ## ## for these files, changes in signature, timestamps, and increase in size ## are ignored ## -file=/var/log/warn +#file=/var/log/warn file=/var/log/messages file=/var/log/wtmp file=/var/log/faillog file=/var/log/auth.log file=/var/log/daemon.log file=/var/log/user.log file=/var/log/kern.log file=/var/log/syslog [IgnoreAll] ## ## for these files, no modifications are reported ## ## This file might be created or removed by the system sometimes. ## -file=/etc/resolv.conf.pcmcia.save -file=/etc/nologin +#file=/etc/resolv.conf.pcmcia.save +#file=/etc/nologin file=/etc/network/run file=/etc/.etckeeper dir=-1/etc/.git [IgnoreNone] ## ## for these files, all modifications (even access time) are reported ## - you may create some interesting-looking file (like /etc/safe_passwd), ## just to watch whether someone will access it ... ## [Prelink] ## ## Use for prelinked files or directories holding them ## [ReadOnly] ## @@ -524,41 +526,41 @@ SetNiceLevel = 19 # SetLoopTime = 60 SetLoopTime = 21600 ## Interval between file checks # # SetFileCheckTime = 600 SetFileCheckTime = 7200 ## Alternative: crontab-like schedule # # FileCheckScheduleOne = NULL ## Alternative: crontab-like schedule(2) # # FileCheckScheduleTwo = NULL ## Report only once on modified fles ## Setting this to 'FALSE' will generate a report for any policy ## violation (old and new ones) each time the daemon checks the file system. # -ReportOnlyOnce = True +# ReportOnlyOnce = True ## Report in full detail # # ReportFullDetail = False ## Report file timestamps in local time rather than GMT # # UseLocalTime = No ## The console device (can also be a file or named pipe) ## - There are two console devices. Accordingly, you can use ## this directive a second time to set the second console device. ## If you have not defined the second device at compile time, ## and you don't want to use it, then: ## setting it to /dev/null is less effective than just leaving ## it alone (setting to /dev/null will waste time by opening ## /dev/null and writing to it) # # SetConsole = /dev/console |