1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
commit 4c6658441eb3ffc4e51ed70f78cbdab046957580
Author: Aws Ismail <aws.ismail@windriver.com>
Date: Fri Jun 22 16:38:20 2012 -0400
Make samhainrc OE-friendly.
Patch the samhainrc that will be installed
as part of the 'make install' step to more
accurately reflect what will be found, and
what will be of concern, on a OE install.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
diff --git a/samhainrc.linux b/samhainrc.linux
index 9bc5ca4..10a8176 100644
--- a/samhainrc.linux
+++ b/samhainrc.linux
@@ -74,7 +74,6 @@ dir = 0/
[Attributes]
file = /tmp
file = /dev
-file = /media
file = /proc
file = /sys
@@ -93,19 +92,10 @@ dir = 99/etc
## check permission and ownership
##
file = /etc/mtab
+file = /etc/fstab
file = /etc/adjtime
file = /etc/motd
-file = /etc/lvm/.cache
-
-# On Ubuntu, these are in /var/lib rather than /etc
-file = /etc/cups/certs
-file = /etc/cups/certs/0
-
-# managed by fstab-sync on Fedora Core
-file = /etc/fstab
-
-# modified when booting
-file = /etc/sysconfig/hwconf
+file = /etc/lvm/lvm.conf
# There are files in /etc that might change, thus changing the directory
# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'.
@@ -147,10 +137,6 @@ dir = 99/dev
##
dir = -1/dev/pts
-# dir = -1/dev/.udevdb
-
-file = /dev/ppp
-
#
# --------- /usr -----------
#
@@ -167,50 +153,21 @@ dir = 99/var
[IgnoreAll]
dir = -1/var/cache
-dir = -1/var/backups
-dir = -1/var/games
-dir = -1/var/gdm
dir = -1/var/lock
dir = -1/var/mail
dir = -1/var/run
dir = -1/var/spool
dir = -1/var/tmp
-dir = -1/var/lib/texmf
-dir = -1/var/lib/scrollkeeper
[Attributes]
-dir = /var/lib/nfs
-dir = /var/lib/pcmcia
-
# /var/lib/rpm changes if packets are installed;
# /var/lib/rpm/__db.00[123] even more frequently
file = /var/lib/rpm/__db.00?
-file = /var/lib/acpi-support/vbestate
-file = /var/lib/alsa/asound.state
-file = /var/lib/apt/lists/lock
-file = /var/lib/apt/lists/partial
-file = /var/lib/cups/certs
-file = /var/lib/cups/certs/0
-file = /var/lib/dpkg/lock
-file = /var/lib/gdm
-file = /var/lib/gdm/.cookie
-file = /var/lib/gdm/.gdmfifo
-file = /var/lib/gdm/:0.Xauth
-file = /var/lib/gdm/:0.Xservers
-file = /var/lib/logrotate/status
-file = /var/lib/mysql
-file = /var/lib/mysql/ib_logfile0
-file = /var/lib/mysql/ibdata1
-file = /var/lib/slocate
-file = /var/lib/slocate/slocate.db
-file = /var/lib/slocate/slocate.db.tmp
-file = /var/lib/urandom
-file = /var/lib/urandom/random-seed
+file = /var/lib/logrotate.status
file = /var/lib/random-seed
-file = /var/lib/xkb
[GrowingLogFiles]
@@ -325,7 +282,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp
## Console
##
-# PrintSeverity=info
+PrintSeverity=warn
## Logfile
##
@@ -333,7 +290,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp
## Syslog
##
-# SyslogSeverity=none
+SyslogSeverity=info
## Remote server (yule)
##
@@ -556,7 +513,8 @@ ChecksumTest=check
## and I/O limit (kilobytes per second; 0 == off)
## to reduce load on host.
#
-# SetNiceLevel = 0
+# By default we configure samhain to be nice with everything else on the system
+SetNiceLevel = 10
# SetIOLimit = 0
## The version string to embed in file signature databases
@@ -565,13 +523,14 @@ ChecksumTest=check
## Interval between time stamp messages
#
-# SetLoopTime = 60
-SetLoopTime = 600
+# Log a timestamp every hour
+SetLoopTime = 3600
## Interval between file checks
#
# SetFileCheckTime = 600
-SetFileCheckTime = 7200
+# One file system check per day
+SetFileCheckTime = 86400
## Alternative: crontab-like schedule
#
|