Appendix A. List of options for the ./configure script

A.1. General

--with-rnd=egd/dev/unix/default

The entropy gatherer to use. 'egd' is the Entropy Gathering Daemon (EGD), 'dev' is /dev/random, 'unix' is the built-in Unix entropy gatherer (similar to EGD), and 'default' will check for /dev/random first, and use 'unix' as fallback.

--with-egd-socket=NAME

The path to the EGD socket. Default is localstatedir/lib/samhain/entropy (see Section A.5).

--enable-identity=USER

The username to use when dropping root privileges (default nobody).

--with-sender=SENDER

The username of the sender for e-mail, or a complete e-mail address. If only a username is given, SENDER@{FQDN_of_local_host} will be used for the sender. Default is daemon.

--with-recipient=ADDR

The recepient(s) for e-mail, seperated by whitespace (max. 8). You can add recepients in the configuration file as well.

--with-trusted=UID

Trusted users (must be a comma-separated list of numerical UIDs). Only required if the configuration file must be on a path writeable by others than root and the effective user.

--with-timeserver=HOST

Set host address for time server (default is to use own clock). You can set this in the configuration file as well. An address in the configuration file will take precedence. Note that the simple 'time' service (port 37/tcp) is used.

--with-alttimeserver=HOST

Set host address for an alternative (backup) time server.

--enable-stealth=XOR_VAL

Enable stealth mode, and set XOR_VAL. XOR_VAL must be decimal, in the range 127 -- 255, and will be used to obfuscate literal strings.

--enable-micro-stealth=XOR_VAL

As --with-stealth, but without steganographic hidden configuration file.

--enable-nocl=PW

Command line parsing is disabled, but command-line arguments will be read from STDIN if the first command line argument is PW. PW="" (empty string) will disable command line parsing completely. This option may be used as addition to --enable(-micro)-stealth to prevent interactive enforcement of telltale output.

--enable-install-name=NAME

Upon installation, rename every file from samhain (or yule for the server) to NAME. To be used in conjunction with --with-(micro-)stealth.

--enable-khide=SYSTEM_MAP

(Linux only) compile kernel modules to hide all files with NAME (from --enable-install-name=NAME) within the path. By default, NAME is 'samhain' for the client/standalone version, and 'yule' for the server. SYSTEM_MAP must be the path to the System.map file corresponding to the kernel.

--enable-base=B1,B2

Set compiled-in key for email and logfile signature verification. ONE string (no space) made of TWO comma-separated integers in the range 0 -- 2147483647. See Section 11.2> for details on this option.

--enable-db-reload

[CLIENT ONLY] Enable reload of file database on SIGHUP (otherwise, only the config file will be read again).

--enable-xml-log

Enable XML format for the log file.

--with-database=mysql/postgresql/oracle/odbc

Support logging to a relational database (MySQL, PostgreSQL, Oracle or unixODBC). Oracle and unixODBC are not fully tested.

--with-prelude

Support logging to the Prelude IDS system. Requires the libprelude library.

--with-libprelude-prefix=PFX

Prefix where libprelude is installed. This will be used to search libprelude-config in the PFX/bin/ directory.

--disable-ipv6

Disable IPv6 support.

--enable-debug[=gdb]

Enable debugging. Will slow down things, increase resource usage, and may leak information that should be kept secure. Will dump 'core' and 'samhain_backtrace' in the root directory on segfault. Do not use in production code.

If used as --enable-debug=gdb, will only compile in debugging symbols for the GNU gdb compiler. This is more suitable for debugging the code itself.

--enable-ptrace

Periodically check whether a debugger is attached, and abort if yes. Only takes effect if --enable-debug is not used. Only tested on Linux.

--with-cflags=FLAGS

Additional flags to pass to the compiler.

--with-libs=LIBS

Additional libraries to link with.

--disable-largefile

Disable support for large files (> 2GB). Large file support is enabled automatically if your system supports it.

--enable-udp

This options enables code to listen on port 514/upd, i.e. the syslog port. Thus the server can receive syslog reports from remote hosts (if they are configured to send), and log them to any of the log facilities supported by samhain. If you compile in support for this, you still need to enable it in the runtime configuration file.

--disable-dnmalloc

This options disables use of the dnmalloc allocator that is the default since samhain 2.4.5, and reverts to using the standard allocator provided by your system.

--disable-ssp

This options disables use of the GCC stack protector.

--enable-suid

With this option, samhain will honour the SUID bit instead of resetting all privileges to the real UID of the process. Required for Nagios if samhain is invoked by the Nagios plugin itself, unless you want to use sudo instead.

--disable-shellexpand

This options disables the expansion of shell commands in the configuration file.

--disable-external-scripts

This options disables the possibility to call an external program to log an event (or perform active response).

--enable-message-queue[=MODE]

This options enables logging to a POSIX message queue, where MODE should be the octal permission for the queue (default is 0700).