Table of Contents
The entropy gatherer to use. 'egd' is the Entropy Gathering Daemon (EGD), 'dev' is /dev/random, 'unix' is the built-in Unix entropy gatherer (similar to EGD), and 'default' will check for /dev/random first, and use 'unix' as fallback.
The path to the EGD socket. Default is
localstatedir/lib/samhain/entropy
(see
Section 6 ).
The username to use when dropping root privileges (default nobody).
The username of the sender for e-mail, or a complete e-mail address. If only a username is given, SENDER@{FQDN_of_local_host} will be used for the sender. Default is daemon.
The recepient(s) for e-mail, separated by whitespace (max. 8). You can add recepients in the configuration file as well.
Trusted users (must be a comma-separated list of numerical UIDs). Only required if the configuration file must be on a path writeable by others than root and the effective user.
Set host address for time server (default is to use own clock). You can set this in the configuration file as well. An address in the configuration file will take precedence. Note that the simple 'time' service (port 37/tcp) is used.
Set host address for an alternative (backup) time server.
Enable stealth mode, and set XOR_VAL. XOR_VAL must be decimal, in the range 127 -- 255, and will be used to obfuscate literal strings.
As --enable-stealth , but without steganographic hidden configuration file.
Command line parsing is disabled, but command-line arguments will be read from STDIN if the first command line argument is PW. PW="" (empty string) will disable command line parsing completely. This option may be used as addition to --enable(-micro)-stealth to prevent interactive enforcement of telltale output.
Upon installation, rename every file from
samhain
(or
yule
for the
server) to
NAME
. To be used
in conjunction with --with-(micro-)stealth.
Set compiled-in key for email and logfile signature verification. ONE string (no space) made of TWO comma-separated integers in the range 0 -- 2147483647. See Section 2 for details on this option.
[CLIENT ONLY] Enable reload of file database on SIGHUP (otherwise, only the config file will be read again).
Enable XML format for the log file.
Support logging to a relational database (MySQL, PostgreSQL, Oracle or unixODBC). Oracle and unixODBC are not fully tested. Requires the relevant development packages (e.g. libmysqlclient-dev on Ubuntu for MySQL).
Support logging to the Prelude IDS system. Requires the libprelude library.
Prefix where libprelude is installed. This will
be used to search
libprelude-config in
the
PFX/bin/
directory.
Disable IPv6 support.
Enable debugging. Will slow down things, increase resource usage, and may leak information that should be kept secure. Will dump 'core' and 'samhain_backtrace' in the root directory on segfault. Do not use in production code.
If used as --enable-debug=gdb, will only compile in debugging symbols for the GNU gdb compiler. This is more suitable for debugging the code itself.
Periodically check whether a debugger is attached, and abort if yes. Only takes effect if --enable-debug is not used. Only tested on Linux.
Additional flags to pass to the compiler.
Additional libraries to link with.
Disable support for large files (> 2GB). Large file support is enabled automatically if your system supports it.
Compile with support for checking posix ACLs of files. This is compiled in by default if the required libraries and header files are present, but using this option will turn the 'soft fail' into a 'hard fail' if it can't be compiled in.
Compile with support for checking SELINUX attributes of files. This is compiled in by default if the required libraries and header files are present, but using this option will turn the 'soft fail' into a 'hard fail' if it can't be compiled in.
This options enables code to listen on port 514/upd, i.e. the syslog port. Thus the server can receive syslog reports from remote hosts (if they are configured to send), and log them to any of the log facilities supported by samhain. If you compile in support for this, you still need to enable it in the runtime configuration file.
This options disables use of the dnmalloc allocator that is the default since samhain 2.4.5, and reverts to using the standard allocator provided by your system.
This options disables use of the GCC stack protector.
With this option, samhain will honour the SUID bit instead of resetting all privileges to the real UID of the process. Required for Nagios if samhain is invoked by the Nagios plugin itself, unless you want to use sudo instead.
This options disables the expansion of shell commands in the configuration file.
This options disables the possibility to call an external program to log an event (or perform active response).
This options enables logging to a POSIX message queue, where MODE should be the octal permission for the queue (default is 0700).