[an error occurred while processing this directive]

4. Configuring the source

Before you can start to compile, it is neccessary to configure the source for your particular platform and your personal requirements. This is done by running the ./configure command in the source directory. If you type ./configure with no options, the source will get configured with the default options. In particular, a standalone version of samhain will get built which uses the Filesystem Hierarchy Standard (FHS) for file/directory layout. This is not the standard GNU layout of 'everything under /usr/local'.

[Tip]Paths

(A) samhain is a Filesystem Hierarchy Standard (FHS) compliant application. Thus the default directory layout is not the standard GNU layout (see Section 10 ).

(B) samhain has a concept of trusted users, and will refuse to run if the path to critical files is writeable by users not in its list of trusted users (default: root, and the user who has started samhain ). Please read Section 10.1 for details.

To change the defaults, ./configure accepts a variety of command-line options and environment variables (use ./configure --help for a complete list). The available command line options are listed and explained in Appendix A .

To configure a standalone version of samhain :

        sh$ ./configure [more options]
      

[Note]Important remark on client/server use

Please read Chapter 6 if you intend to use samhain as a client/server system. Things will not work automagically just because you compiled a client and a server version of samhain. In particular, clients need to authenticate themselves to the server, and special configure options are required if you want to keep the configuration file(s) and the baseline database(s) on the central server.

To configure a client version of samhain that can connect to a central server:

        sh$ ./configure --enable-network=client [more options]
      

To configure a server version of samhain that will act as a central log server:

        sh$ ./configure --enable-network=server [more options]
      

4.1. Some more configuration options

If you want to use any options/modules that are not enabled by default (e.g. because the majority of users do not require them, or because they require additional programs and/or libraries), at this point you need to specify such options:

  • To compile in the module to check for SUID files (see Section 9 ) use ./configure --enable-suidcheck

  • To compile in the module to monitor login/logout events (see Section 11 ) use ./configure --enable-login-watch

  • To compile in the module to check mount options for mounted filesystems (see Section 12 ) use ./configure --enable-mounts-check

  • To compile in the module to specify files relative to user home directories (see Section 13 ) use ./configure --enable-userfiles

  • To compile in code for logging to an RDMS, (see Section 12 ) use ./configure --enable-xml-log --with-database= oracle/mysql/postgresql

  • To compile in code for logging to the Prelude IDS, (see Section 9 ) use ./configure --with-prelude

  • To use PGP-signed configuration files, (see Chapter 9 ) use ./configure --with-gpg= /path/to/gpg . Please review Chapter 9 for further information and additional options to compile in the key fingerprint and/or the checksum of the gpg executable.

  • To use OpenBSD signify-signed configuration files, (see Chapter 9 ) use ./configure --with-signify= /path/to/signify . Please review Chapter 9 for further information and additional options to compile in the key checksum and/or the checksum of the signify executable.

  • To compile samhain for use of the 'stealth' options to hide its presence, please review Chapter 10 for the available options.

  • To configure a server version of samhain that will act as a central log server, use ./configure --enable-network=server

  • To configure a client version of samhain that can connect to a central server, use ./configure --enable-network=client . Please refer to the chapter Chapter 6 for an explanation of the client/server setup, in particular further options that you need if you want to store configuration files and baseline databases on the server(see Section 5 ).

[an error occurred while processing this directive]