12. Checking mounted filesystem policies

12. Checking mounted filesystem policies
Prev	Chapter 5. Configuring samhain, the host integrity monitor	Next

12. Checking mounted filesystem policies

To compile with support for this option, use the configure option

./configure --enable-mounts-check

samhain can be compiled to check if certain filesystems are mounted, and if they are mounted with the appropriate options. This module currently supports Linux, Solaris, HP-UX (mount options as in /etc/mnttab), and FreeBSD. The configuration of the module is done in the Mounts section of the configuration file:

	[Mounts]
	#
	# Activate (default is no).
	#
	MountCheckActive = yes
	#
	# Interval between checks (default = one day).
	#
	MountCheckInterval=7200
	#
	# Logging severities. We have two checks: 
	# 1) to see if a mount is there (default = err), and 
	# 2) to see if it is mounted with the correct options (default = err).
	#
	SeverityMountMissing=warn
	SeverityOptionMissing=warn
	#
	# Mounts to check for, (optionally) followed by lists of 
	# mount options to check on them.
	#
	checkmount=/
	checkmount=/var
	checkmount=/usr
	checkmount=/tmp noexec,nosuid,nodev 
	checkmount=/home noexec,nosuid,nodev

This module by the eircom.net Computer Incident Response Team.

Prev	Up	Next
11. Monitoring login/logout events	Home	13. Checking sensitive files owned by users