meta-security/recipes-ids/samhain/files/0002-Make-samhainrc-OE-friendly.patch

From 5797a57fd839d4b42c38fec49a6f937ca2e359af Mon Sep 17 00:00:00 2001
From: Aws Ismail <aws.ismail@windriver.com>
Date: Fri, 22 Jun 2012 16:38:20 -0400
Subject: [PATCH] Make samhainrc OE-friendly.

Patch the samhainrc that will be installed
as part of the 'make install' step to more
accurately reflect what will be found, and
what will be of concern, on a OE install.

Upstream-Status: Inappropriate [configuration]

Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
---
 samhainrc.linux | 63 +++++++++----------------------------------------
 1 file changed, 11 insertions(+), 52 deletions(-)

diff --git a/samhainrc.linux b/samhainrc.linux
index 02906bb..5b6ec6a 100644
--- a/samhainrc.linux
+++ b/samhainrc.linux
@@ -74,7 +74,6 @@ dir = 0/
 [Attributes]
 file = /tmp
 file = /dev
-file = /media
 file = /proc
 file = /sys
 
@@ -93,19 +92,10 @@ dir = 99/etc
 ## check permission and ownership
 ##
 file = /etc/mtab
+file = /etc/fstab
 file = /etc/adjtime
 file = /etc/motd
-file = /etc/lvm/.cache
-
-# On Ubuntu, these are in /var/lib rather than /etc
-file = /etc/cups/certs
-file = /etc/cups/certs/0
-
-# managed by fstab-sync on Fedora Core
-file = /etc/fstab
-
-# modified when booting 
-file = /etc/sysconfig/hwconf
+file = /etc/lvm/lvm.conf
 
 # There are files in /etc that might change, thus changing the directory
 # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'.
@@ -147,10 +137,6 @@ dir = 99/dev
 ##
 dir = -1/dev/pts
 
-# dir = -1/dev/.udevdb
-
-file = /dev/ppp
-
 #
 # --------- /usr -----------
 #
@@ -167,50 +153,21 @@ dir = 99/var
 
 [IgnoreAll]
 dir = -1/var/cache
-dir = -1/var/backups
-dir = -1/var/games
-dir = -1/var/gdm
 dir = -1/var/lock
 dir = -1/var/mail
 dir = -1/var/run
 dir = -1/var/spool
 dir = -1/var/tmp
-dir = -1/var/lib/texmf
-dir = -1/var/lib/scrollkeeper
 
 
 [Attributes]
 
-dir = /var/lib/nfs
-dir = /var/lib/pcmcia
-
 # /var/lib/rpm changes if packets are installed;
 # /var/lib/rpm/__db.00[123] even more frequently
 file = /var/lib/rpm/__db.00?
 
-file = /var/lib/acpi-support/vbestate
-file = /var/lib/alsa/asound.state
-file = /var/lib/apt/lists/lock
-file = /var/lib/apt/lists/partial
-file = /var/lib/cups/certs
-file = /var/lib/cups/certs/0
-file = /var/lib/dpkg/lock
-file = /var/lib/gdm
-file = /var/lib/gdm/.cookie
-file = /var/lib/gdm/.gdmfifo
-file = /var/lib/gdm/:0.Xauth
-file = /var/lib/gdm/:0.Xservers
-file = /var/lib/logrotate/status
-file = /var/lib/mysql
-file = /var/lib/mysql/ib_logfile0
-file = /var/lib/mysql/ibdata1
-file = /var/lib/slocate
-file = /var/lib/slocate/slocate.db
-file = /var/lib/slocate/slocate.db.tmp
-file = /var/lib/urandom
-file = /var/lib/urandom/random-seed
+file = /var/lib/logrotate.status
 file = /var/lib/random-seed
-file = /var/lib/xkb
 
 
 [GrowingLogFiles]
@@ -325,7 +282,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp
 
 ## Console
 ##
-# PrintSeverity=info
+PrintSeverity=warn
 
 ## Logfile
 ##
@@ -333,7 +290,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp
 
 ## Syslog
 ##
-# SyslogSeverity=none
+SyslogSeverity=info
 
 ## Remote server (yule)
 ##
@@ -539,7 +496,8 @@ ChecksumTest=check
 ## and I/O limit (kilobytes per second; 0 == off)
 ## to reduce load on host.
 #
-# SetNiceLevel = 0
+# By default we configure samhain to be nice with everything else on the system
+SetNiceLevel = 10
 # SetIOLimit = 0
 
 ## The version string to embed in file signature databases
@@ -548,13 +506,14 @@ ChecksumTest=check
 
 ## Interval between time stamp messages
 #
-# SetLoopTime = 60
-SetLoopTime = 600
+# Log a timestamp every hour
+SetLoopTime = 3600
 
 ## Interval between file checks 
 #
 # SetFileCheckTime = 600
-SetFileCheckTime = 7200
+# One file system check per day
+SetFileCheckTime = 86400
 
 ## Alternative: crontab-like schedule
 #
-- 
2.34.1