Text file src/edge-infra.dev/config/pallets/sds/fim/base/config.yaml

Documentation: edge-infra.dev/config/pallets/sds/fim/base

     1apiVersion: v1
     2kind: ConfigMap
     3metadata:
     4  name: samhain-config
     5  namespace: fim
     6  labels:
     7    app.kubernetes.io/instance: samhain-config-map
     8    app.kubernetes.io/managed-by: kustomize
     9    app.kubernetes.io/name: samhain-config
    10data:
    11  samhainrc: |
    12    ##
    13    ## ----- General Settings -----
    14    ##
    15
    16    [Misc]
    17    UseHardlinkCheck = no
    18    SyslogFacility = LOG_LOCAL2
    19
    20    # Make samhain require setting the action at the command line.
    21    # e.g. samhain -t check
    22    # Effectively stops scan at host reboot
    23    ChecksumTest = none
    24
    25    # Has caused issues in the past if not added, as syslog is
    26    # set as group owner for the /var/log directory
    27    TrustedUser = syslog
    28
    29    # Redefine policy to ignore unneccesary attributes
    30    RedefIgnoreNone = -INO,-MTM,-ATM,-HLN
    31    RedefUser0 = -INO,-MTM,-ATM,-CTM,-HLN,-MOD,-USR,-GRP
    32    # Ignore modified directory inodes size and timestamps
    33    # Reduces large amounts of false positives after mounting squashfs
    34    LooseDirCheck = true
    35
    36    # Drop checksummed files from cache
    37    # SetDropCache = true
    38
    39    # Low priority
    40    SetNiceLevel = 19
    41
    42    # Crontab schedule
    43    FileCheckScheduleOne=0 19 * * *
    44
    45    # Report only once on modified files
    46    # Setting this to 'false' reports modifications each time scan runs in Daemon Mode
    47    # ReportOnlyOnce = false
    48
    49    # Report full detail
    50    # ReportFullDetail = False
    51
    52    [Inotify]
    53    InotifyActive = yes
    54
    55    [EventSeverity]
    56    SeverityIgnoreNone = crit
    57    # Lower level for unknown usr/grp ids.
    58    # This will cause many false positives if left on the default setting,
    59    # and does not give us much benefit to keep.
    60    SeverityNames=info
    61
    62    [Log]
    63    LogSeverity = mark
    64
    65
    66    ##
    67    ## ----- Directories To Monitor -----
    68    ##
    69
    70    ## ----- /ien_fs/usr/bin/ -----
    71    [IgnoreNone]
    72    dir = 99/ien_fs/usr/bin/
    73
    74    ## ----- /ien_fs/usr/lib/ -----
    75    [IgnoreNone]
    76    dir = 99/ien_fs/usr/lib/
    77
    78    [IgnoreAll]
    79    dir = -1/ien_fs/usr/lib/firmware/
    80
    81    ## ----- /ien_fs/usr/sbin/ -----
    82    [IgnoreNone]
    83    dir = 99/ien_fs/usr/sbin/
    84
    85    ## ----- /build/image -----
    86    [User0]
    87    file = /ien_fs/boot/live/vmlinuz
    88    file = /ien_fs/boot/live/initrd
    89
    90    [EOF]

View as plain text