The Samhain Host Integrity Monitoring System | ||
---|---|---|
Prev | Chapter 5. Configuring samhain, the host integrity monitor | Next |
To compile with support for this option, use the configure option
./configure --enable-mounts-check
samhain can be compiled to check if certain filesystems are mounted, and if they are mounted with the appropriate options. This module currently supports Linux, Solaris, HP-UX (mount options as in /etc/mnttab), and FreeBSD. The configuration of the module is done in the Mounts section of the configuration file:
[Mounts] # # Activate (0 is off). # MountCheckActive=1 # # Interval between checks. # MountCheckInterval=7200 # # Logging severities. We have two checks: to see if a mount is there, and to # see if it is mounted with the correct options. # SeverityMountMissing=warn SeverityOptionMissing=warn # # Mounts to check for, followed by lists of options to check on them. # checkmount=/ checkmount=/var checkmount=/usr checkmount=/tmp noexec,nosuid,nodev checkmount=/home noexec,nosuid,nodev
This module by the eircom.net Computer Incident Response Team.