The Samhain Host Integrity Monitoring System | ||
---|---|---|
Prev | Chapter 5. Configuring samhain, the host integrity monitor | Next |
To exclude individual files from a directory, place them under the policy IgnoreAll. Note that the existence of such files will still be checked (see next section).
To exclude subdirectories from a directory, place them under the policy IgnoreAll with an individual recursion depth of -1 (see Section 5.4.5>).
![]() | Note |
---|---|
Changes in a directory may also modify the directory inode itself (i.e. the special file that holds the directory information). If you want to check all but a few files in a directory (say, /etc), and you expect some of the excluded files to get modified, you should use a setup like: [ReadOnly] # dir=/etc # [Attributes] # # less restrictive policy for the directory file itself # file=/etc # [IgnoreAll] # # exclude these file and directories # file=/etc/resolv.conf.save dir=-1/etc/calendar # |