/usr/share/doc/samhain/manual.html/ccp-limitations.html is in samhain 4.1.4-2build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>2. Limitations</title><link rel="stylesheet" type="text/css" href="docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="The Samhain Host Integrity Monitoring System"><link rel="up" href="change-control-integration.html" title="Chapter 8. Change Control Process Integration"><link rel="prev" href="change-control-integration.html" title="Chapter 8. Change Control Process Integration"><link rel="next" href="signed-files.html" title="Chapter 9. Additional Features — Signed Configuration/Database Files"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/header.html"--><!--#endif--><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">2. Limitations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="change-control-integration.html">Prev</a> </td><th width="60%" align="center">Chapter 8. Change Control Process Integration</th><td width="20%" align="right"> <a accesskey="n" href="signed-files.html">Next</a></td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ccp-limitations"></a>2. Limitations</h2></div></div></div><p>
The <span class="command"><strong>--verify-database</strong></span> requires that the
policy under which a file is checked is stored in the baseline
database. (Note that this affects only this command.
For the normal file system monitoring,
the checking policy is taken from the configuratiion file,
not from the baseline database.)
For this reason, the format of the baseline database
has changed in samhain 4.0. However, it is possible that
the information about the check policy becomes incorrect:
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Added files</span></dt><dd>
If files are added to the filesystem after baseline
initialisation and reported by the client, the correct
policy should be set. To ensure this, the option
<span class="command"><strong>ReportCheckflags = yes</strong></span> should be set
in the client configuration (for backward compatibility,
this option is off by default.)
</dd><dt><span class="term">Merging a DeltaDB</span></dt><dd>
The DeltaDB is generated with the policy set to
<span class="emphasis"><em>ReadOnly</em></span>, to collect a complete set
of checksum and metadata. However, if the actual policy
should be less restrictive because some of that data
is allowed to change, a later <span class="command"><strong>--verify-database</strong></span>
may result in spurious failures.
</dd><dt><span class="term">Client configuration change</span></dt><dd>
If the configuration file for the client is changed
to alter the checking policy for the monitored files,
it is recommended to re-initialize the baseline.
</dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="change-control-integration.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="change-control-integration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="signed-files.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 8. Change Control Process Integration </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 9. Additional Features — Signed
Configuration/Database Files</td></tr></table></div><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/footer.html"--><!--#endif--></body></html>
|