1 files changed, 46 insertions, 0 deletions

diff --git a/system/samhain/README.SLACKWARE b/system/samhain/README.SLACKWARE
new file mode 100644
index 0000000000..e64cc6c957
--- /dev/null
+++ b/system/samhain/README.SLACKWARE
@@ -0,0 +1,46 @@
+README.SLACKWARE for samhain
+
+Edit the /etc/samhainrc file for your needs.  I suggest at least
+these changes, but there may be others for your particular system:
+Comment out these lines:
+  #file = /var/lib/rpm/__db.00?
+  #file = /var/log/*.[0-9].gz
+  #file = /var/log/*/*.[0-9][0-9].gz
+
+I don't like Daemon mode so I switched it off, as I run in cron.daily:
+  # Daemon = yes
+  Daemon = no
+
+I like to see the problems again and again in case I miss a report for some
+reason:
+  ReportOnlyOnce = False
+
+Set a *real* email address here and uncomment so you get problems mailed to 
+you when you run Samhain.  It is best to use another server that handles 
+email to make sure it doesn't get tampered with if there really is an
+intrusion:
+  SetMailAddress=root@localhost
+
+I have sendmail set up (don't you?) on my system, so I use localhost for 
+the relay:
+  SetMailRelay = localhost
+
+And it's a good idea to put a nice subject header in your emailed reports:
+  MailSubject = Samhain Report - myhostname
+
+Initialize the database as root.  Note that this takes a while and always runs
+in daemon mode regardless of your configuration!
+  samhain -t init
+
+If you want to run nightly checks, drop a script in cron.daily with something
+like this in it:
+  #!/bin/sh
+  /usr/sbin/samhain -t check
+
+You're done.  It is a little work, but now you have daily integrity checks 
+emailed to you about what's going on in your system, especially for 
+things you did not do!
+
+And as Pat would say... Have Fun!
+--Richard Scott Smith
+