Chris Gondolin Samhain
- By Chris Stratford
- Security
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 8 | 18 Mar 2021 | |
latest/edge | 8 | 18 Mar 2021 |
juju deploy chris-gondolin-samhain
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
-
application_name | string
Default: samhain
Operating name of the charm
-
attributes_dirs | string
Directories for which we care about only permission and ownership changes
-
attributes_files | string
Default: /etc/mtab /etc/resolv.conf /etc/localtime /etc/adjtime /etc/network/run/ifstate /etc/ld.so.cache
Files for which we care about only permission and ownership changes
-
enable_apt_check | string
Default: no
Once enabled, this will prevent apt from installing new packages if samhain thinks the system is unclean. It starts disabled to avoid problems during initial Juju installs. Note: Enabling this option is a one-way process
-
event_severity | string
Default: SeverityReadOnly=crit SeverityLogFiles=crit SeverityGrowingLogs=warn SeverityIgnoreNone=crit SeverityAttributes=crit
Set policy violation severity levels
-
growing_logfiles | string
Default: /var/log/wtmp /var/log/faillog /var/log/auth.log /var/log/daemon.log /var/log/kern.log /var/log/syslog
Files for which we ignore changes in signature, timestamps and increases in size
-
ignore_added | string
Default: /etc/samba/dhcp\.conf(\.new)?$
Suppress messages about the creation of files matching these regexes
-
ignore_all_dirs | string
Dirs that can change freely
-
ignore_all_files | string
Default: /etc/nologin /etc/network/run
Files that can change freely
-
ignore_missing | string
Default: /etc/samba/dhcp\.conf(\.new)?$
Suppress messages about the absense of files matching these regexes
-
ignore_modified | string
Suppress messages about the absense of files matching these regexes
-
ignore_none_dirs | string
Any change to these directories (even just being accessed) is reported
-
ignore_none_files | string
Any change to these files (even just being accessed) is reported
-
logfiles | string
Default: /var/run/utmp
Files for which changes in signature, timestamps, and size are ignored
-
logging | string
Default: MailSeverity=crit PrintSeverity=none LogSeverity=info SyslogSeverity=alert
Set threshold severity for log facilities
-
mail_recipient | string
Default: root@localhost
Who receives any email
-
nagios_check_frequency | int
Default: 30
How often to perform a policy check (in minutes)
-
nagios_context | string
Default: juju
Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
-
nagios_crit_level | int
Default: 5
Critical alarm if the number of policy violations exceed this value
-
nagios_servicegroups | string
A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
-
nagios_warn_level | int
Warn if the number of policy violations exceed this value
-
prelink_dirs | string
Directories holding prelinked files
-
prelink_files | string
A list of prelinked files
-
read_only_dirs | string
Default: /usr/bin /bin /boot 3/sbin /usr/sbin /lib 3/etc
Directories for which only access time is ignored
-
read_only_files | string
Default: /usr/lib/pt_chown
Files for which only access time is ignored
-
script_dir | string
Default: /usr/local/sbin
Directory where we will store any related scripts