ospatrol.conf: Rootcheck options¶
Overview¶
Supported types¶
rootcheck options are available in the the following installation types:
- server
- local
- agent
Location¶
All rootcheck options must be configured in the /var/ospatrol/etc/ospatrol.conf or /var/ospatrol/etc/shared/agents.conf and used within the <ospatrol_config> tag.
XML excerpt to show location if part of ospatrol.conf:
<ospatrol_config>
<rootcheck>
<!--
rootcheck options here
-->
</rootcheck>
</ospatrol_config>
XML excerpt to the Location if part of agent.conf
<agent_config>
<rootcheck>
<!--
rootcheck options here
-->
</rootcheck>
</agent_config>
Options¶
- base_directory¶
The base directory that will be appended to the following options:
- rootkit_files
- rootkit_trojans
- windows_malware
- windows_audit
- windows_apps
- systems_audit
Allowed: Path to a directory Default: /var/ospatrol
- rootkit_files¶
This option can be used to change the location of the rootkit files database.
Allowed: A file with the rootkit files signatures
Default: /etc/shared/rootkit_files.txt
- rootkit_trojans¶
This option can be used to change the location of the rootkit trojans database.
Default: /etc/shared/rootkit_trojans.txt
Allowed: A file with the trojans signatures
- windows_audit¶
- system_audit¶
- windows_apps¶
- windows_malware¶
- scanall¶
Tells rootcheck to scan the whole system (may lead to some false positives).
Default: no
Allowed: yes/no
- frequency¶
Frequency that the rootcheck is going to be executed (in seconds).
Defaults: 36000 (10 hours)
Allowed: Time (in seconds)
- disabled¶
Disables the execution of rootcheck.
Default: no
Allowed: yes/no
- check_dev¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_files¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_if¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_pids¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_policy¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_ports¶
Enable or disable the checking of network ports.
Default: yes
Allowed: yes or no
- check_sys¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_trojans¶
Enable or disable the checking of trojans.
Default: yes
Allowed: yes or no
- check_unixaudit¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_winapps¶
Enable or disable the checking of something
Default: yes
Allowed: yes or no
- check_winaudit¶
Enable or disable the checking of something
Default: 1
Allowed: 1 or 0
- check_winmalware¶
Enable or disable the checking of Windows malware.
Default: yes
Allowed: yes or no