This file is indexed.

/usr/share/doc/ninja/examples/default.conf is in ninja 0.1.3-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# This sample ninja(8) configuration file shows and explains all the available
# options, with all the values set to default.
#
# Use this file as a guide when creating your own configuration.
# DO NOT USE THIS CONFIGURATION AS IT IS!
#
# Configuration syntax:
#
#   <option> = <value>
#
# Both option and value are one word each.  No strings, no whitespace, etc.
# Boolean options (marked BOOL) takes the values "yes" or "true" and
# "no" or "false".
#
# The assignment symbol ('=') is ignored by the parser and can be ommited.


# Name: group
# Type: INTEGER
#
#   Sets the GID (Group ID) of the group of users that are allowed to run
#   any root setuid/setgid binary.  Users in this group does not need to be
#   whitelisted. 
group = 0


# Name: daemon
# Type: BOOL
#
#   If set to "yes", ninja will run in the background as a daemon.
daemon = no


# Name: interval
# Type: INTEGER
#
#   The process scanning interval, in seconds.  This is the amount of time
#   ninja will sleep, before going through all the active processes on the
#   system.  Lower intervals are safer, meaning that unauthorized processes
#   will be detected faster.  Unless your system is very slow, you should set
#   this to zero.
interval = 1


# Name: logfile
# Type: STRING
#
#   Path to log file.  If specified, all messages are logged to this file.
#   You really want to specify a log file if you are running ninja as a daemon.
logfile = (null)


# Name: whitelist
# Type: STRING
#
#   Path to the whitelist file.
whitelist = (null)


# Name: external_command
# Type: STRING
#
#   Path to the external command.  If you specify an external command, this
#   command will be run every time an unauthorized process is detected.  This
#   could be a script that alerts the admin of the system via e-mail,
#   disables the login account of the offending user, among other things.
#   The command will be run as <command> <user> where 'user' is the username
#   of the offending user.
external_command = (null) 


# Name: no_kill
# Type: BOOL
#
#   If this option is enabled, unauthorized processes will not be killed when
#   detected.  This can be very useful when testing the system, or when
#   creating whitelists.
no_kill = no


# Name: no_kill_ppid
# Type: BOOL
#
#   Same as the "no_kill" option, except this one affects the ppid, parent of
#   the unauthorized process.
no_kill_ppid = no


# Name: ignore_root_procs
# Type: BOOL
#
#   When this option is enabled, all processes spawned by root, meaning
#   processes with a parent process owned by root, will be ignored.  This
#   is generally a good idea, and will save us some cpu cycles.
ignore_root_procs = yes


# Name: log_whitelist
# Type: BOOL
#
#   If enabled, ninja will log everytime it detects a whitelisted process
#   running.  Both process name and the user running it will be logged.
log_whitelist = no


# Name: require_init_wlist
# Type: BOOL
#
#   This option is very important for the security of your system.  When
#   this option is set to "yes", all processes running as root, and
#   controlled by init(1) will have to be whitelisted.  If this option is not
#   enabled, attackers can circumvent ninja by forking a new process after
#   gaining root, and create a new session (e.g using setsid()).  This will
#   cause ninja to believe that root spawned this process, as init(1) will now
#   be the parent, and init(1) is owned by root.  Therefore, to gain a higher
#   level of security, you should enable this option, and explicitly whitelist
#   every process that will run in its own session, meaning that it will be
#   controlled by init(1).
require_init_wlist = no


# Name: proc_scan_offset
# Type: INTEGER
#
#   This option specifies the offset of which pids to scan.  If set to 0, all
#   processes on the system will be scanned.  This might not be necessary, as
#   processes with a pid lower than 300 is generally kernel processes, and we
#   really don't need to keep an eye on those.  So, if you want to save a few
#   cpu cycles, set this to 300 or so.
proc_scan_offset = 0