This file is indexed.

/usr/share/doc/samhain/manual.html/keypad.html is in samhain 2.8.3a-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Integrity of the samhain executable</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Samhain Host Integrity Monitoring System"
HREF="index.html"><LINK
REL="UP"
TITLE="Security Design"
HREF="security-design.html"><LINK
REL="PREVIOUS"
TITLE="Security Design"
HREF="security-design.html"><LINK
REL="NEXT"
TITLE="Client executable integrity"
HREF="client-integrity.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="./docbook.css"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Samhain Host Integrity Monitoring System</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="security-design.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 11. Security Design</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="client-integrity.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="KEYPAD"
>11.2. Integrity of the samhain executable</A
></H1
><P
>  Each samhain executable contains a compiled-in key, that is used
  when the signatures of emails and/or logfile entries are verified.
  By default, a  cryptographically strong random key 
  is generated by the <B
CLASS="COMMAND"
>configure</B
> script at compile time.
  Thus, each build is unique, and signature verification will fail
  if a different build is used, except if the compiled-in key was set
  to a common value for both builds.
  </P
><P
>  To set a 
  user-defined key, there is an option
  </P
><P
>  <B
CLASS="COMMAND"
>./configure --enable-base=<TT
CLASS="REPLACEABLE"
><I
>B1,B2</I
></TT
></B
>
  </P
><P
>  where B1,B2 should be two integers in the range 0...2147483647.
  </P
><P
>  The key generated by <B
CLASS="COMMAND"
>configure</B
> is printed in 
  the configure script's output. It is recommended that you save this key
  and use it for further builds.
  </P
><P
>  Whenever you try to verify the integrity of e-mails or log file entries,
  this compiled-in key is used (to be more specific: the signature key
  is encrypted with a one-time pad generated from the message itself and
  the compiled-in key). As a result, if executable B is used to
  verify the integrity of e-mails sent by executable A, <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>integrity 
  verification
  will fail</I
></SPAN
> if the compiled-in keys of A and B do not match. 
  This can be used to
  check the integrity of A in a straightforward way (check e-mails on another
  host, using a different executable compiled with  the same key).
  </P
><P
>  Obviously, this scheme can be broken, but it requires an intruder to 
  disassemble/decompile and analyze the existing 
  <SPAN
CLASS="APPLICATION"
>samhain</SPAN
> executable, rather 
  than simply replace it with a precompiled trojan.
  </P
><P
>  However, if you use a <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>precompiled</I
></SPAN
> 
  <SPAN
CLASS="APPLICATION"
>samhain</SPAN
> executable (e.g. from a
  binary distribution), in principle a prospective intruder could easily 
  obtain a copy of the executable and analyze it in advance. This will
  enable her/him to generate fake audit trails and/or generate
  a trojan for this particular binary distribution.
  </P
><P
>  For this reason, it is possible for the user to add more key material into 
  the binary executable. This is done with the command:
  </P
><P
>  <B
CLASS="COMMAND"
>samhain --add-key=<TT
CLASS="REPLACEABLE"
><I
>key@/path/to/samhain_executable</I
></TT
></B
>
  </P
><P
>  This will read the file <TT
CLASS="FILENAME"
>/path/to/samhain_executable</TT
>, 
  add the key <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>key</I
></SPAN
>,
  which can be a string of arbitrary length, except that it should not 
  contain a '@' (because it has a special meaning, separating
  key from path), and write the new binary to the location 
  <TT
CLASS="FILENAME"
>/path/to/executable.out</TT
> (i.e.
  with .out appended). 
  </P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="./stylesheet-images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TH
ALIGN="LEFT"
VALIGN="MIDDLE"
><B
>For Clarification</B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Please note that --add-key does not replace a compiled-in key but only
adds to it. Integrity verification depends on both the compiled-in and
any added key material, and integrity verification using different binaries
will therefore only work if all were compiled with the same key and 
had the same extra key material (if any) added in.
  </P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="./stylesheet-images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TH
ALIGN="LEFT"
VALIGN="MIDDLE"
><B
>WARNING</B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>  Using a precompiled samhain executable from a binary
  package distribution is not recommended unless you add in key material as
  described above.
  </P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="security-design.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="client-integrity.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Security Design</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="security-design.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Client executable integrity</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>