NAME¶
sxid.conf - configuration settings for
sxid
DESCRIPTION¶
This is the configuration file used by sxid to define it's parameters for
execution. By default it is
/etc/sxid.conf but can be anything using
the --config command line option for
sxid. Options in this file are in
the form of
OPTION =
"VALUE" . Note that the
VALUE must be contained in double quotes.
OPTIONS¶
- ALWAYS_NOTIFY
- If sxid does not find any changes it will not send
an email unless you specify "yes" here.
- ALWAYS_ROTATE
- Usually sxid will only rotate the log files when
there is a change from the last run. This is usually best, since all logs
will record a change rather than just a run of the program. If you want to
rotate the logs every time sxid is run, regardless of changes,
specify "yes" here.
- EMAIL
- Where to send the email containing the output of changes
every time sxid is run. Example:
EMAIL = "Great Admin <root@host.com>"
- ENFORCE
- Normally sxid only flags items which are suid or
sgid and are in a FORBIDDEN directory. With this option set to
"yes" sxid will remove the s[ug]id bit(s) on any files or
directories it finds in forbidden directories and report any changes in
the email. Note that directories listed in FORBIDDEN are searched
regardless of whether or not they are listed in SEARCH. However,
EXCLUDED options still apply to directories that fall under
them.
- EXCLUDE
- A space seperated list of directories to exclude from the
search. Note that if a SEARCH path falls under an EXCLUDE
path that it will still be searched. This is useful for excluding whole
directories and only specifying one. Example:
SEARCH = "/usr /usr/src/linux"
EXCLUDE = "/usr/src"
- EXTRA_LIST
- File that contains a list of (each on it's own line) of
other files that sxid should monitor. This is useful for files that aren't
+s, but relate to system integrity (tcpd, inetd, apache...). Example:
EXTRA_LIST = "/etc/sxid.list"
- FORBIDDEN
- A space seperated list of directories that are not supposed
to contain any suid or sgid items. Items which are suid or sgid in these
directories are flagged in the email seperately from the other listings
whether there are other changes or not. Example:
FORBIDDEN = "/tmp /home"
- IGNORE_DIRS
- Ignore entries for directories in these paths. This means
that only files will be recorded. You can effectively ignore all directory
entries by setting this to "/".
- KEEP_LOGS
- This is a numerical value for how many log files to keep
when rotating.
- LISTALL
- Forces a list of all entries to be included in th output.
Implies ALWAYS_NOTIFY.
- LOG_FILE
- The full path of where to store the log files. These will
be rotated, each rotated log being suffixed with a digit. The directories
must already exist. This is usually /var/log/sxid.log. Rotated logs would
look like /var/log/sxid.log.n where 'n' is the number in the rotation. The
current log has no suffix.
- AIL_PROG
- Mail program. This changes the default compiled in mailer
for reports. You only need this if you have changed it's location and
don't want to recompile sxid.
- SEARCH
- A space seperated list of directories to search. Sxid will
use these as a starting point for it's searches. Example:
SEARCH = "/usr /bin /lib"
AUTHOR¶
Ben Collins <bcollins@debian.org>
REPORTING BUGS¶
Report bugs to current maintainer Timur Birsh <taem@linukz.org>.
SEE ALSO¶
sxid(1)