configuration settings for sXid
This is the configuration file used by sXid
define it's parameters for execution. By default it is
but can be anything using the
command line option for
Options in this file are in the form of
Note that the VALUE
must be contained in double
- If sXid does not find any
changes it will not send an email unless you specify “yes”
- Usually sXid will only rotate
the log files when there is a change from the last run. This is usually
best, since all logs will record a change rather than just a run of the
program. If you want to rotate the logs every time
sXid is run, regardless of changes, specify
- Where to send the email containing the output of changes
every time sXid is run. Example:
EMAIL = "System Administrator <email@example.com>"
- Normally sXid only flags items
which are suid or sgid and are in a
FORBIDDEN directory. With this option set
to “yes” sXid will remove the
s[ug]id bit(s) on any files or directories it finds in forbidden
directories and report any changes in the email. Note that directories
listed in FORBIDDEN are searched
regardless of whether or not they are listed in
EXCLUDE option still apply to directories
that fall under them.
- A space separated list of directories to exclude from the
search. Note that if a SEARCH path falls
under an EXCLUDE path that it will still
be searched. This is useful for excluding whole directories and only
specifying one. Example:
SEARCH = "/usr /usr/src/linux"
EXCLUDE = "/usr/src"
- File that contains a list of (each on it's own line) of
other files that sXid should monitor. This is
useful for files that aren't +s, but relate to system integrity (tcpd,
inetd, apache...). Example:
EXTRA_LIST = "/etc/sxid.list"
- A space separated list of directories that are not supposed
to contain any suid or sgid items. Items which are suid or sgid in these
directories are flagged in the email separately from the other listings
whether there are other changes or not. Example:
- Ignore entries for directories in these paths. This means
that only files will be recorded. You can effectively ignore all directory
entries by setting this to “/”.
- This is a numerical value for how many log files to keep
- Forces a list of all entries to be included in th output.
- The full path of where to store the log files. These will
be rotated, each rotated log being suffixed with a digit. The directories
must already exist. This is usually
/var/log/sxid.log. Rotated logs would look
like /var/log/sxid.log.n where
“n” is the number in the rotation. The current log has no
- Mail program. This changes the default compiled in mailer
for reports. You only need this if you have changed it's location and
don't want to recompile sXid.
- A space separated list of directories to search.
sXid will use these as a starting point for
it's searches. Example:
SEARCH = "/usr /bin /lib"