NAME¶

sxid.conf — configuration settings for sXid

DESCRIPTION¶

This is the configuration file used by sXid to define it's parameters for execution. By default it is /etc/sxid.conf but can be anything using the --config command line option for sXid.

Options in this file are in the form of

OPTION = "VALUE"

Note that the VALUE must be contained in double quotes.

OPTIONS¶

ALWAYS_NOTIFY

If sXid does not find any changes it will not send an email unless you specify "yes" here.

ALWAYS_ROTATE

Usually sXid will only rotate the log files when there is a change from the last run. This is usually best, since all logs will record a change rather than just a run of the program. If you want to rotate the logs every time sXid is run, regardless of changes, specify "yes" here.

EMAIL

Where to send the email containing the output of changes every time sXid is run. Example:

EMAIL = "System Administrator <sysadmin@example.com>"

ENFORCE

Normally sXid only flags items which are suid or sgid and are in a FORBIDDEN directory. With this option set to "yes" sXid will remove the s[ug]id bit(s) on any files or directories it finds in forbidden directories and report any changes in the email. Note that directories listed in FORBIDDEN are searched regardless of whether or not they are listed in SEARCH. However, EXCLUDE option still apply to directories that fall under them.

EXCLUDE

A space separated list of directories to exclude from the search. Note that if a SEARCH path falls under an EXCLUDE path that it will still be searched. This is useful for excluding whole directories and only specifying one. Example:

SEARCH  = "/usr /usr/src/linux"
EXCLUDE = "/usr/src"

EXTRA_LIST

File that contains a list of (each on it's own line) of other files that sXid should monitor. This is useful for files that aren't +s, but relate to system integrity (tcpd, inetd, apache...). Example:

EXTRA_LIST = "/etc/sxid.list"

FORBIDDEN

A space separated list of directories that are not supposed to contain any suid or sgid items. Items which are suid or sgid in these directories are flagged in the email separately from the other listings whether there are other changes or not. Example:

FORBIDDEN = "/tmp /home"

IGNORE_DIRS

Ignore entries for directories in these paths. This means that only files will be recorded. You can effectively ignore all directory entries by setting this to "/".

KEEP_LOGS

This is a numerical value for how many log files to keep when rotating.

LISTALL

Forces a list of all entries to be included in th output. Implies ALWAYS_NOTIFY.

LOG_FILE

The full path of where to store the log files. These will be rotated, each rotated log being suffixed with a digit. The directories must already exist. This is usually /var/log/sxid.log. Rotated logs would look like /var/log/sxid.log.n where “n” is the number in the rotation. The current log has no suffix.

MAIL_PROG

Mail program. This changes the default compiled in mailer for reports. You only need this if you have changed it's location and don't want to recompile sXid.

SEARCH

A space separated list of directories to search. sXid will use these as a starting point for it's searches. Example:

SEARCH = "/usr /bin /lib"

AUTHOR¶

Ben Collins ⟨bcollins@debian.org⟩

REPORTING BUGS¶

Timur Birsh ⟨taem@linukz.org⟩

SEE ALSO¶

sxid(1)