Provided by: sxid_4.20130802-7_amd64 bug

NAME

     sxid.conf ā€” configuration settings for sXid

DESCRIPTION

     This is the configuration file used by sXid to define it's parameters for execution. By
     default it is /etc/sxid.conf but can be anything using the --config command line option for
     sXid.

     Options in this file are in the form of

     OPTION = "VALUE"

     Note that the VALUE must be contained in double quotes.

OPTIONS

     ALWAYS_NOTIFY
             If sXid does not find any changes it will not send an email unless you specify "yes"
             here.

     ALWAYS_ROTATE
             Usually sXid will only rotate the log files when there is a change from the last
             run. This is usually best, since all logs will record a change rather than just a
             run of the program. If you want to rotate the logs every time sXid is run,
             regardless of changes, specify "yes" here.

     EMAIL   Where to send the email containing the output of changes every time sXid is run.
             Example:

             EMAIL = "System Administrator <sysadmin@example.com>"

     ENFORCE
             Normally sXid only flags items which are suid or sgid and are in a FORBIDDEN
             directory. With this option set to "yes" sXid will remove the s[ug]id bit(s) on any
             files or directories it finds in forbidden directories and report any changes in the
             email. Note that directories listed in FORBIDDEN are searched regardless of whether
             or not they are listed in SEARCH.  However, EXCLUDE option still apply to
             directories that fall under them.

     EXCLUDE
             A space separated list of directories to exclude from the search. Note that if a
             SEARCH path falls under an EXCLUDE path that it will still be searched. This is
             useful for excluding whole directories and only specifying one. Example:

             SEARCH  = "/usr /usr/src/linux"
             EXCLUDE = "/usr/src"

     EXTRA_LIST
             File that contains a list of (each on it's own line)  of other files that sXid
             should monitor. This is useful for files that aren't +s, but relate to system
             integrity (tcpd, inetd, apache...). Example:

             EXTRA_LIST = "/etc/sxid.list"

     FORBIDDEN
             A space separated list of directories that are not supposed to contain any suid or
             sgid items. Items which are suid or sgid in these directories are flagged in the
             email separately from the other listings whether there are other changes or not.
             Example:

             FORBIDDEN = "/tmp /home"

     IGNORE_DIRS
             Ignore entries for directories in these paths. This means that only files will be
             recorded. You can effectively ignore all directory entries by setting this to "/".

     KEEP_LOGS
             This is a numerical value for how many log files to keep when rotating.

     LISTALL
             Forces a list of all entries to be included in th output. Implies ALWAYS_NOTIFY.

     LOG_FILE
             The full path of where to store the log files. These will be rotated, each rotated
             log being suffixed with a digit. The directories must already exist.  This is
             usually /var/log/sxid.log.  Rotated logs would look like /var/log/sxid.log.n where
             ā€œnā€ is the number in the rotation. The current log has no suffix.

     MAIL_PROG
             Mail program. This changes the default compiled in mailer for reports. You only need
             this if you have changed it's location and don't want to recompile sXid.

     SEARCH  A space separated list of directories to search.  sXid will use these as a starting
             point for it's searches. Example:

             SEARCH = "/usr /bin /lib"

AUTHOR

     Ben Collins <bcollins@debian.org>

REPORTING BUGS

     Timur Birsh <taem@linukz.org>

SEE ALSO

     sxid(1)