Securing-Optimizing-RH-Linux-1_2_156
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
156
# Directories where +s is forbidden (these are searched
# even if not explicitly in SEARCH), EXCLUDE rules apply
FORBIDDEN = "/home /tmp"
# Remove (-s) files found in forbidden directories?
ENFORCE = "yes"
# This implies ALWAYS_NOTIFY. It will send a full list of
# entries along with the changes
LISTALL = "no"
# Ignore entries for directories in these paths
# (this means that only files will be recorded, you
# can effectively ignore all directory entries by
# setting this to "/"). The default is /home since
# some systems have /home g+s.
IGNORE_DIRS = "/home"
# File that contains a list of (each on it's own line)
# of other files that sxid should monitor. This is useful
# for files that aren't +s, but relate to system
# integrity (tcpd, inetd, apache...).
# EXTRA_LIST = "/etc/sxid.list"
# Mail program. This changes the default compiled in
# mailer for reports. You only need this if you have changed
# it's location and don't want to recompile sxid.
# MAIL_PROG = "/usr/bin/mail"
Step 2
Place an entry into root's crontabs to make sXid run as a cronjob:
SXid will run from crond, basically it tracks any changes in your s[ug]id files and folders. If there
are any new ones, ones that aren't set any more, or they have changed bits or other modes then
it reports the changes. To add sxid in your cronjob you must edit the crontab and add the
following line:
·
To edit the crontab, use the command (as root):
[root@deep /]# crontab -e
# Sample crontab entry to run every day at 4am
0 4 * * * /usr/bin/sxid
Further documentation
For more details, there are several man pages you can read:
$ man sxid.conf (5)
- configuration settings for sxid
$ man sxid (1)
- check for changes in s[ug]id files and directories
sXid Administrative Tools
This program is meant to run as a cronjob. It must run once a day, but busy shell boxes may want
to run it twice a day. You can also run this manually for spot checking.
·
To run sxid manually, use the command:
[root@deep /]# sxid -k
sXid Vers : 4.0.1
Check run : Wed Dec 29 12:40:32 1999