HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_156
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 156 # Directories where +s is forbidden (these are searched # even if not explicitly in SEARCH), EXCLUDE rules apply FORBIDDEN = "/home /tmp" # Remove (-s) files found in forbidden directories? ENFORCE = "yes" # This implies ALWAYS_NOTIFY. It will send a full list of # entries along with the changes  LISTALL = "no" # Ignore entries for directories in these paths  # (this means that only files will be recorded, you # can effectively ignore all directory entries by # setting this to "/"). The default is /home since # some systems have /home g+s. IGNORE_DIRS = "/home" # File that contains a list of (each on it's own line) # of other files that sxid should monitor. This is useful # for files that aren't +s, but relate to system  # integrity (tcpd, inetd, apache...). # EXTRA_LIST = "/etc/sxid.list" # Mail program. This changes the default compiled in # mailer for reports. You only need this if you have changed # it's location and don't want to recompile sxid. # MAIL_PROG = "/usr/bin/mail" Step 2 Place an entry into root's crontabs to make sXid run as a cronjob: SXid will run from crond, basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes. To add sxid in your cronjob you must edit the crontab and add the following line: · To edit the crontab, use the command (as root): [root@deep /]# crontab -e # Sample crontab entry to run every day at 4am 0 4 * * * /usr/bin/sxid Further documentation For more details, there are several man pages you can read: $ man sxid.conf (5) - configuration settings for sxid $ man sxid (1) - check for changes in s[ug]id files and directories  sXid Administrative Tools This program is meant to run as a cronjob. It must run once a day, but busy shell boxes may want to run it twice a day. You can also run this manually for spot checking. · To run sxid manually, use the command: [root@deep /]# sxid -k sXid Vers  : 4.0.1 Check run  : Wed Dec 29 12:40:32 1999