Provided by: sxid_4.20130802-6_amd64 
NAME
sxid.conf ā configuration settings for sXid
DESCRIPTION
This is the configuration file used by sXid to define it's parameters for execution. By default it is
/etc/sxid.conf but can be anything using the --config command line option for sXid.
Options in this file are in the form of
OPTION = "VALUE"
Note that the VALUE must be contained in double quotes.
OPTIONS
ALWAYS_NOTIFY
If sXid does not find any changes it will not send an email unless you specify "yes" here.
ALWAYS_ROTATE
Usually sXid will only rotate the log files when there is a change from the last run. This is
usually best, since all logs will record a change rather than just a run of the program. If you
want to rotate the logs every time sXid is run, regardless of changes, specify "yes" here.
EMAIL Where to send the email containing the output of changes every time sXid is run. Example:
EMAIL = "System Administrator <sysadmin@example.com>"
ENFORCE
Normally sXid only flags items which are suid or sgid and are in a FORBIDDEN directory. With this
option set to "yes" sXid will remove the s[ug]id bit(s) on any files or directories it finds in
forbidden directories and report any changes in the email. Note that directories listed in
FORBIDDEN are searched regardless of whether or not they are listed in SEARCH. However, EXCLUDE
option still apply to directories that fall under them.
EXCLUDE
A space separated list of directories to exclude from the search. Note that if a SEARCH path
falls under an EXCLUDE path that it will still be searched. This is useful for excluding whole
directories and only specifying one. Example:
SEARCH = "/usr /usr/src/linux"
EXCLUDE = "/usr/src"
EXTRA_LIST
File that contains a list of (each on it's own line) of other files that sXid should monitor.
This is useful for files that aren't +s, but relate to system integrity (tcpd, inetd, apache...).
Example:
EXTRA_LIST = "/etc/sxid.list"
FORBIDDEN
A space separated list of directories that are not supposed to contain any suid or sgid items.
Items which are suid or sgid in these directories are flagged in the email separately from the
other listings whether there are other changes or not. Example:
FORBIDDEN = "/tmp /home"
IGNORE_DIRS
Ignore entries for directories in these paths. This means that only files will be recorded. You
can effectively ignore all directory entries by setting this to "/".
KEEP_LOGS
This is a numerical value for how many log files to keep when rotating.
LISTALL
Forces a list of all entries to be included in th output. Implies ALWAYS_NOTIFY.
LOG_FILE
The full path of where to store the log files. These will be rotated, each rotated log being
suffixed with a digit. The directories must already exist. This is usually /var/log/sxid.log.
Rotated logs would look like /var/log/sxid.log.n where ānā is the number in the rotation. The
current log has no suffix.
MAIL_PROG
Mail program. This changes the default compiled in mailer for reports. You only need this if you
have changed it's location and don't want to recompile sXid.
SEARCH A space separated list of directories to search. sXid will use these as a starting point for
it's searches. Example:
SEARCH = "/usr /bin /lib"
AUTHOR
Ben Collins <bcollins@debian.org>
REPORTING BUGS
Timur Birsh <taem@linukz.org>
SEE ALSO
sxid(1)
Debian July 29, 2013 SXID(5)