Man Linux: Main Page and Category List


       sxid.conf - configuration settings for sxid


       This  is  the configuration file used by sxid to define it’s parameters
       for execution. By default it is  /etc/sxid.conf  but  can  be  anything
       using  the --config command line option for sxid.  Options in this file
       are in the form of OPTION = "VALUE" .  Note  that  the  VALUE  must  be
       contained in double quotes.


              If  sxid  does  not  find  any changes it will not send an email
              unless you specify "yes" here.

              Usually sxid will only rotate the log  files  when  there  is  a
              change  from  the last run. This is usually best, since all logs
              will record a change rather than just a run of the  program.  If
              you  want  to rotate the logs every time sxid is run, regardless
              of changes, specify "yes" here.

       EMAIL  Where to send the email containing the output of  changes  every
              time sxid is run. Example:

              EMAIL = "Great Admin <>"

              Normally sxid only flags items which are suid or sgid and are in
              a FORBIDDEN directory. With this option set to "yes"  sxid  will
              remove  the  s[ug]id bit(s) on any files or directories it finds
              in forbidden directories and report any changes  in  the  email.
              Note   that   directories   listed  in  FORBIDDEN  are  searched
              regardless  of  whether  or  not  they  are  listed  in  SEARCH.
              However,  EXCLUDED  options still apply to directories that fall
              under them.

              A space seperated  list  of  directories  to  exclude  from  the
              search.  Note  that if a SEARCH path falls under an EXCLUDE path
              that it will still be searched. This  is  useful  for  excluding
              whole directories and only specifying one. Example:

              SEARCH  = "/usr /usr/src/linux"

              EXCLUDE = "/usr/src"

              File  that  contains a list of (each on it’s own line)  of other
              files that sxid should monitor. This is useful  for  files  that
              aren’t   +s,  but  relate  to  system  integrity  (tcpd,  inetd,
              apache...). Example:

              EXTRA_LIST = "/etc/sxid.list"

              A space seperated list of directories that are not  supposed  to
              contain  any suid or sgid items. Items which are suid or sgid in
              these directories are flagged in the email seperately  from  the
              other listings whether there are other changes or not. Example:

              FORBIDDEN = "/tmp /home"

              Ignore  entries  for directories in these paths. This means that
              only files will be recorded.  You  can  effectively  ignore  all
              directory entries by setting this to "/".

              This  is  a  numerical value for how many log files to keep when

              Forces a list of all  entries  to  be  included  in  th  output.
              Implies ALWAYS_NOTIFY.

              The  full  path  of  where to store the log files. These will be
              rotated, each rotated log  being  suffixed  with  a  digit.  The
              directories    must    already    exist.     This   is   usually
              /var/log/sxid.log.    Rotated    logs    would     look     like
              /var/log/sxid.log.n where ’n’ is the number in the rotation. The
              current log has no suffix.

              Mail program. This changes the default compiled  in  mailer  for
              reports.  You  only  need this if you have changed it’s location
              and don’t want to recompile sxid.

       SEARCH A space seperated list of directories to search. Sxid  will  use
              these as a starting point for it’s searches. Example:

              SEARCH = "/usr /bin /lib"


       Ben Collins <>


       Report bugs to current maintainer Timur Birsh <>.