Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 14. Software -Security/MonitoringNext

14.2. Configure and Optimize sXid

Note: All the configuration files required for each software described in this book has been provided by us as a gzipped file, floppy.tgz for your convenience. This can be downloaded from this web address: https://www.openna.com/books/floppy.tgz You can unpack this to any location on your local machine, say for example /tmp, assuming you have done this your directory structure will be /tmp/floppy. Within this floppy directory each configuration file has its own directory for respective software. For example sXid configuration file are organised like this: 

               total 4
               -rw-r--r--    1 harrypotter    harrypotter        1586 Jun  8 13:00 sxid.conf
You can either cut and paste this directly if you are faithfully following our instructions from the begining or manually edit these to modify to your needs. This facility is there though as a convenience but please don't forget ultimately it will be your responsibility to check, verify, etc. before you use them whether modified or as it is.

Tip: To run sXid, the following file from the floppy.tgz archive is required and must be created or copied to the appropriate directory on your server. Copy the sxid.conf file to the /etc/ directory. or alternatively you can copy and paste directly from this book to the concerned file.

14.2.1. Configure the /etc/sxid.conf file

The configuration file for sXid /etc/sxid.conf allows you to set options that modify the operation of the program. It is well commented and very basic.

  1. Edit the sxid.conf file vi /etc/sxid.conf and set your needs: 
             # Configuration file for sXid
         # Note that all directories must be absolute with no trailing /'s
         # Where to begin our file search
         SEARCH = "/"
         # Which subdirectories to exclude from searching
         EXCLUDE = "/proc /mnt /cdrom /floppy"
         # Who to send reports to
         EMAIL = "root"
         # Always send reports, even when there are no changes?
         ALWAYS_NOTIFY = "no"
         # Where to keep interim logs. This will rotate 'x' number of
         # times based on KEEP_LOGS below
         LOG_FILE = "/var/log/sxid.log"
         # How many logs to keep
         KEEP_LOGS = "5"
         # Rotate the logs even when there are no changes?
         ALWAYS_ROTATE = "no"
         # Directories where +s is forbidden (these are searched
         # even if not explicitly in SEARCH), EXCLUDE rules apply
         FORBIDDEN = "/home /tmp"
         # Remove (-s) files found in forbidden directories?
         ENFORCE = "yes"
         # This implies ALWAYS_NOTIFY. It will send a full list of
         # entries along with the changes
         LISTALL = "no"
         # Ignore entries for directories in these paths
         # (this means that only files will be recorded, you
         # can effectively ignore all directory entries by
         # setting this to "/"). The default is /home since
         # some systems have /home g+s.
         IGNORE_DIRS = "/home"
         # File that contains a list of (each on it's own line)
         # of other files that sxid should monitor. This is useful
         # for files that aren't +s, but relate to system
         # integrity (tcpd, inetd, apache...).
         # EXTRA_LIST = "/etc/sxid.list"
         # Mail program. This changes the default compiled in
         # mailer for reports. You only need this if you have changed
         # it's location and don't want to recompile sxid.
         # MAIL_PROG = "/usr/bin/mail"

  2. Place an entry into root's crontabs to make sXid run as a cronjob. sXid will run from crond; basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes. To add sxid in your cronjob you must edit the crontab and add the following line: To edit the crontab, use the command as root: 
             [root@deep] /#crontab -e
         
             # Sample crontab entry to run every day at 4am
         0 4 * * * /usr/bin/sxid

Further documentation for more details, there are some man pages you can read sxid.conf(5) -configuration settings for sxid and sxid(1) - check for changes in s[ug]id files and directories

sXid as administrative tool is meant to run as a cronjob. It must run once a day, but busy shell boxes may want to run it twice a day. You can also run this manually for spot-checking. To run sxid manually, use the command: 
         [root@deep] /#sxid -k

sXid Vers : 4.0.1 Check run : Wed Dec 29 12:40:32 1999 This host : mail.openna.com Spotcheck : /home/admin Excluding : /proc /mnt /cdrom /floppy Ignore Dirs: /home Forbidden : /home /tmp

No changes found! This checks for changes by recursing the current working directory. Log files will not be rotated and no email sent. All output will go to stdout.

These are the Installed files on your system by the program sXid.

/etc/sxid.conf
/usr/bin/sxid
/usr/man/man1/sxid.1
/usr/man/man5/sxid.conf.5

PrevHomeNext
sXidUpLogcheck
  
 
  Published under the terms of the Open Publication License Design by Interspire