Securities Software (Monitoring Tools).Linux sXid
Step 2
Place an entry into root’s crontabs to make sXid run as a cronjob:
SXid will run from crond; basically it tracks any changes in your s[ug]id files and folders. If there
are any new ones, ones that aren’t set any more, or they have changed bits or other modes then
it reports the changes. To add sxid in your cronjob you must edit the crontab and add the
following line:
• To edit the crontab, use the command (as root): [root@deep /]# crontab -e
# Sample crontab entry to run every day at 4am 0 4 * * * /usr/bin/sxid
Further documentation
For more details, there are some man pages you can read:
$ man sxid.conf (5) - configuration settings for sxid
$ man sxid (1) - check for changes in s[ug]id files and directories
sXid Administrative Tools
This program is meant to run as a cronjob. It must run once a day, but busy shell boxes may want to run it twice a day. You can also run this manually for spot-checking.
• To run sxid manually, use the command:
[root@deep /]# sxid -k sXidVers : 4.0.1
Check run : Wed Dec 29 12:40:32 1999 This host : mail.openna.com Spotcheck : /home/admin Excluding : /proc /mnt /cdrom /floppy Ignore Dirs: /home Forbidden : /home /tmp
No changes found
This checks for changes by recursing the current working directory. Log files will not be rotated and no email sent. All output will go to stdout.
Installed files
> /etc/sxid.conf
> /usr/bin/sxid
> /usr/man/man1/sxid.1
> /usr/man/man5/sxid.conf.5