6. Checking for SUID/SGID files

6. Checking for SUID/SGID files
Prev	Appendix C. Configuration file syntax and options	Next

6. Checking for SUID/SGID files

Section heading:

[SuidCheck]

Entries:

SuidCheckActive= boolean — '1' to switch on, '0' to switch off.

SuidCheckExclude= path — A directory (and its subdirectories) to exclude from the check. Only one directory can be specified this way.

SuidCheckSchedule= schedule — Crontab-like schedule for checks.

SeveritySuidCheck= severity — Severity for events.

SuidCheckFps= fps — Limit files per seconds for SUID check.

SuidCheckNosuid= boolean — Check filesystems mounted as nosuid. Defaults to not.

SuidCheckQuarantineFiles= boolean — Whether to quarantine files. Defaults to not.

SuidCheckQuarantineMethod= 0|1|2 — Quarantine method. Delete = 1, remove suid/sgid flags = 1, move to quarantine directory = 2. Defaults to 1 (remove suid/sgid flags).

SuidCheckQuarantineDelete= boolean — Whether to delete rather than truncate, if method 0 (delete) is chosen. Default is truncate.

Prev	Up	Next
5. Watching login/logout events	Home	7. Checking for mount options