# FCheck.cfg # # Directories to be monitored are shown below. Multiple entries may be used # by using the following 'keyword=variable' format: # # [Directory=(path/name)] # [Directory=(path/name)] # ... # # If you want recursive direcotry monitoring, place a / at the end of # the directory name, otherwise the script will interpret the entry as a # single file or single directory to monitor. # # For example the entry "Directory=/usr" # will watch everything in the /usr directory # # and the entry "Directory=/etc/passwd" # will monitor only the password file. # # while the entry "Directory=/usr/" # will watch everything in the /usr directory, and everything # recursively under it, (I.E. /usr/bin..., /usr/local/..., etc.) # Directory = / Directory = /etc/ Directory = /bin/ Directory = /sbin/ Directory = /lib/ Directory = /usr/bin/ Directory = /usr/sbin/ Directory = /usr/lib/ # Optionally may want to add the following: #Directory = /usr/ #Directory = /usr/X11R6/bin #Directory = /usr/X11R6/lib #Directory = /var/ # WARNING # Use the following exclusions with care, # only include log files that are constantly undating and are known to # be written to frequently otherwise you can defeat the purpose of fcheck # by excluding too much... # # Specific files, and/or directories can be excluded. # # If used, configure them as full paths and their filenames. Directory # names must have a "/" appended to the end of its filename in the exclude # section. # Exclusion = /tmp/ Exclusion = /var/ Exclusion = /lib/udev/devices/ Exclusion = /lib/init/rw/ # Other common paths you may need to exclude #Exclusion = /etc/mtab #Exclusion = /etc/resolv.conf #Exclusion = /etc/cups/cupsd.conf #Exclusion = /etc/cups/cupsd.conf.O #Exclusion = /etc/cups/printers.conf #Exclusion = /etc/cups/printers.conf.O #Exclusion = /etc/ld.so.cache #Exclusion = /etc/network/run/ifstate #Exclusion = /etc/adjtime #Exclusion = /etc/motd #Exclusion = /etc/default/ntpdate.dhcp #Exclusion = /etc/ntp.conf.dhcp #Exclusion = /etc/logcheck/ #Exclusion = /etc/.git/ #Exclusion = /etc/.etckeeper #Exclusion = /etc/.gitignore # Miscellaneous settings are passed to fcheck from here. # # The "DataBase" keyword points to the absolute path/filename of the baseline # database file, and is defined next. # DataBase = /var/lib/fcheck/fcheck.dbf # If you are using a read-only location. You can write the database files to # one location, and read from an alternate read-only (CD-ROM?) location. #ReadDB = /usr/local/data/fcheck.dbf #WriteDB = /usr/local/data/fcheck.dbf # Your systems interface for passing messages to its log files, UNIX systems # are typically found as "/usr/bin/logger". # # You could also send messages directly to a line printer if desired. # # Win32 platforms are forced to use line printers for now until a error # logging module is created for NT platforms. # #Logger = /usr/bin/lpr # # As of version 2.7.50, you pass logger taglines (-t) options through here. # Any other options can now be passed to third party loggers, scripts, etc. Logger = /usr/bin/logger -tfcheck #AuthLogger = /usr/bin/logger -tfcheck -pauth.info #AuthLogger = /usr/bin/logger -tfcheck -pauth.notice # This is the system command to determine a files type. Used to determine # pipes, major/minor numbers. # # Only useful on Unix platforms, not portable to Windows (yet?!?!). FileTyper = /usr/bin/file # You may optionally set your hostname from the configuration file if FCheck # is unable to determine it on its own. # #HostName = "Mikes" # You may optionally set the system type from the configuration file if # FCheck is unable to determine it on its own. # Currently the only accepted option her is "System = DOS", otherwise FCheck # will default to a UNIX system. # #System = UNIX # This must be set only for readability by you. It in no way effects the scan # function of FCheck. It only changes what is presented to the end user, so # the times that are presented to you may not be accurate if not set. TimeZone = GMT # This is used only if you require/desire a hash signature to also be generated # for each file by use of the '-s' flag. If you do not use the (s)ignature # flag, then the following variable setting will not impact fcheck in any way. #$Signature = /usr/bin/sum #$Signature = /usr/bin/cksum #$Signature = /usr/bin/md5sum $Signature = /usr/bin/sha256sum # Include an optional configuration file. # [CFInclude = (path/config_file_name)] #CFInclude # Used for individual file checking (I.E. Possibly FCheck databases!) # File = /var/lib/fcheck/fcheck.dbf # # End of FCheck.cfg file #