Configure the checking of directories for suspicious files.
juggernaut --task=lfd:directorywatchingOption |
Value | Default | Description |
|---|---|---|---|
--LF_DIRWATCH_FILE |
<60-86400> | 0 | The interval in seconds to have the login failure daemon watch specified files or directories for changes. If a change is detected then an alert is sent. |
--LF_DIRWATCH |
<0|30-86400> | 300 | This tells the login failure daemon to check /tmp and /dev/shm directories for suspicious files. If a suspicious file is found an email alert is sent. One alert per file per LF_FLUSH interval is sent. To enable this feature set the following to the checking interval in seconds. To disable this option set to 0. |
--LF_DIRWATCH_DISABLE |
<1|0> | 0 | Enable the removal any suspicious files found during directory watching. These files will be appended to a tarball located in /etc/csf/suspicious.tar. |
--LF_INTEGRITY |
<0|120-86400> | 3600 | The interval in seconds to have the login failure daemon compare md5sums of the servers OS binary application files from the time when the login failure daemon was started. If the md5sum of a monitored file is mismatched then an alert is sent. This option acts as an IDS (Intrusion Detection System) in detecting a possible root compromise. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// enable LF_DIRWATCH_DISABLE
juggernaut --task=lfd:directorywatching --LF_DIRWATCH_DISABLE=1 --restart=yes
// reset LF_DIRWATCH_DISABLE back to default
juggernaut --task=lfd:directorywatching --default_option=LF_DIRWATCH_DISABLE --restart=yes
// reset all settings back to default
juggernaut --task=lfd:directorywatching --default=yes --restart=yes