Directory watching interval - LF_DIRWATCH_FILE
The interval in seconds to have the login failure daemon watch specified files or directories for changes. If a change
is detected then an alert is sent.
Default: 0 Range: 0|30-86400
/tmp dir watching interval - LF_DIRWATCH
This tells the login failure daemon to check /tmp and /dev/shm directories for suspicious files. If a suspicious file is
found an email alert is sent. One alert per file per LF_FLUSH interval is sent. To enable this feature set the following
to the checking interval in seconds. To disable this option set to 0.
Default: 300 Range: 0|30-86400
/tmp watching file removal - LF_DIRWATCH_DISABLE
Enable the removal any suspicious files found during directory watching. These files will be appended to a tarball
located in /etc/csf/suspicious.tar
Default: 0 Range: 0-1
Integrity checking interval - LF_INTEGRITY
The interval in seconds to have the login failure daemon compare md5sums of the servers OS binary application files from
the time when the login failure daemon was started. If the md5sum of a monitored file is mismatched then an alert is
sent. This option acts as an IDS (Intrusion Detection System) in detecting a possible root compromise.
Default: 3600 Range: 0|120-86400