Directory Watching

Directory watching interval - LF_DIRWATCH_FILE
The interval in seconds to have the login failure daemon watch specified files or directories for changes. If a change is detected then an alert is sent.
Default: 0 Range: 0|30-86400

/tmp dir watching interval - LF_DIRWATCH
This tells the login failure daemon to check /tmp and /dev/shm directories for suspicious files. If a suspicious file is found an email alert is sent. One alert per file per LF_FLUSH interval is sent. To enable this feature set the following to the checking interval in seconds. To disable this option set to 0.
Default: 300 Range: 0|30-86400

/tmp watching file removal - LF_DIRWATCH_DISABLE
Enable the removal any suspicious files found during directory watching. These files will be appended to a tarball located in /etc/csf/suspicious.tar
Default: 0 Range: 0-1

Integrity checking interval - LF_INTEGRITY
The interval in seconds to have the login failure daemon compare md5sums of the servers OS binary application files from the time when the login failure daemon was started. If the md5sum of a monitored file is mismatched then an alert is sent. This option acts as an IDS (Intrusion Detection System) in detecting a possible root compromise.
Default: 3600 Range: 0|120-86400