Configure the anti-malware real-time file monitoring settings.
sentinel --task=antimalware:monitoringOption |
Value | Default | Description |
|---|---|---|---|
--default_monitor_mode |
<string> | users | The default startup option for monitor mode, either users or /usr/local/maldetect/monitor_paths (a file containing local paths to monitor). This option is REQUIRED for the systemd maldet.service script. That script only checks for the value of $default_monitor_mode. The service will fail to start if a value is not provided. |
--inotify_base_watches |
<digit> | 16384 | The base number of files that can be watched under a path. (maximum file watches = inotify_base_watches*users) |
--inotify_sleep |
<digit> | 30 | The sleep time in seconds between monitor runs to scan files that have been created/modified/moved. |
--inotify_reloadtime |
<digit> | 3600 | The interval in seconds that inotify will reload configuration data, including remote configuration imports. |
--inotify_minuid |
<digit> | 10000 | The minimum userid that will be added to path monitoring when the USERS option is specified. |
--inotify_docroot |
<string> | httpdocs | This is the html/web root for users relative to homedir, when this option is set, users will only have the webdir monitored [ clear option to default monitor entire user homedir ] |
--inotify_cpunice |
<int> | 18 | Process CPU scheduling (nice) priority level for scan operations. [ -19 = high prio , 19 = low prio, default = 18 ] |
--inotify_ionice |
<digit> | 6 | Process IO scheduling (ionice) priority levels for scan operations. (uses cbq best-effort scheduling class [-c2]). [ 0 = most favorable IO, 7 = least favorable IO ] |
--inotify_cpulimit |
<digit> | 0 | Set hard limit on CPU usage for inotify monitoring processes. This requires the "cpulimit" binary to be available on the server. The values are expressed as relative percentage * N cores on system. An 8 CPU core system would accept values from 0 - 800, a 12 cores system would accept 0 - 1200 etc. |
--inotify_verbose |
<1|0> | 0 | Log every file scanned by inotify monitoring mode; this is not recommended and will drown out your "event_log" file, intended only for debugging purposes. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set default_monitor_mode
sentinel --task=antimalware:monitoring --default_monitor_mode='/usr/local/maldetect/monitor_paths' --restart=yes
// reset the default_monitor_mode back to its default value
sentinel --task=antimalware:monitoring --default_option=default_monitor_mode --restart=yes
// reset all settings to their default values
sentinel --task=antimalware:monitoring --default=yes --restart=yes