Default monitor mode -
The default startup option for monitor mode, either users or /usr/local/maldetect/monitor_paths (a file containing local paths to monitor). This option is REQUIRED for the systemd maldet.service script. That script only checks for the value of $default_monitor_mode. The service will fail to start if a value is not provided.
Base watches -
The base number of files that can be watched under a path. (maximum file watches = inotify_base_watches*users)
Sleep between monitor runs -
The sleep time in seconds between monitor runs to scan files that have been created/modified/moved.
Config data reload interval -
The interval in seconds that inotify will reload configuration data, including remote configuration imports.
Minimum userid that will be added to user monitoring -
The minimum userid that will be added to path monitoring when the USERS option is specified.
Document root for users -
This is the html/web root for users relative to homedir, when this option is set, users will only have the webdir monitored [ clear option to default monitor entire user homedir ]
Process CPU scheduling priority -
Process CPU scheduling (nice) priority level for scan operations. [ -19 = high prio , 19 = low prio, default = 19 ]
Process IO scheduling priority -
Process IO scheduling (ionice) priority levels for scan operations. (uses cbq best-effort scheduling class [-c2]). [ 0 = most favorable IO, 7 = least favorable IO ]
Process CPU usage limit -
Set hard limit on CPU usage for inotify monitoring processes. This requires the "cpulimit" binary to be available on the server. The values are expressed as relative percentage * N cores on system. An 8 CPU core system would accept values from 0 - 800, a 12 cores system would accept 0 - 1200 etc.
Log every file scanned by inotify monitoring mode; this is not recommended and will drown out your "event_log" file, intended only for debugging purposes.