csf.dirwatch - what does it watch by default?
Posted: 20 Feb 2013, 19:40
Currently my csf.dirwatch file is empty (which is the default). I would like to add some things to it, but I noticed that I already get alerts like this:
============
lfd on example.com: System Integrity checking detected a modified system file
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/usr/bin/abrt-action-analyze-backtrace: FAILED
/usr/bin/abrt-action-analyze-c: FAILED
/usr/bin/abrt-action-analyze-oops: FAILED
============
So, it would appear that dirwatch is already watching /usr/bin at least. I did quite a bit of searching and reading, and I can't seem to find what directories dirwatch is already watching (or maybe this alert isn't related to csf.dirwatch??)
And if I add new directories to csf.dirwatch, does it override the defaults directories?
Any help would be appreciated.
- Scott
============
lfd on example.com: System Integrity checking detected a modified system file
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/usr/bin/abrt-action-analyze-backtrace: FAILED
/usr/bin/abrt-action-analyze-c: FAILED
/usr/bin/abrt-action-analyze-oops: FAILED
============
So, it would appear that dirwatch is already watching /usr/bin at least. I did quite a bit of searching and reading, and I can't seem to find what directories dirwatch is already watching (or maybe this alert isn't related to csf.dirwatch??)
And if I add new directories to csf.dirwatch, does it override the defaults directories?
Any help would be appreciated.
- Scott