|
|
|
|
|
$fileMax /etc/wtmp 360000 ~* * * 0 0~ reduce 36000
If the file /etc/wtmp exceeds 360,000 bytes, reduce it to 36,000 bytes. Check the size of the file on the hour. (The structures in this file are 36 bytes in length and it must be an integral number of structures, hence the chosen sizes.)
$fileCheck /etc/passwd - - f root - 0777 0444
Check only once. The /etc/passwd file should be owned by root and be read-only to everyone.
$fileCheck /etc/shadow - - f root - 0777 0400
Check only once. The /etc/shadow file should be owned by root and be read-only to root .
$fileMax /tmp/*.lst 10000 - remove
Remove all the files in /tmp ending with an extension of .lst if they are
bigger than 10,000 bytes. Do this only once.
$fileMax /tmp/*.hist 0 - exex ~/bin/mv %f %d/o.%b~
Save as /tmp/o.*.hist any non-zero length files in /tmp that have an extension of .hist.
