A Summary of Commands

iCk, iCkAdmin

and {modes} were 0444, then the check would be to ensure that the file is readable by anyone, but whether it is writable or executable is not of interest. If on the other hand {modeMask} was 0777, while {modes} was 0444, then the check would be to ensure that the file is only readable and must not be writable or executable by anyone. If a file fails to pass a $fileCheck test, it is always reported. If the optional [cmd] is specified, then this command is executed. The meta-words %f, %d, and %b are set to the various parts of the file name for use in the command.

$EOF

This special mark indicates the end of the rules. Anything beyond this mark in the rules file is ignored.

Examples of Rules

$fileMax /etc/wtmp 360000 ~* * * 0 0~ reduce 36000

If the file /etc/wtmp exceeds 360,000 bytes, reduce it to 36,000 bytes. Check the size of the file on the hour. (The structures in this file are 36 bytes in length and it must be an integral number of structures, hence the chosen sizes.)

$fileCheck /etc/passwd - - f root - 0777 0444

Check only once. The /etc/passwd file should be owned by root and be read-only to everyone.

UCS 1000 R4.2 Administration 585-313-507

Issue 3 April 2000 489