integrit configuration file

   The configuration file determines what integrit does when it runs. For
   that reason, it should be kept on a secure medium, like a CD-ROM or a
   directory that's exported via read-only NFS from a tightly-secured
   machine.
   
  elements of an integrit configuration file
  
   known database
          The location of the known database (which contains information
          about the previous state of the host's files) is specified with
          a line like this:
          
     known=/root/databases/usr_known.cdb

   current database
          The location of the current database (the one to be generated
          if integrit is doing an update) is specified in a similar
          manner.
          
    current=/root/databases/usr_current.cdb

   the root of integrit's check
          The root of the filetree that integrit will cover is specified
          on a line like this:
          
    root=/usr

   rules for doing checks (called checksets)
          Whether or not integrit descends parts of the filetree, and
          whether or not it does checksums, comparison of access times,
          etc., are specified in a compact syntax (described below) on
          lines like these:
          
    !/usr/local/useless
    !/usr/mnt/nfs
    =/usr/share/teTeX
    /usr/local/var/log SIAM


integrit configuration file checksets

   A rule for doing checks, called a "checkset", is specified like this:
   
   a prefix for controlling the file tree walk
          An exclamation point means "ignore". It will cause integrit to
          pretend a file or directory isn't there.
          
     # ignore the useless directory and its subdirectories
     !/usr/local/useless

          An equal sign means "don't descend". It will cause integrit to
          do checks on the file itself, but if it's a directory, integrit
          won't visit its subdirectories.
          
          This is useful for telling integrit not to bother with certain
          parts of a file tree.
          
     # don't bother with old_project's subdirectories,
     # but do perform normal checks on the directory itself
     =/usr/local/share/old_project

   a set of switches
          A filename followed by a set of one-letter switches turns
          checks on and off, for example:
          
     # do check the access time, but don't do a checksum:
     /usr/local/secret/text.txt aS

          The syntax is explained on the following page.
          

integrit configuration file checksets: switches

   Upper case turns off a given check. Lower case turns it on.
   
   When you turn off a check, maybe, "no checksums", then all
   subdirectories inherit that: no checksums are done.
   
   You can always override switches that are inherited from parent
   directories.
   
   e.g., In the example below, all the stuff under /var/log won't have
   checksums done, except all the files under /var/log/archives:
    /var/log            S
    /var/log/archive    s

   ... Again, the upper case turns the check off, and the lower case
   turns it back on.
   
   letter check
   s checksum
   i inode
   p permissions
   l number of links
   u uid
   g gid
   z file size (redundant if checksums are on)
   a access time
   m modification time
   c file info change time (see lstat(2))
   r reset access time after checksum (option)