Add more default monitored files

diff --git a/src/client.pl b/src/client.pl
index 76565406c910851339a59aeec4576742c00d8106..338050740bad926c9887d447d2ca760a28bfc7f6 100644 (file)
--- a/src/client.pl
+++ b/src/client.pl
@@ -282,19 +282,40 @@ foreach my $logfile (get_files_recursively('/var/log')) {
 }
 
 # These files will be sent once
-send_file($name, $key, '/etc/passwd');
-send_file($name, $key, '/etc/group');
-send_file($name, $key, '/etc/sudoers');
-send_file($name, $key, '/etc/crontab');
+send_file($name, $key, '/etc/crontab');         # Scheduled jobs
+send_file($name, $key, '/etc/group');           # Group list
+send_file($name, $key, '/etc/hosts');           # IP -> hostnames
+send_file($name, $key, '/etc/hosts.allow');     # Allowed hosts
+send_file($name, $key, '/etc/hosts.deny');      # Denied hosts
+send_file($name, $key, '/etc/inetd.conf');      # Internet service daemon configuration
+send_file($name, $key, '/etc/logrotate.conf');  # Control log rotation
+send_file($name, $key, '/etc/passwd');          # User list
+send_file($name, $key, '/etc/securetty');       # TTY's allowing root login
+send_file($name, $key, '/etc/shadow');          # User passwords
+send_file($name, $key, '/etc/sudoers');         # Users who can run commands as another user (including root)
+send_file($name, $key, '/etc/sysctl.conf');     # Kernel options
+send_file($name, $key, '/etc/syslog.conf');     # Syslog configuration
+send_file($name, $key, '/var/log/lastlog');     # Previously logged in users
+send_file($name, $key, '/var/log/wmtp');        # Current logged in users
+
+foreach my $logfile (get_files_recursively('/etc/pam.d'),
+                     get_files_recursively('/etc/rc/init.d'),
+                     get_files_recursively('/etc/ssh'),
+                     get_files_recursively('/etc/security'),
+                     get_files_recursively('/etc/sysconfig'),
+                     get_files_recursively('/etc/cron*'),
+                     get_files_recursively('/etc/init.d')) {
+    send_file($name, $key, $logfile);
+}
 
 # These commands will have their output sent as they are updated
 send_command_output($name, $key, 'journalctl', 'journalctl', '-f');
-send_command_output($name, $key, 'pspy', './pspy64', '-f');
 
-# These directories and their subdirectories will be watched and any modified files will be sent
+# These directories and their subdirectories will be watched and any new/modified files will be sent
 watch_directory($name, $key, '/tmp');
 watch_directory($name, $key, '/dev/shm');
 watch_directory($name, $key, '/home');
+watch_directory($name, $key, '/etc');
 
 # ------------------------------------------------------------------------------