From 0c259870be8b0672400422e43899b409d9839bca Mon Sep 17 00:00:00 2001
From: mivirl <>
Date: Fri, 26 Jan 2024 09:25:31 -0600
Subject: [PATCH] Add more default monitored files

---
 src/client.pl | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/client.pl b/src/client.pl
index 7656540..3380507 100644
--- a/src/client.pl
+++ b/src/client.pl
@@ -282,19 +282,40 @@ foreach my $logfile (get_files_recursively('/var/log')) {
 }
 
 # These files will be sent once
-send_file($name, $key, '/etc/passwd');
-send_file($name, $key, '/etc/group');
-send_file($name, $key, '/etc/sudoers');
-send_file($name, $key, '/etc/crontab');
+send_file($name, $key, '/etc/crontab');         # Scheduled jobs
+send_file($name, $key, '/etc/group');           # Group list
+send_file($name, $key, '/etc/hosts');           # IP -> hostnames
+send_file($name, $key, '/etc/hosts.allow');     # Allowed hosts
+send_file($name, $key, '/etc/hosts.deny');      # Denied hosts
+send_file($name, $key, '/etc/inetd.conf');      # Internet service daemon configuration
+send_file($name, $key, '/etc/logrotate.conf');  # Control log rotation
+send_file($name, $key, '/etc/passwd');          # User list
+send_file($name, $key, '/etc/securetty');       # TTY's allowing root login
+send_file($name, $key, '/etc/shadow');          # User passwords
+send_file($name, $key, '/etc/sudoers');         # Users who can run commands as another user (including root)
+send_file($name, $key, '/etc/sysctl.conf');     # Kernel options
+send_file($name, $key, '/etc/syslog.conf');     # Syslog configuration
+send_file($name, $key, '/var/log/lastlog');     # Previously logged in users
+send_file($name, $key, '/var/log/wmtp');        # Current logged in users
+
+foreach my $logfile (get_files_recursively('/etc/pam.d'),
+                     get_files_recursively('/etc/rc/init.d'),
+                     get_files_recursively('/etc/ssh'),
+                     get_files_recursively('/etc/security'),
+                     get_files_recursively('/etc/sysconfig'),
+                     get_files_recursively('/etc/cron*'),
+                     get_files_recursively('/etc/init.d')) {
+    send_file($name, $key, $logfile);
+}
 
 # These commands will have their output sent as they are updated
 send_command_output($name, $key, 'journalctl', 'journalctl', '-f');
-send_command_output($name, $key, 'pspy', './pspy64', '-f');
 
-# These directories and their subdirectories will be watched and any modified files will be sent
+# These directories and their subdirectories will be watched and any new/modified files will be sent
 watch_directory($name, $key, '/tmp');
 watch_directory($name, $key, '/dev/shm');
 watch_directory($name, $key, '/home');
+watch_directory($name, $key, '/etc');
 
 # ------------------------------------------------------------------------------
 
-- 
2.39.5