Syntax for System Integrity Verification Rules
Rules Format: alert_level;path;recursive_if_directory;comment_or_description
Field Example Values Notes
alert_level RED | YELLOW | IGNORE
RED Critical alert if rule is triggered
YELLOW    Warning alert if rule is triggered
IGNORE

This is not a rule, instead it is a directive to ignore the file or directory specified in the rule.

path
Unix file: /etc/service.conf
Unix dir: /etc
Win32 file:   c:/config.sys
Win32 dir:

c:/winnt

http: http://demarc.com
   
The path to the file or directory you wish to monitor.
This can now also be a URL to a http protocol webpage
ie: /etc/hosts or http://www.your_site.com/index.html
recursive_if_directory 1|0

If this path is a directory, "1" here will cause the directory to be recursed so that all subdirectories will be checked. "0" means that only the files within this directory should be checked.

Note: Symbolic links will not be followed

comment_or_description System Configuration Files Optional comment or description that will appear if this alert is triggered.