To start monitoring the suid/sgid of files and folders, we configure the tool as follows:

1. Once the installation completes, we start editing the /etc/sxid.conf file to use the tool as we require. Open the file in the editor of your choice:

    nano /etc/sxid.conf

2. In the configuration file, look for the following line:

Change the value for EMAIL to any other email ID, if you wish to have the output of changes whenever sxid is run sent to your email ID.

3. Next, look for the line that reads KEEP_LOGS and change the value to a numerical value of your choice. This number defines how many log files to keep:

4. If you wish to get the logs even when sXid finds no changes, then change the value for ALWAYS_NOTIFY to yes:

5. We can define a list of directories, separated with spaces, for the SEARCH option, for sXID to use as a starting point for its search. However, if we wish to exclude any directory from the search, we can specify it under the EXCLUDE option:

Suppose we have a directory, /usr/local/share, to be searched, and the /usr/local directory has been mentioned in the exclude list; it will still be searched. This becomes useful for excluding a main directory, and only specifying one.

7. There are many more options in /etc/sxid.conf, which can be configured as per our requirements. Once we are done with editing the file, save and close the file.

8. Now, if we want to run sxid manually for spot-checking, we use the following command:

    sxid -c /etc/sxid.conf -k

Here, the -c option helps to define the path of the config file, if it is not automatically picked up by the command. The -k option runs the tool.