...

Executables will test directories for executable files that are not know by the package manager. This works with both rpm (Redhat, et al) and deb (Debian / Ubuntu, et al) based distributions.

Because this feature has the potential to cause some load (depending on the configuration) on the target machine, it is disabled by default. To enable it, enable the config item for 'feature_executables'.

How Does it Work?

Enterprise customers are able to define a list of directories to be scanned (we typically recommend /usr), which are recursively checked for executable files. Each file that is executable is verified against the package manager (yum / dpkg) and if it is not know, an entry is recorded. These entries are then treated just like any other component (processor, software, user groups, etc) inside Open-AudIT. Change, add's and remove's are recorded.Because this feature has the potential to cause some load (depending on the configuration) on the target machine, it is disabled by default. To enable it, enable the config item for 'feature_executables'.

As well as directories to be scanned, customers can also provide exceptions not to be tested. These paths are compatible with the find (include) and grep (exclude) commands.

...