Is anyone here familiar with the Linux-based STEALTH package (for monitoring FS integrity of client systems)? I'm trying to get started with a very simple configuration, but I'm running into trouble (this is running under Ubuntu 14.04):

Config line `USE BASE/root/stealth/10.0.0.79' invalid

STEALTH (2.11.02) started at Fri, 30 May 2014 15:25:00 +0000

Program terminated due to non-zero exit value for -type f -exec /usr/bin/sha1sum {} \; (EOC Fri May 30 15:25:00 2014 127)

Stealth is creating a binary tmp file in the Stealth server root and generating a "report" file in the start directory, but not much else.

Regarding the "USE BASE...invalid" error, and just to be sure, I manually created the directories in /root, but it didn't help. And, by the way, I am running stealth with sudo.

Everything seems to be configured correctly: I'm able to ssh into root@client from the stealth machine without a password

Here's my "policy" file (I've removed the email directives just for simplicity):

DEFINE SSHCMD /usr/bin/ssh [email protected] -T -q exec /bin/bash --noprofile DEFINE EXECSHA1 -xdev -perm +u+s,g+s ( -user root -or -group root ) \ -type f -exec /usr/bin/sha1sum {} \;

USE BASE/root/stealth/10.0.0.79 USE SSH ${SSHCMD}

USE DD /bin/dd USE DIFF /usr/bin/diff USE PIDFILE /var/run/stealth- USE REPORT report USE SH /bin/sh

GET /usr/bin/sha1sum /root/tmp

LABEL \nchecking the client's /usr/bin/find program CHECK LOG = remote/binfind /usr/bin/sha1sum /usr/bin/find

LABEL \nsuid/sgid/executable files uid or gid root on the / partition CHECK LOG = remote/setuidgid /usr/bin/find / ${EXECSHA1}

LABEL \nconfiguration files under /etc CHECK LOG = remote/etcfiles \ /usr/bin/find /etc -type f -not -perm /6111 \ -not -regex "/etc/(adjtime\|mtab)"\ -exec /usr/bin/sha1sum {} \;

Any ideas? Thanks,