Optional modules to perfor additional checks

These are all client-only options, as the server does not perform any checks (if you want to run checks on the log server host, you need to run a client there as well).

--enable-login-watch

[CLIENT ONLY] Compile in the module to watch for login/logout events.

--enable-mounts-check

[CLIENT ONLY] Compile in the module to check for correct mount options.

--enable-userfiles

[CLIENT ONLY] Compile in the module to check for files in user home directories (i.e. with paths relative to $HOME for all users).

--enable-suidcheck

[CLIENT ONLY] Compile in the module to check file system for SUID/SGID binaries not in the database.

--with-kcheck=SYSTEM_MAP

[CLIENT ONLY] (Linux/FreeBSD only) Compile in the module to check for runtime kernel modifications (e.g. clobbered kernel syscalls) to detect kernel-level rootkits. SYSTEM_MAP must be the path to the System.map file corresponding to the kernel.