The templates in the UNIX File Attributes module and the UNIX File Watch module let you select options that generate signatures on specified files and directories. This function is enabled on the UNIX computers because directories are treated as files with a special format.

To generate a signature on a UNIX directory, the module opens the directory as if it were a regular file and reads the raw data it contains. There are some directories on UNIX computers that cannot be read in this way. For example, directories that are mounted from a remote file system using NFS cannot be read as files. On some versions of UNIX, the /tmp directory and its subdirectories are also not readable as files.

When the module tries to generate a file signature for a directory that cannot be read as a file, the result is the signature of an empty file. The signature of an empty file has a CRC value of zero or an MD5 value of d41d8cd98f00b204e9800998ecf8427e.

When the module generates a signature for a directory that can be read as a file, it is important to understand what the file contains. The contents are dependent on the type of file system.

The most common file systems store the names of the files contained in the directory along with the files' inode numbers, which specify their locations on the disk. Other information about the files that are contained in a directory such as size, permissions, and modification times are not stored in the directory file. In these file systems, the directory signature does not normally change unless a file is added, removed, or renamed in the directory.

Changing the contents of a file in a directory is usually not sufficient to change the signature of the directory.