The configuration file determines what integrit does when it runs. For that reason, it should be kept on a secure medium, like a CD-ROM or a directory that's exported via read-only NFS from a tightly-secured machine.
The location of the known database (which contains information about the previous state of the host's files) is specified with a line like this:
known=/root/databases/usr_known.cdb
The location of the current database (the one to be generated if integrit is doing an update) is specified in a similar manner.
current=/root/databases/usr_current.cdb
The root of the filetree that integrit will cover is specified on a line like this:
root=/usr
Whether or not integrit descends parts of the filetree, and whether or not it does checksums, comparison of access times, etc., are specified in a compact syntax (described below) on lines like these:
!/usr/local/useless
!/usr/mnt/nfs
=/usr/share/teTeX
/usr/local/var/log SIAM