also, the file isn't tamper protected so anyone with root access can modify it. and you can't configure scheduled scans in it, you have to separately create cron jobs for that on each server. also, there's no versioning in the file, so if you send a new config file out to be copied to each system, you've no idea if they've actually received the file or not.