• NAME
• DESCRIPTION
• SYNOPSIS
• ACTIONS
• OPTIONS
• FILES
• USE
• RETURN VALUES
• NOTES
• SEE ALSO
• COPYRIGHT
• AUTHORS

NAME

afick - Another File Integrity Checker

DESCRIPTION

The goal of this program is to monitor what change on your host : new/deleted/modified files. So it can be used as an intrusion detection system ( by integrity checking ). It is designed to be a portable clone of aide (Advanced Intrusion Detection Environment), or Tripwire software.

You should launch it regulary (by cron for example) and after any software change.

This is a command-line program, you can use afick-tk.pl if you prefer a graphical interface.

SYNOPSIS

afick [action] [options]

afick use posix syntaxe, which allow many possibilities :

• long (--) options

• short (-) options

• negative (--no) options

ACTIONS

You have to use one this mandatory action :

• --init|-i
  initiate the database.

• --check_config|-C
  only check config file syntaxe and exit with the number of errors

• --clean_config|-G
  check config file syntaxe, clean (coments) bad line, and exit with the number of errors

• --compare|-k
  compare the file system with the database.

• --list|-l ``file1 file2 ... filen''
  compare the specified files with the database.

• --print|-p
  print the content of the database.

• --print_config
  display internals variables after options and config file parsing (for debugging purposes)

• --update|-u
  compare and update the database.

OPTIONS

You can use any number of the following options :

• --archive|-A directory
  write reports to ``directory''.

• --config_file|-c configfile
  read the configuration in config file named ``configfile''.

• --database|-D name
  name of database to use.

• --debug|-d level
  set a level of debugging messages, from 0 (none) to 3 (full)

• --full_newdel|-f,(--nofull_newdel)
  (do not) report full information on new and deleted directories. Default : no

• --help|-h
  Output help information and exit.

• --history|-y historyfile
  write session status to history file

• --ignore_case|-a
  ignore case for file names. Can be helpfull on windows plateforms, but is dangerous on unix ones.

• --missing_files|-m,(--nomissing_files)
  (do not) warn about files declared in config files which does not exists. Default : no

• --dead_symlinks|-s,(--nodead_symlinks)
  (do not) warn about dead symlinks. Default : no

• --progress|-P
  display the name of scanned files, to be used only by afick-tk

• --running_files|-r,(--norunning_files)
  (do not) warn about ``running'' files : modified since program begin. Default : no

• --timing|-t,(--notiming)
  (do not) Print timing statistics. Default : no

• --version|-V
  Output version information and exit.

• --verbose|-v,(--noverbose)
  (not in) verbose mode (obsolete). Default : no

• --exclude_suffix|-x ``ext1 ext2 ... extn''
  list of suffixes to ignore

• --exclude_prefix|-X ``ext1 ext2 ... extn''
  list of prefix to ignore

FILES

if no config file on command line, afick try to open /etc/afick.conf (unix) or windows.conf (windows) as default config

for config file syntax see afick.conf(5)

each database is composed of 3 binary files :

• one with .dir suffixe : a file index

• one with .pag suffixe : the database core

• one with .ctr suffixe : a control file

USE

To use this program, you must

first adjust the config file to your needs : see afick.conf(5) for the syntaxe)

then initiate the database with : afick -c linux.conf --init

then you can compare with afick -c linux.conf -k

or compare and update with afick -c linux.conf --update

RETURN VALUES

An exit status of 0 means no differences were found, non-zero means some differences were found. The non-zero value is a bitmap represent- ing the type of difference found:

Bit 0 ( value : 1)

Dangling

Bit 1 (value : 2)

Changed

Bit 2 (value : 4)

Deleted

Bit 3 (value : 8)

New

NOTES

this program only use perl and its standard modules.

SEE ALSO

COPYRIGHT

Copyright (c) 2002,2003,2004 Eric Gerbier All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

AUTHORS

Eric Gerbier

you can report any bug or suggest to gerbier@users.sourceforge.net