afick - Another File Integrity Checker


NAME

afick - Another File Integrity Checker


DESCRIPTION

The goal of this program is to monitor what change on your host : new/deleted/modified files. So it can be used as an intrusion detection system ( by integrity checking ). It is designed to be a portable clone of aide (Advanced Intrusion Detection Environment), or Tripwire software.

You should launch it regularly (by cron for example) and after any software change.

This is a command-line program, you can use afick-tk.pl if you prefer a graphical interface.


SYNOPSIS

afick [action] [options]

afick use posix syntax, which allow many possibilities :


ACTIONS

You have to use one this mandatory action :


OPTIONS

You can use any number of the following options :


FILES

if no config file on command line, afick try to open /etc/afick.conf (Unix) or windows.conf (Windows) as default config

for config file syntax see afick.conf(5)

each database is composed of 3 binary files :


USE

To use this program, you must

first adjust the config file to your needs : see afick.conf(5) for the syntax)

then initiate the database with : afick -c afick.conf --init

then you can compare with afick -c afick.conf -k

or compare and update with afick -c afick.conf --update


ENVIRONMENT

The default config file can be set with AFICK_CONFIG environment variable.


RETURN VALUES

An exit status of 0 means no differences were found, non-zero means some differences were found. The non-zero value is a bitmap representing the type of difference found:

Bit 0 ( value : 1)
Dangling

Bit 1 (value : 2)
Changed

Bit 2 (value : 4)
Deleted

Bit 3 (value : 8)
New


SECURITY

For a better security, afick not only check the rules from configuration file, but try to check it-self : perl scripts, configuration file, database, and warn if something change.


NOTES

this program only use perl and its standard modules.


SEE ALSO

afick.conf(5) for configuration file
afick-tk(1) for graphical interface
afickonfig(1) for a tool to change afick's configuration file
afick_archive(1) for a tool to manage archive's reports


COPYRIGHT

Copyright (c) 2002,2003,2004 Eric Gerbier All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.


AUTHORS

Eric Gerbier

you can report any bug or suggest to gerbier@users.sourceforge.net

 afick - Another File Integrity Checker