afick.conf(5) - Linux man page
Name
afick.conf - Configuration file for afick program
Description
This is the configuration file for afick software (Another File Integrity Checker).
it contains the list of files/directories to scan and which attribute to monitor, the name of database to use ...
Files
afick use /etc/afick.conf as default configuration file (but you may change it with with -c option)
File Format
afick configuration is similar in to aide's or tripwire's configuration file. With little effort aide.conf can be converted to afick format (see below PORTAGE section).
- Afick config is case-sensitive.
- Leading and trailing whitespaces are ignored.
- Blank lines or lines beginning with # are ignored as comments.
- Leading and trailing whitespaces are ignored.
There are four types of lines in afick.
- First there are configuration lines
- (see below CONFIG LINES section)
- Second there are aliases lines
- (see below ALIAS LINES section)
- Third, there are lines that used to select which files are added to the database
- (see below SELECTION LINES section)
- fourth, macros lines
- (see below MACROS LINES)
Only the last type of lines are required for aide to do anything.
Config Lines
These lines have the format :
keyword := value
for now, the available keyword are :
- archive := path_to_archive_directory
- directory with full path : the archive dir keep all logs, and can be used by webmin module
- database := path_to_database
- name with full path : the database to use
- debug := level
- set a level of debugging messages, from 0 (none) to 3 (full) default is 0
- exclude_suffix := ext1 ext2 ext3 ...
- a list of suffixes to ignore (for exemple old bak tmp) this directive can appear several times on a config file to group suffixes
- history := path_to_history
- history file keep all dates and summary results
- ignore_case := boolean value
- ignore case for file names (usefull on windows), default is no
- report_full_newdel := boolean value
- if true report all new files, else only first directory level (avoid too long outputs), default is no
- report_url := stdout/stderr/null
- where to send the report, default is stdout
- running_files := boolean value
- warn about "running" files : modified since program begin, default is no
- timing := boolean value
- Print timing statistics (user and system time), default is no
- verbose := boolean value
- for debuging purpose, default is no
- warn_dead_symlinks := boolean value
- warn about dead symlinks, default is no
- warn_missing_file := boolean value
- if true, print a warning message if file selection does not exist, default is no
boolean value : 1/yes/true or 0/no/false
Alias Lines
These lines have the format
alias_name = <predefined attribute>| + <predefined group>| - <predefined group>
see ATTRIBUTES section
below for predefined values
Selection Lines
These lines have the format :
<selection_type><file or directory> <attributes flag>
There are three types of selection lines (regular, nega† tive, equals).
- Lines beginning with "!" are negative selection lines :
- the file or directory specified is ignored. attributes flag are not necessary :)
- Lines beginning with "=" are equals selection lines :
- it can be used to avoid sub-dir scan. 2 syntaxes are available :
if the directory ends with a / : scan directory it-self and it's files, but not it's sub-dir
else : only scan directory it-self (no files, no sub-dirs)
- others Lines are regular selective lines :
- files are added, directories are added with their contents (files and sub-directories)
file names with blank characters should be quoted
file or directory names should be specified with full pathname
attributes flag can be specified with in 2 ways :
- alias names
- (see above ALIAS NAME section)
- any combination of attributes
- ,with alias syntaxe
Macros Lines
macros lines begin with @@, they are not used yet by afick, but by cron job :
- @@define LINES a_number
- it is used to truncate too long mails from cron job
- @@defines MAILTO a_mail_adress
- it is used to send cron job output
- @@defines VERBOSE bool
- with bool=1 to have a mail each day, and bool=0 to have only mail if find changes
- @@defines NICE val
- val is the nice value (see man nice) : 10 is for a normal job, 14 for a normal cron job, 19 is for very low level job
- @@defines BATCH bool
- is used to control afick cron job (for remote users with afick webmin module for exemple) : bool=1 allow cron job, bool=0 stop cron job
Attributes
base attributes are :
- a: atime
- (last access time in seconds since the epoch)
- b: blocks
- (actual number of blocks allocated)
- c: ctime
- (inode change time)
- d: device
- (device number of filesystem, major and minor number)
- g: group
- (gid of the file)
- h: md5 checksum
- (for compatibility with older version, md5 should be used now)
- i: inode
- (inode number)
- m: mtime
- (last modify time since epoch)
- md5 : md5 checksum
- (the default checksum)
- n: number of hard links
- (see ln command)
- p: permissions
- (owner, group, other)
- u: user
- (uid of the file)
- s: file size
- (in bytes)
- sha1 : sha1 checksum
- (optionnal, replace md5)
predefined alias are :
- all = b+c+d+g+i+m+md5+n+p+u+s
- all parameter except atime (a)
- R = p+d+i+n+u+g+s+m+c+md5
- for aide compatibility
- L = p+d+i+n+u+g
- for aide compatibility
- E = (empty)
- for aide compatibility
Examples
- database := /var/lib/afick/afick
- define the path to database
- All= a+b+c+d+g+i+m+md5+n+p+u+s
- defines the alias "All", from base attributes (could be done with "All=all+a" too)
- ETC=All - i -c -a
- define the ETC alias from another one
- !/dev
- ignores the /dev directory structure.
- !/tmp/*.tmp
- exclude files with joker definition
- = /proc/ p+u+g
- scan /proc directory for files, not sub-dirs
- = /tmp R
- scan just /tmp, not inside
- /boot/vmlinux* all
- add files with a joker definition
- /etc ETC
- use base attributes, on ETC alias
- /var All - i -c -a
- use modified alias All
Globing
globing character are * and ?
they are not used as perl regular expressions, but as the shell can use them :
? replace any (one) character
* replace any chain of characters
Portage
here are some changes from aide :
- directives
- use ":= instead "="
- database
- use pathname syntaxe instead url syntaxe
- no database_out directive :
- work on only one database
- no gzip_dbout directive :
- database is already in binary format
- only md5 and sha1 hash :
- no rmd160, tiger, haval, gost, crc32
- no "S" (check for growing size) attribute
- I do not know how to use and code it
See Also
afick(1) for afick command line options
afick-tk(1) for afick graphical interface
Copyright
Copyright (c) 2002,2003,2004 Eric Gerbier All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Authors
Eric Gerbier
you can report any bug or suggest to <gerbier@users.sourceforge.net>
