afick.conf(5) User Contributed Perl Documentation afick.conf(5)
NAME
afick.conf - Configuration file for afick program
DESCRIPTION
This is the configuration file for afick software (Another File
Integrity Checker). It contains the list of files/directories to
scan and which attribute to monitor, the name of database to use
...
FILE
Afick use /etc/afick.conf (Unix) or windows.conf (Windows) as default
configuration file (but you may change it with with -c afick's
command-line option)
FILE FORMAT
afick configuration is similar in to aide's or tripwire's
configuration file. With little effort aide.conf can be converted to
afick format (see below portage section).
general rules :
o Afick config is case-sensitive.
o Leading and trailing white spaces are ignored.
o Blank lines or lines beginning with # are ignored as comments.
There are four types of lines in afick :
"configuration lines"
general afick parameters
"alias lines"
customized user's rules
"selection lines"
the list of files to monitor.
"macros lines"
batch parameters (Unix cron)
CONFIGURATION LINES
These lines have the format : "keyword := value"
for now, the available keywords are :
allow_overload := boolean value
if set, allow rule overload (the last rule wins), else put a
warning and keep the first rule. Default is true.
archive := path_to_archive_directory
directory with full path : the archive directory keep all logs, and
can be used by webmin module. Default is empty (none).
database := path_to_database
name with full path : the database to use. This parameter is
necessary.
debug := level
set a level of debugging messages, from 0 (none) to 4 (full).
Default is 0.
only_suffix := ext1 ext2 ...
the default behavior is to scan all requested directories, and add
some exception by rules or with the exclude_* directives. But in
some cases it is easier to only define which suffixes you want. In
this way exclude_* are not used, and the database will contain all
directories, and only files with the given suffix. This directive
is empty by default (disabled), and will be interesting on
operating systems such windows : this will speed the scan, but
decrease the security.
exclude_suffix := ext1 ext2 ...
a list of suffixes (files or directories ending in .ext1 or .ext2
...) to ignore (for example : old bak tmp ). This directive can
appear several times on a config file to group suffixes. Default
is empty.
exclude_prefix := pre1 pre2 ...
a list of prefix (files or directories beginning with pre1 or pre2
...) to ignore (for example : tmp toto ). This directive can
appear several times on a config file to group prefixes. Default
is empty.
exclude_re := pat1 pat2 ...
a list of regular expressions to ignore. this apply on full file
path. examples can be found on examples section. this directive
can appear several times on a config file to group patterns.
Default is empty.
follow_symlinks := boolean value
if set, do checksum on target file, else do checksum on target file
name. Default is no.
history := path_to_history
history file keep all dates and summary results. Default is empty
(none).
ignore_case := boolean value
ignore case for file names (useful on Windows). Default is no.
max_checksum_size := numeric value
checksum is cpu expensive, this value (a file size in bytes)
indicates to have the checksum on first max_checksum_size first
bytes, to have afick faster on big files. WARNING : this option
will make afick faster but less secure ... default is 0 (no
limit).
report_full_newdel := boolean value
if true report all new files, else only first directory level
(avoid too long outputs). Default is no.
report_url := stdout|stderr|null|syslog
where to send the report, default is stdout. null means no report.
report_syslog := boolean value
If true, send also the report to syslog. Default is no.
running_files := boolean value
warn about "running" files : modified since program begin, default
is no.
timing := boolean value
Print timing statistics (user and system time), default is no.
verbose := boolean value
for debugging purpose, default is no.
warn_dead_symlinks := boolean value
warn about dead symbolic links, default is no.
warn_missing_file := boolean value
if true, print a warning message if file selection does not exist,
default is no.
ATTRIBUTES
attributes define which parameters to monitor.
base attributes are :
a: atime
last access time in seconds since the epoch
b: blocks
actual number of blocks allocated
c: ctime
inode change time
d: device
device number of filesystem, major and minor number
g: group
gid of the file
i: inode
inode number
m: mtime
last modify time since epoch
md5 : md5 checksum
the default checksum
n: number of hard links
see ln command
p: permissions
owner, group, other (Unix)
u: user
uid of the file
s: file size
in bytes
sha1 : sha1 checksum
optional, more secure than md5, but not available on all hosts
ALIAS LINES
An alias define a customized set of attributes. It is used to write
rules for some kind of files ( see examples)
the syntax is : "alias_name = alias | attribute [ +attribute ] [ -
attribute]"
Afick comes with some pre-defined aliases :
all for b+c+d+g+i+m+md5+n+p+u+s (all parameter except atime)
R for p+d+i+n+u+g+s+m+c+md5 (for aide compatibility)
L for p+d+i+n+u+g (for aide compatibility)
P for u+g+p+s+n+5 (permission and checksum)
E for (empty) (for aide compatibility)
SELECTION LINES
this lines define the list of files to monitor, and what to monitor.
the syntax is : "selection_type selection_file attribute_flag"
selection_type
There are three types of selection lines :
negative
Lines beginning with "!" : the file or directory specified is
ignored. attributes flag are not necessary :)
equals
Lines beginning with "=" : an be used to avoid sub-directory
scan.
if the directory ends with a / : scan directory it-self and it's
files, but not it's sub-directories
else : only scan directory it-self (no files, no sub-
directories)
regular
others lines are regular selective lines : files are added,
directories are added with their contents (files and sub-
directories)
selection_file
file design a file or directory with it's full path
file names with blank characters should be quoted
attribute_flag
can be :
an alias name
example : "all"
an expression as an alias definition
example : "all - u"
MACROS LINES
macros lines begin with @@defines, they are not used by afick it-self,
but by batch job :
@@define LINES a_number
is used to truncate too long mails from cron job
@@defines MAILTO a_mail_address[,another_mail]
is used to send cron job output by mail any number of email can be
set, delimited by comma, without any space
@@defines MAILHOST an_smtp_server
define the mail server to send the mail, on windows only
@@defines VERBOSE bool
with bool=1 to have a mail each day, and bool=0 to have only mail
if find changes
@@defines REPORT bool
with bool=1 to enable a mail report and bool=0 to disable mail
report
@@defines NICE val
val is the nice value (see man nice) : 10 is for a normal job, 14
for a normal cron job, 19 is for very low level job
@@defines BATCH bool
is used to control afick cron job (for remote users with afick
webmin module for example) : bool=1 allow cron job, bool=0
stop cron job
@@defines MOUNT directory
(optionnal) : specify a directory to mount before the scan and to
unmount after the directory has to be defined in /etc/fstab file
EXAMPLES
database := /var/lib/afick/afick
define the path to database
All= a+b+c+d+g+i+m+md5+n+p+u+s
defines the alias "All", from base attributes (could be done
with "All=all+a" too)
ETC=All - i -c -a
define the ETC alias from another one
!/dev
ignores the /dev directory structure.
!/tmp/*.tmp
exclude files with joker definition
=/proc/ p+u+g
scan /proc directory for files, not sub-directories
=/tmp R
scan just /tmp, not inside
/boot/vmlinux* all
add files with a joker definition
/etc ETC
use base attributes, on ETC alias
/var All - i -c -a
use modified alias All
exclude_re := sav$
exclude files ending with sav (for example toto.rpmsav, which is
not excluded by "exclude_suffix := sav")
exclude_re := /tmp$
exclude all files or directories named tmp (but not files such tmpa
or atmp as "exclude_prefix := tmp" does)
exclude_re := \s
exclude all files or directories containing a space char
exclude_re := ^/var/log/.*\d
exclude all files under /var/log directory which contain a numeral
(example : /var/log/mail/info.1.gz)
GLOBING
globing character are * and ?
they are not used as perl regular expressions, but as the shell can
use them :
'?' replace any (one) character
'*' replace any chain of characters
PORTAGE
here are some changes from aide :
directives
use ":= instead "="
database syntax
use pathname syntax instead url syntax
database number
no database_out directive : work on only one database
compression
no gzip_dbout directive : database is already in binary format
checksum
only md5 and sha1 hash : no rmd160, tiger, haval, gost, crc32
growing size
no "S" (check for growing size) attribute : I do not know how to
use and code it
SEE ALSO
afick(1) for command-line interface syntax
afick-tk(1) for graphical interface
afickonfig(1) for a tool to change afick's configuration file
afick_archive(1) for a tool to manage archive's reports
COPYRIGHT
Copyright (c) 2002,2003,2004 Eric Gerbier All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
AUTHOR
Eric Gerbier
you can report any bug or suggest to gerbier@users.sourceforge.net
perl v5.10.0 2009-07-24 afick.conf(5)
afick 2.14-1 - Generated Sun Aug 9 09:14:40 CDT 2009