linux poison RSS
linux poison Email

File Integrity Checker for OpenSuse - AFICK

Afick is a security tool, very close from the well known tripwire. It allows to monitor the changes on your files systems, and so can detect intrusions. It only needs standard perl to work.

It will be run daily by cron to detect new/deleted/modified files. It works by first (init) making an snapshot of strategic directories attributes, and then compare the disk status with this snapshot.
A Graphical interface is available in afick-gui package.

Afick is now composed of different parts (packages) :

    * afick : the base, command-line tool
    * afick-gui : a graphical interface (in perl/Tk)
    * rtafick : a "real-time" afick : which will run as a service/daemon : it is in very early stage

Installation:
Use "1-click" installer to install all the above component from packman - here  or if you are already subscribe to "packman" you can go the yast >> software management and search for package "afick", after getting the results select the packages and "accept" to install it.


After sucessfull installation you can open up the aflick-tk (GUI tool) for configuration


After  installation of any new software you can run the "compare" mode to see what all changes was done in the system files



You can also use the command line option to work with aflick

Initiate your base: afick.pl -c /etc/afick.conf -i
Compare it regularly: use the compare (-k) or update (-u) command
afick.pl -c /etc/afick.conf -k
afick.pl -c /etc/afick.conf -u

Update it manually after any change: To know exactly what an install does :
   1. run afick in update mode
   2. install/upgrade/remove your software
   3. re-run afick in update mode

Look at the man pages for more details


0 comments:

Post a Comment

Related Posts with Thumbnails