afick.conf(5) — Linux man page
This is the configuration file for afick software (Another File Integrity Checker).
it contains the list of files/directories to scan and which attribute to monitor, the name of database to use .
Files
afick use /etc/afick.conf as default configuration file (but you may change it with with -c option)
File Format
afick configuration is similar in to aide’s or tripwire’s configuration file. With little effort aide.conf can be converted to afick format (see below PORTAGE section). Afick config is case-sensitive. Leading and trailing whitespaces are ignored. Blank lines or lines beginning with # are ignored as comments.
There are four types of lines in afick. First there are configuration lines (see below CONFIG LINES section) Second there are aliases lines (see below ALIAS LINES section) Third, there are lines that used to select which files are added to the database (see below SELECTION LINES section) fourth, macros lines (see below MACROS LINES)
Only the last type of lines are required for aide to do anything.
Config Lines
These lines have the format :
for now, the available keyword are : archive := path_to_archive_directory directory with full path : the archive dir keep all logs, and can be used by webmin module database := path_to_database name with full path : the database to use debug := level set a level of debugging messages, from 0 (none) to 3 (full) default is 0 exclude_suffix := ext1 ext2 ext3 . a list of suffixes to ignore (for exemple old bak tmp) this directive can appear several times on a config file to group suffixes history := path_to_history history file keep all dates and summary results ignore_case := boolean value ignore case for file names (usefull on windows), default is no report_full_newdel := boolean value if true report all new files, else only first directory level (avoid too long outputs), default is no report_url := stdout/stderr/null where to send the report, default is stdout running_files := boolean value warn about «running» files : modified since program begin, default is no timing := boolean value Print timing statistics (user and system time), default is no verbose := boolean value for debuging purpose, default is no warn_dead_symlinks := boolean value warn about dead symlinks, default is no warn_missing_file := boolean value if true, print a warning message if file selection does not exist, default is no
boolean value : 1/yes/true or 0/no/false
Alias Lines
These lines have the format
below for predefined values
Selection Lines
These lines have the format :
There are three types of selection lines (regular, nega† tive, equals). Lines beginning with «!» are negative selection lines : the file or directory specified is ignored. attributes flag are not necessary 🙂 Lines beginning with » All», from base attributes (could be done with «All=all+a» too) ETC=All — i -c -a define the ETC alias from another one !/dev ignores the /dev directory structure. !/tmp/*.tmp exclude files with joker definition = /proc/ p+u+g scan /proc directory for files, not sub-dirs = /tmp R scan just /tmp, not inside /boot/vmlinux* all add files with a joker definition /etc ETC use base attributes, on ETC alias /var All — i -c -a use modified alias All
Globing
globing character are * and ?
they are not used as perl regular expressions, but as the shell can use them :
? replace any (one) character
* replace any chain of characters
Portage
here are some changes from aide : directives use «:= instead » S» (check for growing size) attribute I do not know how to use and code it
See Also
afick(1) for afick command line options
afick-tk(1) for afick graphical interface
Copyright
Copyright © 2002,2003,2004 Eric Gerbier All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Authors
you can report any bug or suggest to