Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Fcheck - Simple Perl Integrity checker

News Integrity Checkers Recommended Links Fcheck Afick Viper
Nabou Slipwire (Perl)   Toby Humor Etc

fcheck is GPL licensed Perl script written by Michael A. Gumienny. Its a medium size (80K source) monolythic PERL script.  It's source can be downloaded from various sites (debian). The current version is 2.7.59. Development stopped in 2001.

Script works both in Windows and Unix, but it is preferable to run it under Cygwin under Windows.

Directories and files for checking are specified in  fcheck.cfg file.  Both non-recursive recursive directory specifications are supported. For recursive comparison the directory should have training slash like in /usr/

It is configurable to exclude files or directories. The latter can be excluded recursively (same syntax as for inclusion).  The keywords are:

Can be ran as often  as needed from the command line or cron making it extremely difficult to circumvent.

Usage:

    fcheck [-acdfihlrsvx] [configuration file ] [directory ]

Options:

Example of config file

# FCheck.cfg (Sol)
#
# Directories to be monitored are shown below. Multiple entries may be used
# by using the following 'keyword=variable' format:
#
# [Directory=(path/name)]
# [Directory=(path/name)]
# ...
#
# If you want recursive direcotry monitoring, place a / at the end of
# the directory name, otherwise the script will interpret the entry as a
# single file or single directory to monitor.
#
# For example the entry "Directory=/usr"
#     will watch everything in the /usr directory
#
# and the entry "Directory=/etc/passwd"
#     will monitor only the password file.
#
# while the entry "Directory=/usr/"
#     will watch everything in the /usr directory, and everything
#     recursively under it, (I.E. /usr/bin..., /usr/local/..., etc.)
# 

Directory	= /usr/local/admtools/
Directory	= /tmp/
#Directory	= C:/WINNT/



# WARNING
# Use the following exclusions with care,
# only include log files that are constantly undating and are known to
# be written to frequently otherwise you can defeat the purpose of fcheck
# by excluding too much...
#
# Specific files, and/or directories can be excluded.
#
# If used, configure them as full paths and their filenames. Directory
# names must have a "/" appended to the end of its filename in the exclude
# section.
#

#Exclusion      = /tmp/dir/afile
Exclusion       = /usr/local/admtools/data/
#Exclusion       = /usr/local/admtools/logs/
#Exclusion       = C:/WINNT/TEMP/




# Miscellaneous settings are passed to fcheck from here.
#
# The baseline database files are to be kept under the "DataBase" directory
# that is defined next.
#
DataBase        = /usr/local/admtools/logs/sol.dbf
#DataBase       = C:/FCHECK/LOCALHOST.DBF


# If you are using a read-only location. You can write the database files to
# one location, and read from an alternate read-only (CD-ROM?) location.
#ReadDB          = /usr/local/data
#WriteDB         = /usr/local/data



# Your systems interface for passing messages to its log files, UNIX systems
# are typically found as "/usr/bin/logger".
#
# You could also send messages directly to a line printer if desired.
#
# Win32 platforms are forced to use line printers for now until a error
# logging module is created for NT platforms.
#
#Logger          = /usr/bin/lpr
#
# As of version 2.7.50, you pass logger taglines (-t) options through here.
# Any other options can now be passed to third party loggers, scripts, etc.
Logger          = /usr/bin/logger -tfcheck

#AuthLogger      = /usr/bin/logger -tfcheck -pauth.info
#AuthLogger      = /usr/bin/logger -tfcheck -pauth.notice



# This is the system command to determine a files type. Used to determine
# pipes, major/minor numbers.
#
# Only useful on Unix platforms, not portable to Windows (yet).
FileTyper        = /bin/file



# You may optionally set your hostname from the configuration file if FCheck
# is unable to determine it on its own.
#
#HostName        = "Mikes"


# You may optionally set the system type from the configuration file if
# FCheck is unable to determine it on its own.
# Currently the only accepted option her is "System = DOS", otherwise FCheck
# will default to a UNIX system.
#
#System          = Dos



# This must be set only for readability by you. It in no way effects the scan
# function of FCheck. It only changes what is presented to the end user, so
# the times that are presented to you may not be accurate if not set.
TimeZone        = EST5EDT



# This is used only if you require/desire a hash signature to also be generated
# for each file by use of the '-s' flag. If you do not use the (s)ignature
# flag, then the following variable setting will not impact fcheck in any way.
#$Signature      = /usr/bin/sum
#$Signature      = /usr/bin/cksum
#$Signature      = /usr/bin/md5sum
$Signature      = /bin/cksum



# Include an optional configuration file.
# [CFInclude = (path/config_file_name)]
#CFInclude

# Used for individual file checking (I.E. FCheck databases!)
#
File	= /usr/local/admtools/logs/sol.dbf

#
# End of FCheck.cfg file
#

NEWS CONTENTS

Old News ;-)

Building a Linux-Based Appliance

Configuration Backup and Restore

To create the backup and restore utilities, it was critical to determine which files needed to be backed up. For this purpose we used the utility FCheck, a popular and useful Perl script by Michael A. Gumienny. FCheck makes it is possible to take a snapshot of the files before changes are made, and then view the differences after the changes are completed. FCheck is available at www.geocities.com/fcheck2000/fcheck.html. (It is also extremely useful for performing intrusion detection.)

Setup and configuration is performed by modifying the fcheck.cfg file, in which you can specify both paths and individual files to be monitored for changes. You can exclude individual files or directories and specify whether a monitored directory should be recursively scanned.

Before making changes to the configuration files, we ran FCheck as follows:

./fcheck -acd

This created a baseline file, which stores all of the original states of the files, including file size and time of last modification. After modifying the configuration files and loading a new policy from the Windows-based Policy Editor, we ran FCheck as follows:

./fcheck -ad | grep WARNING

This displayed the files changed during the policy modification process.

Using fcheck (or installing-using some other integrity checker) MEPIS

The fcheck utility is an IDS (Intrusion Detection System) which can be used to monitor changes to any given filesystem.

Essentially, fcheck has the ability to monitor directories, files or complete filesystems for any additions, deletions, and modifications. It is
configurable to exclude active log files, and can be ran as often as needed from the command line or cron making it extremely difficult to cir-
cumvent.

Operation and Getting Started

Flag passing is a fairly simple process. Primarily you will be using two commands. One builds (or rebuilds) your baseline database files (system
snapshots). The second runs in a scanning comparison mode.

"fcheck -ac"

Builds the baseline database.

"fcheck -a"

Comparison scans the system against the baseline database.

For normal operation: Initially you will run fcheck by issuing the command "fcheck -ac" to create the initial baseline file used for comparison.
Any runs after the creation of the basline will normally be with the following flags "fcheck "-a"" to scan for any system modifications.

After a scan is completed, you will probably want to have fcheck re-create its baseline database for the next comparison cycle. Otherwise you
will be seeing every system modification since the last baseline re-build. In other words, run the "fcheck -ac" command again.

(Advanced Note:) A more intensive system check would be accomplished by building your database to include GID/UID checks, directories, and CRC
checks by using the following sample syntax:

"fcheck -cadsxlf /etc/fcheck/fcheck.cfg"

And provide periodic integrity scans from cron by using the following sample syntax:

"fcheck -adsxlf /etc/fcheck/fcheck.cfg"



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March, 12, 2019