File: install

package info (click to toggle)
fcheck 2.7.59-22
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 608 kB
  • sloc: perl: 5,384; sh: 45; makefile: 41
file content (370 lines) | stat: -rw-r--r-- 12,873 bytes parent folder | download | duplicates (12)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370

              FCheck: The filesystem baseline integrity checker.
                    Copyright (C) 1996 Michael A. Gumienny


      Please send your comments, updates, improvements, wishes and
                        bug reports for fcheck to:

                           Michael A. Gumienny
                           gumienny@hotmail.com

     ###################################################################



  Note:
  FCheck operation is essentially identical for both UNIX and Win32
  platforms, the only difference is the inclusion of a drive letter.
 
  (DOS Note)
  Please note that all DOS platform path names are entered with a UNIX style
  forward slash "/", I.E. "C:/", "D:/games/warped", and "C:/Windows". Any
  number of drives may be included, and drive letters can be omitted for any
  actions on the drive that FCheck is installed on, (I.E. "/Windows", and 
  "/Windows/system" can be used without a drive letter pre-pended to the path).



  Requirements:
  =============

  FCheck was initially developed for HP/UX and Sun Solaris systems running
  PERL 5.x. It should run on any platform that supports PERL scripts with
  no difficulties. FCheck has been successfully tested and operated by the
  author on the following systems:

        AIX
        BSD and variants (BSDi, NetBSD, FreeBSD, OpenBSD)
        HP/UX
        Linux
        SCO
        Solaris
        SunOS
        Windows 95/98/NT
        Win3.x (See note)

  Note: It is possible to operate versions of FCheck prior to 2.07.45 on 16
  bit DOS platforms by carefull selection of directory names and slight
  modification to the script. Contact the author if a more detailed
  explanation is desired.
  



     ###################################################################



  Installing FCheck:
  ==================

  1.  Read the README and Release Notes for the latest FCheck information.

      FCheck is distributed as a tarred and gzip'ed file for UNIX systems.
      The same version is also available as a Zipped archive for any DOS
      platforms that can not uncompress the UNIX version.

      Because FCheck can be ran on any platform that supports PERL and long
      filenames (DOS or UNIX). No slick installation scripts are included.



  2.  Decide what directories you are going to install FCheck in and where to
      keep its database files.

      The most commonly used UNIX directories are "/usr/local/fcheck" for the
      executable and configuration files, and "/usr/local/fcheck/fcheck.dbf"
      for the database storage area.

      (DOS Note)
      You could use a directory called "C:/FCheck" for the executable and
      configuration files, and "C:/FCheck/fcheck.dbf" for the database storage
      area on DOS based platforms, but anything is acceptable.


  3.  Copy the FCheck executable (FCheck) and configuration file (FCheck.cfg)
      from your downloaded distribution to the location selected in the last
      item (2 above) to the machine on which you wish to install and run the
      product.



  4.  Modify the FCheck executable to reflect appropriate paths selected for
      your system. Find the "User modifiable variable definitions" section
      (shown below) and modify it to reflect your site requirements as needed
      by the following:

      a) Ensure the variable ($config="/usr/local/etc/fcheck.cfg" or
         $config="C:/FCheck/FCheck.cfg") depending on your platform is set
         properly in the executable (FCheck) if you have renamed your
         configuration file or install path to anything other than the
         included default FCheck.cfg.

   ##########################################################################
   #                                                                        #
   #                 User modifiable variable definitions:                  #
   #                                                                        #
   ##########################################################################
   $config="/usr/local/etc/fcheck.conf";
   # If you have a Win32 system, include the Drive letter like this example
   $config="C:/FCheck/FCheck.cfg"



       b) Note: This can be over-ridden by passing the '-f' flag and the
          complete path and name of an alternate configuration file.



     ###################################################################



  Configure FCheck:
  =================

  5.  Read the included README for an overview of FCheck fundamentals.

      The configuration file is comprised of only seven reserved keywords that
      are used to pass information to FCheck.

      Those keywords are:

        - Directory
        - Exclusion
        - DataBase
        - Logger
        - Hostname
        - System
        - TimeZone

      These keyword definitions can be used multiple times within the
      configuration file to pass your definitions as follows:

                Keyword = Your definition of this variable



      Keyword Definitions:
      ====================

      Directory:
      ----------
        Used to define all directories that are to be monitored by FCheck. To
        monitor the "/etc" directory, the line is entered as follows:

                Directory = /etc
                # Win32 systems would include a like as follows:
                Directory = C:/etc

        To tell FCheck to monitor directories recursively (I.E. /etc and all
        directories below it, excluding symbolic links) is accomplished by
        appending a "/" to the end of a definition.

                Directory = /etc/
                # Win32 systems include the drive letter as follows:
                Directory = C:/etc/

        The preceding entry would monitor the "/etc/" directories
        recursively.

        The one exception to this recursive rule is a root directory entry.

                Directory = /
                # Win32 systems include the drive letter as follows:
                Directory = C:/

        This entry will NOT return recursive results, but will check only the
        defined top-level root directory. Individual subdirectories will have
        to be defined separately with multiple "Directory =" entries. This is
        a residual effect of clean UNIX systems not utilizing their top level
        directory for anything other than the kernel.



      Exclusion:
      ----------
        Used to define files or directories to pass over when verifying
        integrity.

        If your system contains active log files that are updated frequently
        (who doesn't). You would need to use the "Exclusion =" definition to
        prevent FCheck from monitoring that file or directory tree.

                Exclusion = /var/adm/
                # Win32 systems include the drive letter as follows:
                Exclusion = C:/Windows/Temporary Internet Files/

        The above example would pass over all of the actively updated log
        files on a typical UNIX (or DOS) system.

        Note that the appended "/" IS required should the excluded file be a
        directory name. Otherwise FCheck will attempt to interpret the
        exclusion as a filename and not a directory.



      File:
      ---------
        Used to convey the full path and filename that FCheck should utilize



      DataBase:
      ---------
        Used to convey the full path and filename that FCheck should utilize
        to store all of its baseline generated files. As pointed out elsewhere
        in this document the database filename that you use could be any
        existing directory and filename of your own desire.

                Database = /usr/local/fcheck/fcheck.dbf
                # Win32 systems include the drive letter as follows:
                Database = C:/FCheck/FCheck.dbf

        The above example would utilize the "/usr/local/fcheck/db" directory
        for storage of baseline snapshot databases, and "C:/Fcheck/FCheck.dbf"
        on a DOS system.



      Logger:
      -------
        Used to convey the executable file that should be used to transmit
        messages to your particular systems log files. It is activated by use
        of the "-l" flag.

                Logger = /usr/bin/logger

        The Logger keyword could also be used to send messages to an attached
        printer if log files are not readily available by use of the
        following example syntax:

                Logger = /usr/bin/lpr



      Hostname:
      ---------
        This keyword is used to pass the systems hostname should FCheck not
        be able to determine the hostname automatically. This will be a
        common issue on Windows 95/98 platforms without a 'hostname'
        function, but should not hinder UNIX operation. You should use the
        environment variable 'HOSTNAME=' within UNIX but if you cannot do
        this, then the hostname can be set by use of this keyword.



      System:
      -------
        By default, FCheck is designed to assume that it is operating on a
        UNIX platform. On some rare occasions it is possible that FCheck may
        become confused and assume that it is on a DOS platform. If this
        situation happens to you, then you can use the System keyword like
        this example:

                System = UNIX

        Currently FCheck only runs on UNIX by default and 32bit DOS platforms
        that support long filenames and PERL. So "DOS" is the only valid
        entry that can be used for this keywords definition. Any other entry
        will force FCheck to assume it is operating on a UNIX platform.



      TimeZone:
      ---------
        This is an overide of the environment variable TZ. It in no way
        effects the operation of FCheck other than how time is presented to
        the end user.

                TimeZone = EST5EDT



      Signature:
      ----------
        This is used only if you require/desire a hash signature to also be
        generated for each of the files by use of the '-s' flag. This does not
        allow for the granularity of individual file selection as Tripwire, but
        allows operation to remain easier.

        You may select any CRC/hash signature function that you feel secure and
        comfortable with that is installed on your system by including the
        'Signature' keyword along with the intended functions location in the
        configuration file as follows:

                Signature = /usr/bin/md5sum

        As previously stated, you should be able to use any CRC/hash function
        with FCheck including but not limited to, 'sum', 'cksum', and 'md5sum'
        to name only a few of the more common functions available.

        Note: Simple CRC calculations can produce identical results for files
        that are NOT identical! Use caution and common sense on your own
        CRC or hash selection for your reliabilty factor to remain high.



  6.  Modify the default configuration file (FCheck.cfg) that has been
      provided only as a bare bones sample starting point. Or, create your
      own based on your own particular needs from what you have learned in
      section five above.



     ###################################################################



  Running FCheck
  ==============

  (The next steps assume you are running from FCheck's directory that you
  installed to. Change the paths and filenames as appropriate for you.)

  7.  Initiate FChecks database by using the (-c)reate and (-a)ll flags as
      follows:

                ./FCheck -ca

      You can include the -(v)erbose flag if you would like to see the
      progress of FCheck.



  8.  Set up FCheck to scan your system for any modifications made since the
      last baseline snapshot (FCheck -ca) that you have.  The best method of
      operation is through an unattended crontab entry with the least amount
      of time possible between scans.

      You can also run FCheck interactively from the command line or cron by
      use of the following (-a)ll flag example:

                ./FCheck -a



  Congratulations! If you successfully completed these steps, then FCheck is
  set and ready to go.



     ###################################################################



  Conclusions:
  ============

  FCheck can be ran with very little time required between runs, dependent
  only upon the amount of monitored resources and your CPUs speed, making it
  very difficult to circumvent.

  Once a change has been detected, you may wish to reinitialize the baseline
  database (fcheck -ac) to prevent FCheck from reporting the change again. If
  you are logging to a printer, this is a very good idea to save paper!

  If you are using NT/Win2000, then try running FCheck with the "at" command
  use any shareware "cron" style command if "at" is not available.