Lead Image © Christos Georghiou, 123RF.com

Lead Image © Christos Georghiou, 123RF.com

Manipulation detection with AFICK

Checker

Article from ADMIN 54/2019
By
AFICK is a small, free tool that helps administrators detect attempts to manipulate documents and system files.

AFICK (another file integrity checker) detects changes to the system and sounds an alert. The tool first creates a unique fingerprint of selected files in the form of a checksum. If a different checksum is computed during a later check, a malicious program, an attacker, or a defect is likely to have modified the files under investigation. In this way, AFICK not only detects manipulation attempts, but also acts as a small intrusion detection system.

The tool is licensed under the liberal GNU GPLv3 license, which also allows free use in the enterprise. AFICK only requires Perl v5.10 or newer. Developer Eric Gerbier has tested his tool under all Windows versions from XP upward, various Unix systems (e.g., HPUX and AIX), and numerous Linux distributions (e.g., SUSE, Red Hat, Debian, and Ubuntu). Windows users can easily install Perl with the ActivePerl [1] package.

Most Unix and Linux systems come with Perl by default or support simple installation from the package manager. In addition to the Perl package, you will also want the Digest::MD5, Digest::SHA1, and Perl/Tk modules. The latter two are optional; Perl/Tk is only required for the graphical user interface.

Installation

To install AFICK, first download the latest version from SourceForge [2]. Windows users need the EXE file – at the editorial deadline this was afick-setup-3.6.1.exe. All you have to do is start this program and leave the installation to the wizard, which downloads a few additional Perl modules, so you must have Internet access.

Linux users, on the other hand, have the choice between several packages. Only the packages that start with afick and are immediately followed by the version number (e.g., afick_3.6.1-1_all.deb) are of importance. If you have an Ubuntu-based

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © rudall30, 123RF.com
    File Integrity Checks with AIDE
    If an attacker gains access to systems by working around your defenses, you need to discover the attacker's tracks in good time, at least to mitigate the further risk of damage. We show you how to monitor changes to files with the Linux AIDE tool.
    more »
  • Photo by Santoshi Guruju on Unsplash
    Program GUIs in Go with Fyne
    In Go, which was originally developed for system programming, graphical user interfaces were not typically necessary. But a relatively new toolkit, Fyne, lets programmers build platform-independent GUIs for Go programs.
    more »
  • Extended File Attributes

    One way to store metadata is with the originating file in extended file attributes.

    more »
  • Lead Image © Andrea Danti, 123RF.com
    Discover ransomware with PowerShell
    Simple backup strategies cannot protect files encrypted by ransomware, because they can be affected as well. A PowerShell script can ensure that your files are okay before sending them to backup.
    more »
  • Parallel Versions of Familiar Serial Tools

    Even with tons of cores per node today, the traditional sets of tools are still serial-only, utilizing a single core; however, some of the more popular tools have parallel versions, allowing you to use the extra cores either to run the same command in parallel or to perform the same task across multiple nodes.

    more »
comments powered by Disqus