Manipulation detection with AFICK

Checker

Regular Call

In the future, all you will need are the commands listed above, which you can also use to find out which files a system update or the installation of a new program has changed. To get a list of all files that change during an update or installation, first update the database, install the updates or the application, and then trigger:

afick.pl -c <configfile> -k

To track down unwanted changes, you will want to run the test regularly. Windows users should use the afick_planning.pl script included with the distribution. You do not have to register this script in the task scheduler; instead, leave this job to the afick_set_planning.pl script, which you run with:

perl -w afick_set_planning.pl

You will be prompted to select the start time in the user interface.

On Linux, you can use a cron job to call AFICK with the help of the afick_cron script. If you installed the application from a DEB or RPM package, your package manager has most likely already set up a suitable cron job. On Ubuntu, for example, afick_cron runs once a day. If you used the TGZ archive, you have to edit the settings in the cron file first:

  • AFICK= requires the complete path to the afick.pl program.
  • CONFFILE= expects the path to the configuration file.
  • LOGDIR= defines the path where AFICK stores its afick.log file. All the output from the tool always end up there.
  • ACTION= instructs the program to update its database (with -u) or perform a check (with -k).

Finally, you can check for duplicate files with the --duplicates option (Figure 3).

Figure 3: If you call AFICK with the --duplicates option, the tool provides a list of all duplicate files on the hard drive.

Refining the Basic Settings

The configuration file itself seems confusing at first glance. However, it follows a simple structure: Each line contains a setting with a keyword and the desired setting separated by a colon and equals sign (Figure 4). AFICK ignores all lines that start with a hash (#) sign, so you should remove the # prefix if you want AFICK to acknowledge the directive.

Figure 4: The afick-gui user interface controls the afick.pl command-line tool in the background.

A "directives" section at the very beginning of the configuration file defines a few basic settings, including the complete path to the location in which AFICK stores the contents of the database. AFICK also remembers the summaries of all the actions you have performed in a history; detailed reports of the actions end up in an archive.

You can usually leave the other settings in the top section as they are. For Linux users, however, the settings for symbolic links are still interesting: If you set warn_dead_symlinks:=true, AFICK informs you about all symbolic links that point to nothing; follow_symlinks:=no tells AFICK to follow the symbolic link and create a checksum for the file name of the file it finds. If you replace the no with yes, the tool generates a checksum for the file content.

Defining Exclusions

In the directives section, you'll also find several entries that begin exclude_suffix that instruct AFICK to ignore all files with the listed extensions. By default, these are files that change when you work with the system, such as text files or photos (e.g., txt, jpg). As in the .config file, you can create some order in your own exclusions by entering several exclude_suffix lines (e.g., to list all file extensions for text documents in one line and for photos in another). File extensions are simply separated by spaces. Because AFICK is case sensitive, you should always store your file extensions with different spellings (e.g., TXT txt for text files).

Similarly, AFICK can ignore files with names that begin with a specific abbreviation or term in a space-delimited list after exclude_prefix:=. Finally, you can also specify a regular expression, and AFICK then ignores all files that match the expression.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus