« Previous 1 2 3 4 Next »
Manipulation detection with AFICK
Checker
Regular Call
In the future, all you will need are the commands listed above, which you can also use to find out which files a system update or the installation of a new program has changed. To get a list of all files that change during an update or installation, first update the database, install the updates or the application, and then trigger:
afick.pl -c <configfile> -k
To track down unwanted changes, you will want to run the test regularly. Windows users should use the afick_planning.pl
script included with the distribution. You do not have to register this script in the task scheduler; instead, leave this job to the afick_set_planning.pl
script, which you run with:
perl -w afick_set_planning.pl
You will be prompted to select the start time in the user interface.
On Linux, you can use a cron job to call AFICK with the help of the afick_cron
script. If you installed the application from a DEB or RPM package, your package manager has most likely already set up a suitable cron job. On Ubuntu, for example, afick_cron
runs once a day. If you used the TGZ archive, you have to edit the settings in the cron file first:
AFICK=
requires the complete path to theafick.pl
program.CONFFILE=
expects the path to the configuration file.LOGDIR=
defines the path where AFICK stores itsafick.log
file. All the output from the tool always end up there.ACTION=
instructs the program to update its database (with-u
) or perform a check (with-k
).
Finally, you can check for duplicate files with the --duplicates
option (Figure 3).
Refining the Basic Settings
The configuration file itself seems confusing at first glance. However, it follows a simple structure: Each line contains a setting with a keyword and the desired setting separated by a colon and equals sign (Figure 4). AFICK ignores all lines that start with a hash (#) sign, so you should remove the #
prefix if you want AFICK to acknowledge the directive.
A "directives" section at the very beginning of the configuration file defines a few basic settings, including the complete path to the location in which AFICK stores the contents of the database. AFICK also remembers the summaries of all the actions you have performed in a history; detailed reports of the actions end up in an archive.
You can usually leave the other settings in the top section as they are. For Linux users, however, the settings for symbolic links are still interesting: If you set warn_dead_symlinks:=true
, AFICK informs you about all symbolic links that point to nothing; follow_symlinks:=no
tells AFICK to follow the symbolic link and create a checksum for the file name of the file it finds. If you replace the no
with yes
, the tool generates a checksum for the file content.
Defining Exclusions
In the directives section, you'll also find several entries that begin exclude_suffix
that instruct AFICK to ignore all files with the listed extensions. By default, these are files that change when you work with the system, such as text files or photos (e.g., txt
, jpg
). As in the .config
file, you can create some order in your own exclusions by entering several exclude_suffix
lines (e.g., to list all file extensions for text documents in one line and for photos in another). File extensions are simply separated by spaces. Because AFICK is case sensitive, you should always store your file extensions with different spellings (e.g., TXT txt
for text files).
Similarly, AFICK can ignore files with names that begin with a specific abbreviation or term in a space-delimited list after exclude_prefix:=
. Finally, you can also specify a regular expression, and AFICK then ignores all files that match the expression.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)