Introduction
|
yafic is Yet Another File Integrity Checker, similar to programs like Tripwire, integrit, and AIDE. I created yafic because no existing file integrity checker did all the things I wanted. I wanted something fast, simple, and yet be flexible enough to be used in different situations. yafic uses NIST's SHA-1 hash algorithm to fingerprint files.
In case you're wondering, I couldn't think of any good names.
:)
|
|
Features
|
yafic's feature set is relatively small compared to other integrity checkers. It gets done what I need done, so it's enough for me. If you like simple, you just might like yafic.
:)
- Configuration file format similar to Tripwire.
- Ability to track changes in file attributes like permissions/mode, inode #, number of links, user id, group id, size, access time, modification time, creation/inode modification time.
- Hashes files using SHA-1, a 160-bit hash algorithm.
- Attribute templates (like Tripwire). Add/subtract individual attribute flags.
- Configuration files are parsed in order, making them more intuitive. For example, a rule that prunes a directory can still have its subdirectories/contents scanned by subsequent explicit rules.
- An alternate root besides / may be specified. Paths specified in the configuration file will be interpreted relative to the new root. Useful for checking multiple jail(8) installations.
- Attempts to be platform independent. Makes no assumption about the size of stat(2) fields. If your platform's off_t or time_t are 64-bits wide, yafic will adjust. The tradeoff is that databases cannot be shared across platforms with differing stat's. (Though doing so doesn't really make much sense.)
- Report is short, and to-the-point, allowing easy parsing by scripts. Inspired by integrit.
- Optionally displays SHA-1 hash of resultant database in report. (You can use sha to verify it.)
- Can view the contents of any resultant database.
- Can compare the contents of any two databases.
- Can cryptographically sign and verify databases.
|
|
|
|
|
|
Support
|
There is no real support, but do check out yafic's Sourceforge page for filing bugs, sending in patches, and helping out.
|
|
Contact
|
Please send any comments about yafic or this page to Allan Saddi.
|
|