yafic: yet another file integrity checker


Introduction
yafic is Yet Another File Integrity Checker, similar to programs like Tripwire, integrit, and AIDE. I created yafic because no existing file integrity checker did all the things I wanted. I wanted something fast, simple, and yet be flexible enough to be used in different situations. yafic uses NIST's SHA-1 hash algorithm to fingerprint files.

In case you're wondering, I couldn't think of any good names. :)
Features
yafic's feature set is relatively small compared to other integrity checkers. It gets done what I need done, so it's enough for me. If you like simple, you just might like yafic. :)
  • Configuration file format similar to Tripwire.
  • Ability to track changes in file attributes like permissions/mode, inode #, number of links, user id, group id, size, access time, modification time, creation/inode modification time.
  • Hashes files using SHA-1, a 160-bit hash algorithm.
  • Attribute templates (like Tripwire). Add/subtract individual attribute flags.
  • Configuration files are parsed in order, making them more intuitive. For example, a rule that prunes a directory can still have its subdirectories/contents scanned by subsequent explicit rules.
  • An alternate root besides / may be specified. Paths specified in the configuration file will be interpreted relative to the new root. Useful for checking multiple jail(8) installations.
  • Attempts to be platform independent. Makes no assumption about the size of stat(2) fields. If your platform's off_t or time_t are 64-bits wide, yafic will adjust. The tradeoff is that databases cannot be shared across platforms with differing stat's. (Though doing so doesn't really make much sense.)
  • Report is short, and to-the-point, allowing easy parsing by scripts. Inspired by integrit.
  • Optionally displays SHA-1 hash of resultant database in report. (You can use sha to verify it.)
  • Can view the contents of any resultant database.
  • Can compare the contents of any two databases.
  • Can cryptographically sign and verify databases.
Copyright & License
yafic is Copyright © 2001-2005 Allan Saddi. It is distributed under a BSD-style license.
Platforms
yafic was developed and tested on FreeBSD. It is also known to compile cleanly on Darwin, OpenBSD, Debian Linux, and Redhat Linux. (However, extensive testing was not done on those systems.)
Download
The latest stable version of yafic is 1.2.2. You will need Berkeley DB 1.85 from Sleepycat Software to build it. Note that *BSD and most distributions of Linux seem to have it by default.

Download yafic 1.2.2 [ChangeLog]
Documentation
The man pages for yafic, yafic-sign, and yafic.conf are available online.
Support
There is no real support, but do check out yafic's Sourceforge page for filing bugs, sending in patches, and helping out.
Contact
Please send any comments about yafic or this page to Allan Saddi.

Valid XHTML 1.0! SourceForge Logo