Append the $HOSTNAME to the configuration filename.
Log information to logger rather than stdout messages.
Report mode, great for emailed status reports.
Sign each file with a CRC/hash signature.
Verbose mode, not used for report generation.
eXtended unix checks, # of links, UID, GID, Major/Minor checks.
The fcheck utility is an IDS (Intrusion Detection System)
which can be used to monitor changes to any given filesystem.
Essentially, fcheck has the ability to monitor directories, files
or complete filesystems for any additions, deletions, and modifications.
It is configurable to exclude active log files, and can be ran as often
as needed from the command line or cron making it extremely difficult to
Operation and Getting Started
Flag passing is a fairly simple process. Primarily you will be using two
commands. One builds (or rebuilds) your baseline database files (system
snapshots). The second runs in a scanning comparison mode.
Builds the baseline database.
Comparison scans the system against the baseline database.
For normal operation: Initially you will run fcheck by issuing the command
``fcheck -ac'' to create the initial baseline file used for comparison. Any
runs after the creation of the basline will normally be with the following
flags "fcheck "-a"" to scan for any system modifications.
After a scan is completed, you will probably want to have fcheck re-create its
baseline database for the next comparison cycle. Otherwise you will be seeing
every system modification since the last baseline re-build. In other words, run
the "fcheck -ac" command again.
A more intensive system check would be accomplished by building your database
to include GID/UID checks, directories, and CRC checks by using the following
"fcheck -cadsxlf /etc/fcheck/fcheck.cfg"
And provide periodic integrity scans from cron by using the following sample