.\" Copyright (c) 2001-2003 Allan Saddi .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS'' .\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE .\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .\" $Id: yafic.1 925 2003-12-12 23:57:35Z asaddi $ .TH YAFIC 1 "December 12, 2003" .SH NAME yafic -- yet another file integrity checker .SH SYNOPSIS .TP 6 .B yafic .RB [ -HVhpvs "] [" -C .IR config ] .RB [ -k .IR keyfile ] .RB [ -r .IR root ] .RB [ -c .IR known-database ] .RB [ -u .I new-database .RB | " -d .I exist-database .RB ] .TP 6 .B yafic .RB [ -Vhv "] [" -r .IR root ] .RB [ -t .IR type ] .B -l .I database .SH DESCRIPTION .B yafic is Yet Another File Integrity Checker. .B yafic saves information about the state of a filesystem to a database. Later, .B yafic can be used to compare the current state of the filesystem against the saved database, letting you know of any changed, added, or removed files. .P .B yafic reads a configuration file (see yafic.conf(5)) which specifies how it should examine the filesystem. .LP See .B NOTES below for information on .BR yafic 's cryptographic support. .SH OPTIONS The options are as follows: .TP .B -H Outputs to stderr the SHA-1 hash of .IR new-database . If given twice, the SHA-1 hashes of .I config and .I known-database are also displayed. .TP .B -V Display version information. .TP .B -h Display help summary. .TP .B -p Expect .I keyfile to be a public key rather than a private key. .TP .B -v Increase verbosity. May be given multiple times. More than twice will slow .B yafic down! .TP .B -s Show simple output. If given twice, output will be even simpler! (``cvs update'' style) .P .B -C .I config .RS Specifies an alternate configuration file to use. By default .I yafic.conf is read from the current directory. .RE .P .B -k .I keyfile .RS Specifies an RSA/DSA key to use for signing/verification operations. By default, .I keyfile is expected to be a private key (see the .B -p option above). .RE .P .B -r .I root .RS Specifies an alternate root. The default root is ``/''. If given, all paths specified in .I yafic.conf are taken relative to .IR root . .RE .P .B -c .I known-database .RS Checks the state of the filesystem against .IR known-database . Any modified or added files are reported. In order for removed files to be reported, the .B -u option must be given as well. If .I known-database is ``-'', the default .I yafic.db is assumed. .RE .P .B -u .I new-database .RS Examine the current state of the filesystem and save it to .IR new-database . If .I new-database is is ``-'', then it is assumed to be .IR yafic_new.db . .RE .P .B -d .I exist-database .RS Rather than comparing .I known-database with the filesystem, it is instead compared with .IR exist-database . The .B -c option must be given as well. This is mutually exclusive of the .B -u option above. .RE .P .B -l .I database .RS List entries in .IR database . The entries will not be in any specific order. If the .B -v option is given, in addition to the names, the various file attributes for each entry are also displayed. .RE .P .B -t .I type .RS By default, .B -l will list all entries. The listing can be limited to certain types of entries by this option. .I type may be a one or more of the following: .TP .B d List directories. .TP .B f List files. .TP .B l List symbolic links. .TP .B s List special files. (i.e. everything else) .RE .P Note that if neither .BR -c ", " -u or .B -l options are given, then nothing is done beyond parsing the configuration file. Used in conjunction with .B -vv .RB ( -v given twice), this can useful for verifying that the configuration file is being parsed the way you think it is. (Each entry is listed along with the flags for itself as well as its contents. ``-'' denotes that the entry or its contents are ignored.) .SH NOTES The .B -k and .B -p options are only available if .B yafic was compiled with crypto support (the default). .LP If the .B -k option is given, then .IR config , .I known-database (if given) and .I exist-database (if given) will be verified against their respective signatures. .LP A signature for .I new-database will be created if and only if .B -k is given and .I keyfile is a private key. .LP .I keyfile is expected to be an RSA or DSA key. See openssl(1), genrsa(1), gendsa(1), and specifically: .RS http://www.openssl.org/docs/HOWTO/keys.txt .RE .LP Signatures can be created and verified independently of .BR yafic . See yafic-sign(1) and yafic-check(1). .LP Signature files have the same name as their corresponding files, but with the extension .BR .sig . .SH RETURN VALUES .B yafic exists with one of the following values: .TP 0 .B yafic completed successfully. .TP 1 An error occurred. .TP 2 There was a problem with the arguments given to .BR yafic . .TP 3 The verification of a file against its signature failed. .SH FILES .TP yafic.conf Default configuration file. .TP yafic.db Default known database. .TP yafic_new.db Default updated database. .SH SEE ALSO yafic-sign(1), yafic-check(1), yafic.conf(5), openssl(1), genrsa(1), gendsa(1)