sfic − Simple File Integrity Checker
sfic [options] --add database [ dirspecs | --file filename ]
sfic [options] --delete database [ dirspecs | --file filename ]
sfic [options] --list database
sfic [options] --old database --new database
sfic [options] --old database [ direspecs ]
sfic saves information about the state of a filesystem to a database. Two databases can be compared to determine what files have been added, deleted or modified. sfic does not require an entire filesystem to be indexed - individual files can be specified for addition or deletion at any time. The list of files to add or delete are given on the command-line, unless the --file option is used.
--file filename
Read a list of files to add / delete from the database from filename , one per line. If the filespec is "-", then read the list of files from stdin.
--quiet (-q)
Make output quieter. Can be used more than once to reduce output further. See NOTES below for more information on output verbosity.
--verbose (-v)
Increases the verbosity. Can be used more than once. See NOTES below for more information on output verbosity
--fast (-F)
Prevents the sha256 hash from being generated on regular files.
--recursive (-R)
Turns on recursion. For an add operation, the contents of any specified directory (and all subdirectories) will be added to the database. For a delete operation, any directory specified in a delete will also have all child entries deleted from the database.
--one-file-system (-x)
When recursion is turned on, sfic will add entries for directories that are mount points, but will not recurse into those directories. This allows special directories, such as /tmp or /proc to be excluded from a database.
--ignore-trivial (-t)
When recursion is turned on, sfic will ignore size and time changes to entries for special files (where "special" is anything other than a file or symlink.) This prevents directories from being listed because a file was added or deleted, and prevents devices/sockets/FIFOs from being listed because they were in use (for example, /dev/console).
--mask (-m) mask
Specifies what to compare or list. The mask is composed of an array of the following characters:
p - permissions (and file type)
i - inode
n - number of links
u - user owner
g - group owner
s - size
a - access time
m - modified time
c - creation time
h - hash
When listing a database, the mask specifies what its listed, and in what order. Each element is tab separated, and elements may be specified more than once. For instance, a mask of "shs" will list the file size, the hash, and the file size (a second time), and finally the file name. A mask of "" prints the file names only.
--ignore (-i) type
Specifies file types to ignore when doing adds, deletes or compares. The types are composed of an array of the following characters:
b - blockdev
c - chardev
d - directory
f - regular file
l - symlink
p - pipe (FIFO)
s - socket
When comparing database, sfic has several four levels of verbosity: NONE, TERSE, BRIEF, and VERBOSE. TERSE is the default.
|
NONE |
No output is printed. (not very useful.) | ||
|
TERSE |
Each modified file is preceded by the letter A, D, or U. (cvs output style.) | ||
|
BRIEF |
Each modified file is preceded by the word Added, Deleted, or Updated. |
VERBOSE
The words >ADDED>>> or <DELETED< are printed for new or removed files. For updated files, a listing of the specified mask elements that were changed is printed.
When given an oldbase but not a new name, sfic will compare the contents of the old database to the filesystem. Only files given on the command line are checked. This means "deletes" will not be flagged - only adds/changes.
Probably many.
Nathan Angelacos <[email protected]> Natanael Copa <[email protected]>
yafic, Tripwire, aide