yafic

YAFIC(1)                    General Commands Manual                   YAFIC(1)



NAME
       yafic -- yet another file integrity checker

SYNOPSIS
       yafic [-HVhpvs] [-C config] [-k keyfile] [-r root] [-c known-database]
             [-u new-database | -d exist-database ]

       yafic [-Vhv] [-r root] [-t type] -l database

DESCRIPTION
       yafic is Yet Another File Integrity Checker.  yafic saves information
       about the state of a filesystem to a database. Later, yafic can be used
       to compare the current state of the filesystem against the saved
       database, letting you know of any changed, added, or removed files.

       yafic reads a configuration file (see yafic.conf(5)) which specifies
       how it should examine the filesystem.

       See NOTES below for information on yafic's cryptographic support.

OPTIONS
       The options are as follows:

       -H     Outputs to stderr the SHA-1 hash of new-database.  If given
              twice, the SHA-1 hashes of config and known-database are also
              displayed.

       -V     Display version information.

       -h     Display help summary.

       -p     Expect keyfile to be a public key rather than a private key.

       -v     Increase verbosity. May be given multiple times. More than twice
              will slow yafic down!

       -s     Show simple output. If given twice, output will be even simpler!
              (``cvs update'' style)

       -C config
              Specifies an alternate configuration file to use. By default
              yafic.conf is read from the current directory.

       -k keyfile
              Specifies an RSA/DSA key to use for signing/verification
              operations. By default, keyfile is expected to be a private key
              (see the -p option above).

       -r root
              Specifies an alternate root. The default root is ``/''. If
              given, all paths specified in yafic.conf are taken relative to
              root.

       -c known-database
              Checks the state of the filesystem against known-database.  Any
              modified or added files are reported. In order for removed files
              to be reported, the -u option must be given as well. If known-
              database is ``-'', the default yafic.db is assumed.

       -u new-database
              Examine the current state of the filesystem and save it to new-
              database.  If new-database is is ``-'', then it is assumed to be
              yafic_new.db.

       -d exist-database
              Rather than comparing known-database with the filesystem, it is
              instead compared with exist-database.  The -c option must be
              given as well. This is mutually exclusive of the -u option
              above.

       -l database
              List entries in database.  The entries will not be in any
              specific order. If the -v option is given, in addition to the
              names, the various file attributes for each entry are also
              displayed.

       -t type
              By default, -l will list all entries. The listing can be limited
              to certain types of entries by this option.  type may be a one
              or more of the following:

              d      List directories.

              f      List files.

              l      List symbolic links.

              s      List special files. (i.e. everything else)

       Note that if neither -c, -u or -l options are given, then nothing is
       done beyond parsing the configuration file. Used in conjunction with
       -vv (-v given twice), this can useful for verifying that the
       configuration file is being parsed the way you think it is. (Each entry
       is listed along with the flags for itself as well as its contents.
       ``-'' denotes that the entry or its contents are ignored.)

NOTES
       The -k and -p options are only available if yafic was compiled with
       crypto support (the default).

       If the -k option is given, then config, known-database (if given) and
       exist-database (if given) will be verified against their respective
       signatures.

       A signature for new-database will be created if and only if -k is given
       and keyfile is a private key.

       keyfile is expected to be an RSA or DSA key. See openssl(1), genrsa(1),
       gendsa(1), and specifically:

              http://www.openssl.org/docs/HOWTO/keys.txt

       Signatures can be created and verified independently of yafic.  See
       yafic-sign(1) and yafic-check(1).

       Signature files have the same name as their corresponding files, but
       with the extension .sig.

RETURN VALUES
       yafic exists with one of the following values:

       0      yafic completed successfully.

       1      An error occurred.

       2      There was a problem with the arguments given to yafic.

       3      The verification of a file against its signature failed.

FILES
       yafic.conf
              Default configuration file.

       yafic.db
              Default known database.

       yafic_new.db
              Default updated database.

SEE ALSO
       yafic-sign(1), yafic-check(1), yafic.conf(5), openssl(1), genrsa(1),
       gendsa(1)



                               December 12, 2003                      YAFIC(1)