yafic -- yet another file integrity checker
- [-HVhpvs] [-C config] [-k keyfile]
[-r root] [-c known-database] [-u
new-database | -d exist-database ]
- [-Vhv] [-r root] [-t type] -l
is Yet Another File Integrity Checker. yafic
information about the state of a filesystem to a database. Later, yafic
can be used to compare the current state of the filesystem against the saved
database, letting you know of any changed, added, or removed files.
reads a configuration file (see yafic.conf(5)) which specifies how
it should examine the filesystem.
below for information on yafic
's cryptographic support.
The options are as follows:
- Outputs to stderr the SHA-1 hash of new-database. If given twice,
the SHA-1 hashes of config and known-database are also
- Display version information.
- Display help summary.
- Expect keyfile to be a public key rather than a private key.
- Increase verbosity. May be given multiple times. More than twice will slow
- Show simple output. If given twice, output will be even simpler! (``cvs
Specifies an alternate configuration file to use. By
default yafic.conf is read from the current directory.
Specifies an RSA/DSA key to use for signing/verification
operations. By default, keyfile is expected to be a private key (see
the -p option above).
Specifies an alternate root. The default root is ``/''.
If given, all paths specified in yafic.conf are taken relative to
Checks the state of the filesystem against
known-database. Any modified or added files are reported. In order for
removed files to be reported, the -u option must be given as well. If
known-database is ``-'', the default yafic.db is assumed.
Examine the current state of the filesystem and save it
to new-database. If new-database is is ``-'', then it is assumed
to be yafic_new.db.
Rather than comparing known-database with the
filesystem, it is instead compared with exist-database. The -c
option must be given as well. This is mutually exclusive of the -u
List entries in database. The entries will not be
in any specific order. If the -v option is given, in addition to the
names, the various file attributes for each entry are also displayed.
By default, -l
will list all entries. The listing
can be limited to certain types of entries by this option. type
a one or more of the following:
- List directories.
- List files.
- List symbolic links.
- List special files. (i.e. everything else)
Note that if neither -c
options are given, then
nothing is done beyond parsing the configuration file. Used in conjunction
given twice), this can useful for verifying that
the configuration file is being parsed the way you think it is. (Each entry is
listed along with the flags for itself as well as its contents. ``-'' denotes
that the entry or its contents are ignored.)
options are only available if yafic
compiled with crypto support (the default).
If the -k
option is given, then config
given) and exist-database
(if given) will be verified against their
A signature for new-database
will be created if and only if -k
given and keyfile
is a private key.
is expected to be an RSA or DSA key. See openssl(1), genrsa(1),
gendsa(1), and specifically:
Signatures can be created and verified independently of yafic
yafic-sign(1) and yafic-check(1).
Signature files have the same name as their corresponding files, but with the
exists with one of the following values:
- yafic completed successfully.
- An error occurred.
- There was a problem with the arguments given to yafic.
- The verification of a file against its signature failed.
- Default configuration file.
- Default known database.
- Default updated database.
yafic-sign(1), yafic-check(1), yafic.conf(5), openssl(1), genrsa(1),