sfic(1)sfic(1)NAMEsfic - Simple File Integrity Checker
SYNOPSISsfic [options] --add database [ dirspecs | --file filename ]
sfic [options] --delete database [ dirspecs | --file filename ]
sfic [options] --list database
sfic [options] --old database --new database
sfic [options] --old database [ direspecs ]
DESCRIPTIONsfic saves information about the state of a filesystem to a database.
Two databases can be compared to determine what files have been added,
deleted or modified. sfic does not require an entire filesystem to be
indexed - individual files can be specified for addition or deletion at
any time. The list of files to add or delete are given on the command-
line, unless the --file option is used.
OPTIONS--file filename
Read a list of files to add / delete from the database from
filename , one per line. If the filespec is "-", then read the
list of files from stdin.
--quiet (-q)
Make output quieter. Can be used more than once to reduce out‐
put further. See NOTES below for more information on output
verbosity.
--verbose (-v)
Increases the verbosity. Can be used more than once. See NOTES
below for more information on output verbosity
--fast (-F)
Prevents the sha256 hash from being generated on regular files.
--recursive (-R)
Turns on recursion. For an add operation, the contents of any
specified directory (and all subdirectories) will be added to
the database. For a delete operation, any directory specified in
a delete will also have all child entries deleted from the data‐
base.
--one-file-system (-x)
When recursion is turned on, sfic will add entries for directo‐
ries that are mount points, but will not recurse into those
directories. This allows special directories, such as /tmp or
/proc to be excluded from a database.
--ignore-trivial (-t)
When recursion is turned on, sfic will ignore size and time
changes to entries for special files (where "special" is any‐
thing other than a file or symlink.) This prevents directories
from being listed because a file was added or deleted, and pre‐
vents devices/sockets/FIFOs from being listed because they were
in use (for example, /dev/console).
--mask (-m) mask
Specifies what to compare or list. The mask is composed of an
array of the following characters:
p - permissions (and file type)
i - inode
n - number of links
u - user owner
g - group owner
s - size
a - access time
m - modified time
c - creation time
h - hash
When listing a database, the mask specifies what its listed, and
in what order. Each element is tab separated, and elements may
be specified more than once. For instance, a mask of "shs"
will list the file size, the hash, and the file size (a second
time), and finally the file name. A mask of "" prints the file
names only.
--ignore (-i) type
Specifies file types to ignore when doing adds, deletes or com‐
pares. The types are composed of an array of the following
characters:
b - blockdev
c - chardev
d - directory
f - regular file
l - symlink
p - pipe (FIFO)
s - socket
NOTES
When comparing database, sfic has several four levels of verbosity:
NONE, TERSE, BRIEF, and VERBOSE. TERSE is the default.
NONE No output is printed. (not very useful.)
TERSE Each modified file is preceded by the letter A, D, or U. (cvs
output style.)
BRIEF Each modified file is preceded by the word Added, Deleted, or
Updated.
VERBOSE
The words >ADDED>>> or <DELETED< are printed for new or removed
files. For updated files, a listing of the specified mask ele‐
ments that were changed is printed.
When given an oldbase but not a new name, sfic will compare the con‐
tents of the old database to the filesystem. Only files given on the
command line are checked. This means "deletes" will not be flagged -
only adds/changes.
BUGS
Probably many.
AUTHORS
Nathan Angelacos <nangel@users.sourceforge.net> Natanael Copa
<ncopa@users.sourceforge.net>
SEE ALSO
yafic, Tripwire, aide
June 2006 sfic(1)