debian/0000755000000000000000000000000011717642372007200 5ustar debian/watch0000644000000000000000000000012111717642372010223 0ustar # There is no known upstream source for this package now that geocities is dead. debian/rules0000755000000000000000000000253711717642372010267 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build-arch: build-indep: build: build-stamp build-stamp: dh_testdir pod2man --section=8 $(CURDIR)/debian/fcheck.pod > $(CURDIR)/fcheck.8 touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp rm -f $(CURDIR)/fcheck.8 dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs cp $(CURDIR)/fcheck $(CURDIR)/debian/fcheck/usr/sbin/fcheck cp $(CURDIR)/fcheck.cfg $(CURDIR)/debian/fcheck/etc/fcheck/fcheck.cfg # Build architecture-independent files here. binary-arch: build install # Build architecture-independent files here. binary-indep: build install dh_testdir dh_testroot dh_installdocs dh_installcron dh_installman fcheck.8 dh_installchangelogs dh_installexamples dh_installlogcheck dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/control0000644000000000000000000000172311717642372010606 0ustar Source: fcheck Section: admin Priority: optional Maintainer: Francois Marier Standards-Version: 3.9.2 Build-Depends: debhelper (>= 8) Build-Depends-Indep: perl Homepage: http://web.archive.org/web/20050415074059/www.geocities.com/fcheck2000/ Vcs-Git: git://git.debian.org/git/collab-maint/fcheck.git Vcs-Browser: http://git.debian.org/?p=collab-maint/fcheck.git;a=summary Package: fcheck Architecture: all Depends: ${shlibs:Depends}, ${misc:Depends}, file, bsd-mailx | mailx Description: IDS filesystem baseline integrity checker The fcheck utility is an IDS (Intrusion Detection System) which can be used to monitor changes to any given filesystem. . Essentially, fcheck has the ability to monitor directories, files or complete filesystems for any additions, deletions, and modifications. It is configurable to exclude active log files, and can be run as often as needed from the command line or cron making it extremely difficult to circumvent. debian/docs0000644000000000000000000000000711717642372010050 0ustar README debian/fcheck.cron.d0000644000000000000000000000053311717642372011531 0ustar # # Regular cron job for the fcheck package # 30 */2 * * * root test -x /usr/sbin/fcheck && if ! nice ionice -c3 /usr/sbin/fcheck -asxrf /etc/fcheck/fcheck.cfg >/var/run/fcheck.out 2>&1; then mailx -s "ALERT: [fcheck] `hostname --fqdn`" root , Wed, 29 Nov 2000 07:44:36 +0000 Power Management ---------------- If you are using fcheck on a laptop and would like to avoid running the check when you are running off of battery power, install the "powermgmt-base" package and change the cronjob (/etc/cron.d/fcheck) like this: from: 30 */2 * * * root test -x /usr/sbin/fcheck && if ! nice ionice -c3 /usr/sbin/fcheck -asxrf ... to: 30 */2 * * * root test -x /usr/sbin/fcheck && /usr/bin/on_ac_power && if ! nice ionice -c3 /usr/sbin/fcheck -asxrf ... -- Francois Marier Thu, 01 Oct 2009 21:45:48 +1300 debian/changelog0000644000000000000000000002137511717642372011062 0ustar fcheck (2.7.59-18) unstable; urgency=low * Remove deprecated assignment to $[ (closes: #660081) -- Francois Marier Sat, 18 Feb 2012 19:27:20 +1300 fcheck (2.7.59-17) unstable; urgency=low * Split all upstream patches into DEP-3 patches (closes: #643113) * Add historical upstream changelog -- Francois Marier Wed, 12 Oct 2011 21:32:05 +1300 fcheck (2.7.59-16) unstable; urgency=low * Replace /lib/init/rw/ with /run/ in fcheck.cfg (closes: #633051) * Bump Standards-Version up to 3.9.2 * Add empty rules to debian/rules (lintian warnings) * Add debhelper placeholder to the postinst -- Francois Marier Mon, 11 Jul 2011 22:19:01 +1200 fcheck (2.7.59-15) unstable; urgency=low * Bump Standards-Version up to 3.9.1 * Bump debhelper compatibility to 8 -- Francois Marier Wed, 22 Dec 2010 16:10:08 +1300 fcheck (2.7.59-14) unstable; urgency=medium * Fix configfile error during installation (closes: #574197) * Add /etc/.bzr/ and /etc/.hg/ to fcheck.cfg (closes: #574639) * Delete config files on purge -- Francois Marier Tue, 23 Mar 2010 19:38:43 +1300 fcheck (2.7.59-13) unstable; urgency=low * Remove Maurizio Lemmo from the uploaders field since he has retired from Debian (closes: #572674) -- Francois Marier Sat, 06 Mar 2010 09:54:53 +1300 fcheck (2.7.59-12) unstable; urgency=low * Bump Standards-Version to 3.8.4 * Point homepage to the wayback machine now that geocities is gone * Switch to 3.0 (quilt) source format -- Francois Marier Tue, 16 Feb 2010 15:52:06 +1300 fcheck (2.7.59-11) unstable; urgency=low * Add support for a local config file (closes: #553384) * Update debian/copyright and debian/watch due to closure of geocities -- Francois Marier Thu, 05 Nov 2009 12:15:54 +1300 fcheck (2.7.59-10) unstable; urgency=low * Set myself as maintainer with Maurizio's permission * Run the cronjob with nice and ionice * Add a note in README.Debian on using fcheck on a laptop * Add mailx to the dependencies (closes: #514373) * Fix typo in package description (closes: #432720) * Exclude two directories which cause problems (LP: #47408) * Switch default checksum utility to sha256sum * Add a logcheck rule (closes: #484162, LP: #236883) * Move the manpage to section 8 * Bump Standards-Version to 3.8.3 * Bump debhelper compatibility to 7 * debian/copyright: cleanup copyright notice * debian/control: add homepage and git vcs fields * debian/control: cleanup dependencies * debian/rules: rewritten from scratch * Add watch file * Remove upstream INSTALL -- Francois Marier Thu, 01 Oct 2009 23:18:03 +1300 fcheck (2.7.59-9) unstable; urgency=low * Changed Maintainer field. * Added debian/postrm file. Deleting fcheck.dbf on purge. Thanks to Justin Pryzby and Lars Wirzenius (closes: #330377) * Bumped Standards-Version to 3.7.2.2, no changes required. * Moved debhelper to Build-Depends. (Policy Violation 7.6). * Fix debian/rules, updating to debhelper version 4, from deprecated version. -- Maurizio Lemmo (Tannoiser) Thu, 15 Mar 2007 23:40:31 +0100 fcheck (2.7.59-8) unstable; urgency=low * fix CVE-2006-1753. Steve Kemp and the Debian Security Audit Project found a security flaw allows artbitrary files to be truncated or created by local user. Fixing use /var/run/ instead of /var/tmp suggested from Steve Kemp (thanks). * Bump standard version to 3.6.2.0 * Fix new fsf address in debian/copyright -- Maurizio Lemmo (Tannoiser) Thu, 13 Apr 2006 10:50:23 +0200 fcheck (2.7.59-7) unstable; urgency=low * New maintainer (closes: #275035) * debian/postinst: rebuild db on upgrade isn't useful or maybe wrong. (closes: #295348) * Acknowledge NMU. (closes: #105556, #126943, #134799, #97591, #159478) * Verify and Acknowledge NMU. (closes: #182847) -- Maurizio Lemmo (Tannoiser) Mon, 21 Feb 2005 12:25:36 +0100 fcheck (2.7.59-6) unstable; urgency=low * QA upload. Set Maintainer to QA group while Graham Simpson acquires a new sponsor. (#275035) * Bump Standards-Version to 3.6.1. * Change cronjob so that it only sends mail when files have changed. (John Peach) closes: #275013. * Don't install upstream INSTALL document. * Remove period from short description. * Use dh_installman instead of dh_installmanpages. -- Clint Adams Mon, 25 Oct 2004 09:48:28 -0400 fcheck (2.7.59-5.1) unstable; urgency=low * Non-maintainer upload. * Use /etc/fcheck/fcheck.cfg as the default config file path. (closes: Bug#159478) * Fix some path names in postinst and copyright. (closes: Bug#126943) * Allow for empty directories. (closes: Bug#134799) * Clarify error message on failure to open database file for writing. (closes: Bug#105556) * Update upstream source, since the previous URL seems dead. * This program is a perl script. Change to architecture: all, not arch: any. * Drop dh_suidregister from debian/rules. * Bump Standards-Version. -- Anthony Towns Fri, 28 Feb 2003 22:19:42 +1000 fcheck (2.7.59-5) unstable; urgency=low * Added Build-Depends: debhelper * Added Depends: file, bsdutils -- Graham Simpson Tue, 19 Jun 2001 12:46:01 +0100 fcheck (2.7.59-4) unstable; urgency=low * New additions: * Added /sbin/ to config file * Changed cron interval to once every two hours rather than each hour * Default timezone set to GMT in config file * (closes: Bug#97967) * FCheck cron entry re-nice for performance * (closes: Bug#97968) * Added /usr/X11R6/bin and /usr/X11R6/lib references to config file * (closes: Bug#97970) * Config file entry for /bin directories not recursive * (closes: Bug#97971) -- Graham Simpson Wed, 23 May 2001 12:36:52 +0100 fcheck (2.7.59-3) unstable; urgency=low * 3rd Release for Debian, updates for packaging only * Amended /etc/cron.d/fcheck so that cron does not execute fcheck if * if the package is removed but not purged. * (closes: Bug#97591) -- Graham Simpson Wed, 16 May 2001 11:10:38 +0100 fcheck (2.7.59-2) unstable; urgency=low * Changed control file section from misc to admin -- Graham Simpson Tue, 8 May 2001 09:48:00 +0100 fcheck (2.7.59-1) unstable; urgency=low * 3rd Release for Debian * Release written by Michael A. Gumienny * Final release signed off by beta testers * CRC differences now displayed to screen as well as logger * md5 autodetection based on md5, md5sum * Other cosmetic changes * Debian package cron file had wrong binary path * Added /etc/cron.d/fcheck to conffiles -- Graham Simpson Thu, 22 Mar 2001 17:37:45 +0000 fcheck (2.7.55-1) unstable; urgency=low * 2nd Release for Debian * Release written by Michael A. Gumienny * Re-addition of exclusion routine - previous release did not accurately exlude * files/directories except for exact matches only. * ITP (Intent To Package) requested of WNPP and Bug#88014 generated * Initial package for Debian (closes: Bug#88014) -- Graham Simpson Tue, 27 Feb 2001 08:23:46 +0000 fcheck (2.7.54-1) unstable; urgency=low * Initial Release for Debian * Original fcheck written by Michael A. Gumienny * Major Updates Provided in This Release: * * Databases merged into one database, DATABASE= configuration keyword now * points to the full path and filename to use for that database. * * Added the "-h" option to look for the configuration file with the $HOSTNAME * environment variable appended to the end fo it. (This is useful in * distributed system environments.) * * (Example) * $HOSTNAME=myhost * fcheck -ahf A_Config.dbf * Result: fcheck would use a configuration file of "A_Config.dbf.myhost" * * Added the "-r" option to create a report suitable for email. The generated * report will show good, and bad integrity checks. * * Added the "-x" option to allow monitoring the "number of links", "UID", * "GID", and the "Major/Minor" numbers of device files. * * Added the "FILE=" keyword in the configuration file. This will allow you to * monitor single files, rather than entire directory contents. * * Added the "FILETYPER=" keyword in the configuration file. This needs to be * set if you use the "-x" option, and is what will allow you to determine * file types, and major/minor numbers of device files. -- Graham Simpson Wed, 29 Nov 2000 07:44:36 +0000 Local variables: mode: debian-changelog End: debian/dirs0000644000000000000000000000002411717642372010060 0ustar usr/sbin etc/fcheck debian/fcheck.postrm0000755000000000000000000000222111717642372011671 0ustar #!/bin/sh # postrm script for fcheck # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; purge) if [ -e /var/lib/fcheck/fcheck.dbf ]; then echo "Purging old database file ..." rm -f /var/lib/fcheck/fcheck.dbf fi rm -rf /var/lib/fcheck rm -rf /var/log/fcheck rm -rf /etc/fcheck ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/fcheck.postinst0000755000000000000000000000322211717642372012232 0ustar #! /bin/sh # postinst script for fcheck set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. case "$1" in configure) mkdir -p /var/lib/fcheck mkdir -p /var/log/fcheck localconfig=/etc/fcheck/fcheck.local.cfg if [ ! -s $localconfig ] ; then echo "# Insert your own settings here but make sure the file is not empty." > $localconfig echo "# It should contain these two comment lines at the very least." >> $localconfig fi exit 0 if [ -z "$2" ] then printf "Building fcheck database (may be some time)..." fcheck -cadsxlf /etc/fcheck/fcheck.cfg printf "done.\n" fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/copyright0000644000000000000000000000231611717642372011135 0ustar This package was debianized by Graham Simpson on Tue, 27 Feb 2001 08:31:02 +0000 It was downloaded from http://www.geocities.com/fcheck2000 but this is no longer available. Upstream Author: Michael A. Gumienny Copyright: (C) 1996-2000 Michael A. Gumienny This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA You are free to distribute this software under the terms of the GNU General Public License. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. debian/source/0000755000000000000000000000000011717642372010500 5ustar debian/source/format0000644000000000000000000000001411717642372011706 0ustar 3.0 (quilt) debian/fcheck.logcheck.ignore.server0000644000000000000000000000026111717642372014712 0ustar ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ fcheck: "INFO: Rebuild of the fcheck database /var/lib/fcheck/fcheck.dbf begun for [._[:alnum:]-]+ using config file /etc/fcheck/fcheck.cfg"$ debian/patches/0000755000000000000000000000000011717642372010627 5ustar debian/patches/series0000644000000000000000000000041211717642372012041 0ustar 01_cfg_unix_oel.patch 02_cfg_unix_paths.patch 03_cfg_gmt.patch 04_cfg_sha256.patch 05_cfg_local_settings.patch 06_executable_cfg_path.patch 07_executable_empty_dirs.patch 08_executable_error_message.patch 09_upstream_changelog.patch 10_fix_deprecation_warning.patch debian/patches/01_cfg_unix_oel.patch0000644000000000000000000002073311717642372014616 0ustar Description: Convert config file to UNIX EOLs Forwarded: not needed Author: Francois Marier Last-Update: 2011-10-12 --- a/fcheck.cfg +++ b/fcheck.cfg @@ -1,138 +1,138 @@ -# FCheck.cfg (Sol) -# -# Directories to be monitored are shown below. Multiple entries may be used -# by using the following 'keyword=variable' format: -# -# [Directory=(path/name)] -# [Directory=(path/name)] -# ... -# -# If you want recursive direcotry monitoring, place a / at the end of -# the directory name, otherwise the script will interpret the entry as a -# single file or single directory to monitor. -# -# For example the entry "Directory=/usr" -# will watch everything in the /usr directory -# -# and the entry "Directory=/etc/passwd" -# will monitor only the password file. -# -# while the entry "Directory=/usr/" -# will watch everything in the /usr directory, and everything -# recursively under it, (I.E. /usr/bin..., /usr/local/..., etc.) -# - -Directory = /usr/local/admtools/ -Directory = /tmp/ -#Directory = C:/WINNT/ - - - -# WARNING -# Use the following exclusions with care, -# only include log files that are constantly undating and are known to -# be written to frequently otherwise you can defeat the purpose of fcheck -# by excluding too much... -# -# Specific files, and/or directories can be excluded. -# -# If used, configure them as full paths and their filenames. Directory -# names must have a "/" appended to the end of its filename in the exclude -# section. -# - -#Exclusion = /tmp/dir/afile -Exclusion = /usr/local/admtools/data/ -#Exclusion = /usr/local/admtools/logs/ -#Exclusion = C:/WINNT/TEMP/ - - - - -# Miscellaneous settings are passed to fcheck from here. -# -# The baseline database files are to be kept under the "DataBase" directory -# that is defined next. -# -DataBase = /usr/local/admtools/logs/sol.dbf -#DataBase = C:/FCHECK/LOCALHOST.DBF - - - -# If you are using a read-only location. You can write the database files to -# one location, and read from an alternate read-only (CD-ROM?) location. -#ReadDB = /usr/local/data -#WriteDB = /usr/local/data - - - -# Your systems interface for passing messages to its log files, UNIX systems -# are typically found as "/usr/bin/logger". -# -# You could also send messages directly to a line printer if desired. -# -# Win32 platforms are forced to use line printers for now until a error -# logging module is created for NT platforms. -# -#Logger = /usr/bin/lpr -# -# As of version 2.7.50, you pass logger taglines (-t) options through here. -# Any other options can now be passed to third party loggers, scripts, etc. -Logger = /usr/bin/logger -tfcheck - -#AuthLogger = /usr/bin/logger -tfcheck -pauth.info -#AuthLogger = /usr/bin/logger -tfcheck -pauth.notice - - - -# This is the system command to determine a files type. Used to determine -# pipes, major/minor numbers. -# -# Only useful on Unix platforms, not portable to Windows (yet). -FileTyper = /bin/file - - - -# You may optionally set your hostname from the configuration file if FCheck -# is unable to determine it on its own. -# -#HostName = "Mikes" - - -# You may optionally set the system type from the configuration file if -# FCheck is unable to determine it on its own. -# Currently the only accepted option her is "System = DOS", otherwise FCheck -# will default to a UNIX system. -# -#System = Dos - - - -# This must be set only for readability by you. It in no way effects the scan -# function of FCheck. It only changes what is presented to the end user, so -# the times that are presented to you may not be accurate if not set. -TimeZone = EST5EDT - - - -# This is used only if you require/desire a hash signature to also be generated -# for each file by use of the '-s' flag. If you do not use the (s)ignature -# flag, then the following variable setting will not impact fcheck in any way. -#$Signature = /usr/bin/sum -#$Signature = /usr/bin/cksum -#$Signature = /usr/bin/md5sum -$Signature = /bin/cksum - - - -# Include an optional configuration file. -# [CFInclude = (path/config_file_name)] -#CFInclude - -# Used for individual file checking (I.E. FCheck databases!) -# -File = /usr/local/admtools/logs/sol.dbf - -# -# End of FCheck.cfg file -# +# FCheck.cfg (Sol) +# +# Directories to be monitored are shown below. Multiple entries may be used +# by using the following 'keyword=variable' format: +# +# [Directory=(path/name)] +# [Directory=(path/name)] +# ... +# +# If you want recursive direcotry monitoring, place a / at the end of +# the directory name, otherwise the script will interpret the entry as a +# single file or single directory to monitor. +# +# For example the entry "Directory=/usr" +# will watch everything in the /usr directory +# +# and the entry "Directory=/etc/passwd" +# will monitor only the password file. +# +# while the entry "Directory=/usr/" +# will watch everything in the /usr directory, and everything +# recursively under it, (I.E. /usr/bin..., /usr/local/..., etc.) +# + +Directory = /usr/local/admtools/ +Directory = /tmp/ +#Directory = C:/WINNT/ + + + +# WARNING +# Use the following exclusions with care, +# only include log files that are constantly undating and are known to +# be written to frequently otherwise you can defeat the purpose of fcheck +# by excluding too much... +# +# Specific files, and/or directories can be excluded. +# +# If used, configure them as full paths and their filenames. Directory +# names must have a "/" appended to the end of its filename in the exclude +# section. +# + +#Exclusion = /tmp/dir/afile +Exclusion = /usr/local/admtools/data/ +#Exclusion = /usr/local/admtools/logs/ +#Exclusion = C:/WINNT/TEMP/ + + + + +# Miscellaneous settings are passed to fcheck from here. +# +# The baseline database files are to be kept under the "DataBase" directory +# that is defined next. +# +DataBase = /usr/local/admtools/logs/sol.dbf +#DataBase = C:/FCHECK/LOCALHOST.DBF + + + +# If you are using a read-only location. You can write the database files to +# one location, and read from an alternate read-only (CD-ROM?) location. +#ReadDB = /usr/local/data +#WriteDB = /usr/local/data + + + +# Your systems interface for passing messages to its log files, UNIX systems +# are typically found as "/usr/bin/logger". +# +# You could also send messages directly to a line printer if desired. +# +# Win32 platforms are forced to use line printers for now until a error +# logging module is created for NT platforms. +# +#Logger = /usr/bin/lpr +# +# As of version 2.7.50, you pass logger taglines (-t) options through here. +# Any other options can now be passed to third party loggers, scripts, etc. +Logger = /usr/bin/logger -tfcheck + +#AuthLogger = /usr/bin/logger -tfcheck -pauth.info +#AuthLogger = /usr/bin/logger -tfcheck -pauth.notice + + + +# This is the system command to determine a files type. Used to determine +# pipes, major/minor numbers. +# +# Only useful on Unix platforms, not portable to Windows (yet). +FileTyper = /bin/file + + + +# You may optionally set your hostname from the configuration file if FCheck +# is unable to determine it on its own. +# +#HostName = "Mikes" + + +# You may optionally set the system type from the configuration file if +# FCheck is unable to determine it on its own. +# Currently the only accepted option her is "System = DOS", otherwise FCheck +# will default to a UNIX system. +# +#System = Dos + + + +# This must be set only for readability by you. It in no way effects the scan +# function of FCheck. It only changes what is presented to the end user, so +# the times that are presented to you may not be accurate if not set. +TimeZone = EST5EDT + + + +# This is used only if you require/desire a hash signature to also be generated +# for each file by use of the '-s' flag. If you do not use the (s)ignature +# flag, then the following variable setting will not impact fcheck in any way. +#$Signature = /usr/bin/sum +#$Signature = /usr/bin/cksum +#$Signature = /usr/bin/md5sum +$Signature = /bin/cksum + + + +# Include an optional configuration file. +# [CFInclude = (path/config_file_name)] +#CFInclude + +# Used for individual file checking (I.E. FCheck databases!) +# +File = /usr/local/admtools/logs/sol.dbf + +# +# End of FCheck.cfg file +# debian/patches/05_cfg_local_settings.patch0000644000000000000000000000076111717642372016011 0ustar Description: Include a local settings file Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553384 Forwarded: not needed Author: Francois Marier Last-Update: 2009-11-05 --- a/fcheck.cfg +++ b/fcheck.cfg @@ -159,6 +159,9 @@ $Signature = /usr/bin/sha256sum # Used for individual file checking (I.E. FCheck databases!) File = /var/lib/fcheck/fcheck.dbf +# Used for local settings +CFInclude = /etc/fcheck/fcheck.local.cfg + # # End of FCheck.cfg file # debian/patches/08_executable_error_message.patch0000644000000000000000000000123211717642372017213 0ustar Description: Improve error message when fcheck db is not writable Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=105556 Forwarded: no Author: Anthony Towns Last-Update: 2003-02-28 --- a/fcheck +++ b/fcheck @@ -1579,7 +1579,7 @@ if ($Verbose) { printf("debug: Processing host [%s]\n", $ThisHost); } if ($BaseLine) { # Open for write - open (DB, ">$DBFile") || &Error("no fcheck database exists! [$DBFile]"); + open (DB, ">$DBFile") || &Error("could not open fcheck database for writing! [$DBFile]: $!"); printf(DB "# - Host %s\n",$ThisHost); printf(DB "# - OS %s\n",$ThisOS); $#junk = -1; debian/patches/07_executable_empty_dirs.patch0000644000000000000000000000132511717642372016537 0ustar Description: Fix checking of empty directories Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=134799 Forwarded: no Author: Anthony Towns Last-Update: 2003-02-28 --- a/fcheck +++ b/fcheck @@ -578,7 +578,7 @@ sub GetDirDB $Dirname =~ s/\//_/g; if ($Verbose) { printf("debug: (GetDirDB) reading \n", $Dirname); } %BaseLineData = (); - if ((defined($begin{"$Dirname"})) && (defined($end{"$Dirname"})) && ($begin{"$Dirname"} <= $end{"$Dirname"})) + if ((defined($begin{"$Dirname"})) && (defined($end{"$Dirname"})) && ($begin{"$Dirname"} <= $end{"$Dirname"} + 1)) { for ($index=$begin{"$Dirname"}; $index<$end{"$Dirname"} + 1; $index++) { debian/patches/09_upstream_changelog.patch0000644000000000000000000000534311717642372016034 0ustar Description: Add historical upstream changelog Forwarded: not needed Origin: http://web.archive.org/web/20050608074733/http://www.geocities.com/fcheck2000/FAQ.html Last-Update: 2000-11-07 --- /dev/null +++ b/Changelog @@ -0,0 +1,83 @@ +Version 2.7.51 + + * Final checkin for revision control of the stable version. + +Version 2.7.50 + + * Modified parsing routine of the "logger" variable to allow user defined + option flags. + + * Finally got around to fixing the trailing space bug in the configuration + file. Now the parser is less strick of the varying editors being used to + create configuration files. + +Version 2.7.49 + + * Fixed option when told to ignore creation dates to also check file size. + + * Fixed option when told to ignore diretory names (-d), when you are not + checking recursively and don't want to see directory Inode changes. + +Version 2.7.47 + + * Removed the pre-defined "-t" (tag) option used by logger to allow for + user defined output devices: scritps, programs, or device files. + + * This also fixed a reported glitch with European and some US spellings + for filenames that contain a single quote (D'Abo) was fixed. (This was + a bonus of the removal of forced flags above). + + * Fixed a typo found under permission calculations: + + local ($ftype) = $ftype[($mode & 0170000)>>12]; + +Version 2.7.46 + + * Minor improvements and documentation efforts made. + + * Replaced uneeded date coding to compensate epoch of January 1, 1970 GMT + + $year += ($year < 70) ? 2000 : 1900; + + with a simpler + + $year += 1900; + + No (Y2K) harm was detected, it just wasted space. + +Version 2.07.45 + + * Added (per request), optional file hash and CRC calculations signature + abilityes. This was included as an all or nothing switch '-s' so that + operation could still remain an easy 'set and forget'. + +Version 2.07.40 + + * Changed the array lookups to associative array lookups to gain + performance. + + * Removed un-needed lines of code left in from previous edits. + + * Updated documentation. + +Version 2.07.38 + + * RedHat Linux users needed the message string enclosed in quotes + for logger to function properly. + + * Fixed spelling and documentation errors that initially slipped by. + +Version 2.07.34 + + * FCheck now runs on DOS based platforms by use of an internally + coded "ls" replacement. + + * By making FCheck available to run on DOS based platforms, the + remote operations needed to be removed. This feature offers too + much temptation to open another security hole by use of the "remsh" + command. + +Version 2.06.27 + + * Initial version released for public usage, after receiving feedback + it was decided to continue support with additional features. debian/patches/06_executable_cfg_path.patch0000644000000000000000000000127111717642372016132 0ustar Description: Fix config file path in main script Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=159478 Forwarded: not needed Author: Anthony Towns Last-Update: 2003-02-28 --- a/fcheck +++ b/fcheck @@ -216,7 +216,7 @@ # # ############################################################################# # This should be passed through the command line, but hard coding still works -$config="/usr/local/admtools/conf/fcheck.cfg"; +$config="/etc/fcheck/fcheck.cfg"; #$config="C:/Work/fcheck/fcheck.cfg"; ############################################################################# debian/patches/10_fix_deprecation_warning.patch0000644000000000000000000000067411717642372017047 0ustar Description: Remove assignment to deprecated $[ Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660081 Author: Francois Marier Forwarded: no Last-Update: 2012-02-18 --- a/fcheck +++ b/fcheck @@ -1363,7 +1363,6 @@ sub toupper sub ctime { local($time) = @_; - local($[) = 0; local($sec, $min, $hour, $mday, $mon, $year, $wday); @WeekDay = ('Sun','Mon','Tue','Wed','Thu','Fri','Sat'); debian/patches/04_cfg_sha256.patch0000644000000000000000000000066711717642372014013 0ustar Description: Switch to sha256 hash algorithm Forwarded: not needed Author: Francois Marier Last-Update: 2009-03-15 --- a/fcheck.cfg +++ b/fcheck.cfg @@ -149,8 +149,7 @@ TimeZone = EST5EDT #$Signature = /usr/bin/sum #$Signature = /usr/bin/cksum #$Signature = /usr/bin/md5sum -$Signature = /bin/cksum - +$Signature = /usr/bin/sha256sum # Include an optional configuration file. debian/patches/03_cfg_gmt.patch0000644000000000000000000000107111717642372013557 0ustar Description: Default to the GMT timezone Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=97967 Forwarded: not needed Author: Graham Simpson Last-Update: 2001-05-23 --- a/fcheck.cfg +++ b/fcheck.cfg @@ -139,7 +139,7 @@ FileTyper = /usr/bin/file # This must be set only for readability by you. It in no way effects the scan # function of FCheck. It only changes what is presented to the end user, so # the times that are presented to you may not be accurate if not set. -TimeZone = EST5EDT +TimeZone = GMT debian/patches/02_cfg_unix_paths.patch0000644000000000000000000000607311717642372015160 0ustar Description: Use UNIX and Debian paths in config file Forwarded: not needed Author: Francois Marier Last-Update: 2011-10-12 --- a/fcheck.cfg +++ b/fcheck.cfg @@ -22,9 +22,20 @@ # recursively under it, (I.E. /usr/bin..., /usr/local/..., etc.) # -Directory = /usr/local/admtools/ -Directory = /tmp/ -#Directory = C:/WINNT/ +Directory = / +Directory = /etc/ +Directory = /bin/ +Directory = /sbin/ +Directory = /lib/ +Directory = /usr/bin/ +Directory = /usr/sbin/ +Directory = /usr/lib/ + +# Optionally may want to add the following: +#Directory = /usr/ +#Directory = /usr/X11R6/bin +#Directory = /usr/X11R6/lib +#Directory = /var/ @@ -41,28 +52,45 @@ Directory = /tmp/ # section. # -#Exclusion = /tmp/dir/afile -Exclusion = /usr/local/admtools/data/ -#Exclusion = /usr/local/admtools/logs/ -#Exclusion = C:/WINNT/TEMP/ - - +Exclusion = /tmp/ +Exclusion = /var/ +Exclusion = /lib/udev/devices/ +Exclusion = /run/ + +# Other common paths you may need to exclude +#Exclusion = /etc/mtab +#Exclusion = /etc/resolv.conf +#Exclusion = /etc/cups/cupsd.conf +#Exclusion = /etc/cups/cupsd.conf.O +#Exclusion = /etc/cups/printers.conf +#Exclusion = /etc/cups/printers.conf.O +#Exclusion = /etc/ld.so.cache +#Exclusion = /etc/network/run/ifstate +#Exclusion = /etc/adjtime +#Exclusion = /etc/motd +#Exclusion = /etc/default/ntpdate.dhcp +#Exclusion = /etc/ntp.conf.dhcp +#Exclusion = /etc/logcheck/ +#Exclusion = /etc/.bzr/ +#Exclusion = /etc/.git/ +#Exclusion = /etc/.hg/ +#Exclusion = /etc/.etckeeper +#Exclusion = /etc/.gitignore # Miscellaneous settings are passed to fcheck from here. # -# The baseline database files are to be kept under the "DataBase" directory -# that is defined next. +# The "DataBase" keyword points to the absolute path/filename of the baseline +# database file, and is defined next. # -DataBase = /usr/local/admtools/logs/sol.dbf -#DataBase = C:/FCHECK/LOCALHOST.DBF +DataBase = /var/lib/fcheck/fcheck.dbf # If you are using a read-only location. You can write the database files to # one location, and read from an alternate read-only (CD-ROM?) location. -#ReadDB = /usr/local/data -#WriteDB = /usr/local/data +#ReadDB = /usr/local/data/fcheck.dbf +#WriteDB = /usr/local/data/fcheck.dbf @@ -88,8 +116,8 @@ Logger = /usr/bin/logger -tfcheck # This is the system command to determine a files type. Used to determine # pipes, major/minor numbers. # -# Only useful on Unix platforms, not portable to Windows (yet). -FileTyper = /bin/file +# Only useful on Unix platforms, not portable to Windows (yet?!?!). +FileTyper = /usr/bin/file @@ -130,8 +158,7 @@ $Signature = /bin/cksum #CFInclude # Used for individual file checking (I.E. FCheck databases!) -# -File = /usr/local/admtools/logs/sol.dbf +File = /var/lib/fcheck/fcheck.dbf # # End of FCheck.cfg file debian/fcheck.pod0000644000000000000000000000560111717642372011131 0ustar =head1 NAME fcheck - IDS filesystem baseline integrity checker =head1 SYNOPSIS fcheck [OPTIONS] =head1 OPTIONS The options to fcheck are defined below: =over =item B<-a> Automatic mode, do all directories in configuration file. =item B<-c> Create a new base line database for the given directory. =item B<-d> Directory names are to be monitored for changes also. =item B<-f filename> Use alternate 'filename' as the configuration file. =item B<-i> Ignore creation times, check permissions, adds, deletes only. =item B<-h> Append the $HOSTNAME to the configuration filename. =item B<-l> Log information to logger rather than stdout messages. =item B<-r> Report mode, great for emailed status reports. =item B<-s> Sign each file with a CRC/hash signature. =item B<-v> Verbose mode, not used for report generation. =item B<-x> eXtended unix checks, # of links, UID, GID, Major/Minor checks. =back =head1 DESCRIPTION =head2 Overview The fcheck utility is an IDS (Intrusion Detection System) which can be used to monitor changes to any given filesystem. Essentially, fcheck has the ability to monitor directories, files or complete filesystems for any additions, deletions, and modifications. It is configurable to exclude active log files, and can be ran as often as needed from the command line or cron making it extremely difficult to circumvent. =head2 Operation and Getting Started Flag passing is a fairly simple process. Primarily you will be using two commands. One builds (or rebuilds) your baseline database files (system snapshots). The second runs in a scanning comparison mode. C<"fcheck -ac"> Builds the baseline database. C<"fcheck -a"> Comparison scans the system against the baseline database. For normal operation: Initially you will run fcheck by issuing the command "fcheck -ac" to create the initial baseline file used for comparison. Any runs after the creation of the basline will normally be with the following flags "fcheck C<-a>" to scan for any system modifications. After a scan is completed, you will probably want to have fcheck re-create its baseline database for the next comparison cycle. Otherwise you will be seeing every system modification since the last baseline re-build. In other words, run the C<"fcheck -ac"> command again. (Advanced Note:) A more intensive system check would be accomplished by building your database to include GID/UID checks, directories, and CRC checks by using the following sample syntax: "fcheck -cadsxlf /etc/fcheck/fcheck.cfg" And provide periodic integrity scans from cron by using the following sample syntax: "fcheck -adsxlf /etc/fcheck/fcheck.cfg" =head1 AUTHOR Author: Copyright (C) 1996 Michael A. Gumienny Debianized by: Graham Simpson =head1 SEE ALSO Please also refer to the excellent README and INSTALL instructions provided with the package F. =cut debian/compat0000644000000000000000000000000211717642372010376 0ustar 8