Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
YAFIC(1)		    General Commands Manual		      YAFIC(1)

       yafic --	yet another file integrity checker

       yafic [-HVhpvs]	[-C config] [-k	keyfile] [-r root] [-c known-database]
	     [-u new-database |	-d exist-database ]

       yafic [-Vhv] [-r	root] [-t type]	-l database

       yafic is	Yet Another File Integrity Checker.  yafic  saves  information
       about the state of a filesystem to a database. Later, yafic can be used
       to compare the current state of the filesystem against the saved	 data-
       base, letting you know of any changed, added, or	removed	files.

       yafic  reads  a	configuration file (see	yafic.conf(5)) which specifies
       how it should examine the filesystem.

       See NOTES below for information on yafic's cryptographic	support.

       The options are as follows:

       -H     Outputs to stderr	the SHA-1  hash	 of  new-database.   If	 given
	      twice,  the  SHA-1  hashes of config and known-database are also

       -V     Display version information.

       -h     Display help summary.

       -p     Expect keyfile to	be a public key	rather than a private key.

       -v     Increase verbosity. May be given multiple	times. More than twice
	      will slow	yafic down!

       -s     Show simple output. If given twice, output will be even simpler!
	      (``cvs update'' style)

       -C config
	      Specifies	an alternate configuration file	 to  use.  By  default
	      yafic.conf is read from the current directory.

       -k keyfile
	      Specifies	 an RSA/DSA key	to use for signing/verification	opera-
	      tions. By	default, keyfile is expected to	be a private key  (see
	      the -p option above).

       -r root
	      Specifies	 an  alternate	root.  The  default  root is ``/''. If
	      given, all paths specified in yafic.conf are taken  relative  to

       -c known-database
	      Checks  the state	of the filesystem against known-database.  Any
	      modified or added	files are reported. In order for removed files
	      to  be  reported,	the -u option must be given as well. If	known-
	      database is ``-'', the default yafic.db is assumed.

       -u new-database
	      Examine the current state	of the filesystem and save it to  new-
	      database.	 If new-database is is ``-'', then it is assumed to be

       -d exist-database
	      Rather than comparing known-database with	the filesystem,	it  is
	      instead  compared	 with  exist-database.	 The -c	option must be
	      given as well. This is  mutually	exclusive  of  the  -u	option

       -l database
	      List  entries  in	database.  The entries will not	be in any spe-
	      cific order. If the -v option  is	 given,	 in  addition  to  the
	      names,  the various file attributes for each entry are also dis-

       -t type
	      By default, -l will list all entries. The	listing	can be limited
	      to  certain  types of entries by this option.  type may be a one
	      or more of the following:

	      d	     List directories.

	      f	     List files.

	      l	     List symbolic links.

	      s	     List special files. (i.e. everything else)

       Note that if neither -c,	-u or -l options are given,  then  nothing  is
       done  beyond  parsing  the configuration	file. Used in conjunction with
       -vv (-v given twice), this can useful for verifying that	the configura-
       tion  file  is  being  parsed  the  way you think it is.	(Each entry is
       listed along with the flags for itself as well as its  contents.	 ``-''
       denotes that the	entry or its contents are ignored.)

       The  -k	and  -p	 options are only available if yafic was compiled with
       crypto support (the default).

       If the -k option	is given, then config, known-database (if  given)  and
       exist-database  (if  given)  will  be verified against their respective

       A signature for new-database will be created if and only	if -k is given
       and keyfile is a	private	key.

       keyfile is expected to be an RSA	or DSA key. See	openssl(1), genrsa(1),
       gendsa(1), and specifically:

       Signatures can be created and verified  independently  of  yafic.   See
       yafic-sign(1) and yafic-check(1).

       Signature  files	 have  the same	name as	their corresponding files, but
       with the	extension .sig.

       yafic exists with one of	the following values:

       0      yafic completed successfully.

       1      An error occurred.

       2      There was	a problem with the arguments given to yafic.

       3      The verification of a file against its signature failed.

	      Default configuration file.

	      Default known database.

	      Default updated database.

       yafic-sign(1), yafic-check(1),  yafic.conf(5),  openssl(1),  genrsa(1),

			       December	12, 2003		      YAFIC(1)


Want to link to this manual page? Use this URL:

home | help