Codebase list filetraq / 263029e5-a155-4cc0-979f-f30cb279bc60/main
263029e5-a155-4cc0-979f-f30cb279bc60/main

Tree @263029e5-a155-4cc0-979f-f30cb279bc60/main (Download .tar.gz) 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
README for FileTraq v0.2
Copyright (c) 2000 Jeremy Weatherford
See file COPYING included with distribution.

----> Code, development, contact

The latest filetraq release is available from
https://packages.debian.org/src:filetraq .  Please use the Debian bugtracking
system at https://bugs.debian.org/ for any feedback.  If you really need to
contact the current maintainer privately: Joost van Baal-Ilić
<joostvb-filetraq@mdcc.cx> .

Code is maintained using git at https://salsa.debian.org/debian/filetraq .

Below is Jeremy Weatherford's original README for FileTraq.


----> What's it do?

FileTraq is designed to be run periodically from the root crontab.  Each time,
it compares a list of system files with the copies that it keeps.  Any changes
are reported in diff or patchfile style, and dated backup copies are kept.

----> What's that good for?

It's designed to be an easy way to ensure that no system files are changed
without your knowledge.  If you're worried about people breaking in and
changing things without you noticing, or just worried about the other guy
with root on the box changing things and forgetting to tell you, it's a good
way to keep tabs on configuration files.

It can even be useful to add some sanity to your own life, by reminding you
when files are changed.  If you keep track of the messages you get back from
FileTraq, you'll have a rudimentary file history that will allow you to flip
back to see when you changed a certain thing.  Dated backups are also kept,
just in case you nuke a file.

----> How's it work?

It's just a little shell script that reads a list of files to watch, runs diff
against each file and its backup, and reports any discrepancies, along with
keeping a dated backup of the original.

----> Is there anything wrong with it?

Right now, it doesn't take care of its backups very well.  The dated backups
will accumulate in the backups directory, bounded only by diskspace.  If anyone
has an idea for a SIMPLE way to keep backups in check, let me know.

It only handles text files -- this isn't a Tripwire replacement for use with
system binaries.  I suppose it could be, though.

FileTraq is not well tested or hardened.  It runs as root, but all of its
config files should only be accessible by root.  No security holes are known
at this time, but please be careful.

----> How do I send feedback?

I'm glad you asked...  Jeremy Weatherford <xidus@xidus.net>

There's a homepage for FileTraq at http://filetraq.xidus.net

Feedback is definitely welcome, especially about proposed features.

----> Legalese

This program is distributed under the terms of the GNU Public License.
See the file COPYING included with this distribution.

--------------------------------------------------------------------------

FileTraq versions 0.2 and earlier came with scripts for installation and
uninstallation.  Since 0.3, the preferred way of installing FileTraq is via
binary packages (.deb, .rpm, ...).  If you really want to do things manually,
see below.

----> Upgrading

To upgrade a previous version of FileTraq, simply follow the procedure
below, specifying the same directories as before, and the new version will
replace the old one.  Your backups and config files will continue to work
with the new version.

----> Installation

First, be root.
$ su

Extract the archive if you haven't already.
# tar -xvzf filetraq-0.2.tgz
# cd filetraq-0.2

Optionally, edit pathnames in the script filetraq to your taste.  Then, copy
the script to e.g. /usr/sbin/filetraq.  Optionally, adjust filetraq.conf to
your needs.  Then copy filetraq.conf to e.g. /etc/filetraq.conf.

# crontab -e
(add an entry to run FileTraq periodically.  Every 5 minutes, say)

Sample crontab entry: (every five minutes)
*/5 * * * * /usr/local/sbin/filetraq

Most modern cron daemons support the syntax */5.  If yours doesn't, substitute
0,5,10,15,20,25,30,35,40,45,50,55 for the */5.

Make sure the output from the crontab is being mailed to you.  If there's
no MAILTO= setting in the crontab, the output should be mailed to root.  If
you want it mailed to a specific user, add a MAILTO=user line at the top.

You'll get one initial mailing when it runs the first time, then it'll be quiet
until there are changes.

If you don't receive an initial mailing at the designated time, make sure the
cron daemon is actually running.  If a ps auxc | grep crond doesn't show
anything running, start it manually, then make sure it will start when your
system boots.

Edit /usr/local/filetraq/filetraq.conf (or wherever you put it) to add/delete
files to be monitored.

See the README file if you want more information.

That's that.

----> Uninstallation:

There's an uninstall.sh script that should work fairly well for removing all
of FileTraq's files.

# ./uninstall.sh
(review info and confirm)

And it'll be uninstalled.

Commit History @263029e5-a155-4cc0-979f-f30cb279bc60/main