設定
/etc/fcheck/fcheck.cfg
# fcheck 會建立及查核以下目錄
Directory = / <-- 沒有 recursive direcotry monitoring
Directory = /etc/ <-- recursive direcotry
Directory = /bin/
Directory = /sbin/
Directory = /lib/
Directory = /usr/bin/
Directory = /usr/sbin/
Directory = /usr/lib/
# 如果有 "Directory = /" 那就要有以下的 "Exclusion"
Exclusion = /tmp/
Exclusion = /var/
Exclusion = /etc/mtab <-- 尾沒有 "/" 就是檔案來
# 校檢的 DB 放在那麼, 最好是放在只能 "寫入" 一次的地方
DataBase = /var/lib/fcheck/fcheck.dbf
#ReadDB = /usr/local/data/fcheck.dbf
#WriteDB = /usr/local/data/fcheck.dbf
# 改用 cksum 來提升效能 (加入 '-s' 參數時用到)
$Signature = /usr/bin/cksum
#$Signature = /usr/bin/md5sum
檢查設定檔:
fcheck -v /etc/fcheck/fcheck.cfg
-v Verbose mode.
使用:
fcheck [-acdfhilrsvx] [config filename] [directory]
-a Automatic mode, do all directories in configuration file.
-c Create base-line database.
-x eXtended Unix checks - Nlinks, UID, GID, Major/Minor numbers.
7105 root 20 0 3756 236 192 R 100 0.0 2:35.17 md5sum
自動執行:
/etc/cron.d/fcheck