afick 3.6.0

Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work on all platforms (it only needs Perl and a few standard modules), including Windows, Linux, Unix. The configuration syntax is very close from tripwire/aide.

Tags security perl file-checking monitoring
License GNU GPL
State stable

Recent Releases

3.6.008 Dec 2017 13:53 minor feature: code refactorisation (classes) fix windows installer and launcher
3.5.310 Feb 2017 12:55 minor feature: code refactorisation (classes) afick_learn_tk tool
3.5.206 Aug 2016 07:05 minor feature: Control
3.5.104 Dec 2015 11:26 minor feature: this release comes with 2 changes : - installers + unix : the default tgz install is changed to install afick on /opt. The old is still available (consult INSTALL doc) + windows : the install program is now build by inno setup, which is a living software - new tools + afick_learn : will help improve config file by removing false positive + afick_format : can rewrite afick output for human beings (html) or computers (xml)
3.5.013 May 2015 15:18 major feature: this releases is the end of 3 years of afick recoding : it uses a new Afick::Cfg class to manage the configuration. It allows a better software design and software testing.
3.4.316 Apr 2015 12:07 minor feature: this release was built to fix the 2 following problems : 1) changing attributes in a rule should not change the afick's report (files are not changed) 2) some attributes (inode/mtime) are not meaningfull to detect a file change, but are interesting for analysis So the code was changed : until 3.4.2 : only required attributes are stored in the database from 3.4.3 : store all attributes in database and use required attributes (inode, file_size, checksum ...) to detect file changes bug fix (afick) fix sparse error Odd number of elements in anonymous hash (afick-tk) after save config, reload only if same name improvements better file change detection (less false positives) incompatiblities (linux, windows) remove inode, mtime from default rules (dummy change detection) plugins output may also change, because they can access many more data others (afick) rename all same variables with same name ra_toscan (afick) add internal doc (afick) clean code, remove dead code (test_dbm_available, make_regex) (afick) rename update sub into update_database (afick) remove Nbmod global variable (control) control sub also use is_changed