systraq(8) [debian man page]
SYSTRAQ(8) [FIXME: manual] SYSTRAQ(8) NAME
systraq - monitors your system and warns you when files change SYNOPSIS
systraq DESCRIPTION
systraq is part of the systraq package, a set of scripts that monitors your system for file changes. It is meant to be run by a cronjob, not directly. systraq runs various system commands, to inspect the state of the system: what is it doing now?, what has it been doing recently?, are we running to hardware limitations?. Furthermore, it runs commands to inspect some files in users' homedirectories, as well as some system files, for frequently seen flaws. All these commands are maintained in little scripts in /etc/systraq/systraq.d. The first two characters of the script's name are used for the execution-order. The names of executable files in systraq.d/ (or symlinks to such files) must consist entirely of upper and lower case letters, digits, underscores, and hyphens. Files which not adhere will be silently ignored. The systraq script supplies some environment variables to the scripts in systraq.d/, these might be helpful when adding your own scripts. Refer to the (very small) systraq code itself for the details. We'll elaborate on some of the shipped systraq.d/ scripts. AA-shellrc checks for unsafe umask setting in shell startup scripts, or unsafe PATH in these scripts. AA-debsums runs debsums, to check md5sums as stated in packaging files with the sums of the actual files running the system. (NB: debsums has support for md5 checksums only, most Debian packages ship md5 checksums only. Therefore, we can't use sha256sum. See also the discussion on proposed release goal: DEBIAN/md5sums for all packages[1] at the Debian release mailinglist in August 2007 as well as Debian Bug #268658[2] for some considerations on this.) AA-localdigest runs sha256sum (or the command set in the ST_SUM environment variable) to check message digests as locally maintained in a file named in the ST_LDIGESTS environment variable. Typically, this is set to /var/lib/systraq/systraq.sums. If this environment variable is unset, this check is silenty skipped. Of course, you can add your own scripts. If you name them AA-local, they'll never get overwritten by any version of this software. If you don't like one of these scripts, you can disable it by removing the symlink, and creating a new symlink with the same name pointing to /bin/true. SEE ALSO
The systraq Manual, installed in /usr/share/doc/systraq. VERSION
$Id: systraq.dbx 374 2008-12-14 08:47:32Z joostvb $ AUTHORS
Joost van Baal <joostvb-systraq-20041015@mdcc.cx> Author. Laurent Fousse <laurent@komite.net> Author. COPYRIGHT
Copyright (C) 2001-2008 Joost van Baal Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. This document is based upon a manual page written by Laurent Fousse for the Debian project. NOTES
1. proposed release goal: DEBIAN/md5sums for all packages http://lists.debian.org/debian-release/2007/08/threads.html#00086 2. Debian Bug #268658 http://bugs.debian.org/268658 [FIXME: source] 17 december 2008 SYSTRAQ(8)
Check Out this Related Man Page
DEBSUMS(1) User Commands DEBSUMS(1) NAME
debsums - check the MD5 sums of installed Debian packages SYNOPSIS
debsums [options] [package|deb] ... DESCRIPTION
Verify installed Debian package files against MD5 checksum lists from /var/lib/dpkg/info/*.md5sums. debsums can generate checksum lists from deb archives for packages that don't include one. OPTIONS
-a, --all Also check configuration files (normally excluded). -e, --config Only check configuration files. -c, --changed Report changed file list to stdout (implies -s). -l, --list-missing List packages (or debs) which don't have an MD5 sums file. -s, --silent Only report errors. -m, --md5sums=file Read list of deb checksums from file. -r, --root=dir Root directory to check (default /). -d, --admindir=dir dpkg admin directory (default /var/lib/dpkg). -p, --deb-path=dir[:dir...] Directories in which to look for debs derived from the package name (default is the current directory). A useful value is /var/cache/apt/archives when using apt-get autoclean or not clearing the cache at all. The command: apt-get --reinstall -d install `debsums -l` may be used to populate the cache with any debs not already in the cache. Note: This doesn't work for CD-ROM and other local sources as packages are not copied to /var/cache. Simple file sources (all debs in a single directory) should be added to the -p list. -g, --generate=[missing|all][,keep[,nocheck]] Generate MD5 sums from deb contents. If the argument is a package name rather than a deb archive, the program will look for a deb named package_version_arch.deb in the directories given by the -p option. missing Generate MD5 sums from the deb for packages which don't provide one. all Ignore the on disk sums and use the one supplied in the deb, or generated from it if none exists. keep Write the extracted/generated sums to /var/lib/dpkg/info/package.md5sums. nocheck Implies keep; the extracted/generated sums are not checked against the installed package. For backward compatibility, the short option -g is equivalent to --generate=missing. --no-locale-purge Report missing locale files even if localepurge is configured. --no-prelink Report changed ELF files even if prelink is configured. --ignore-permissions Treat permission errors as warnings when running as non-root. --help --version Print help and version information. EXIT STATUS
debsums returns 0 on success, or a combination* of the following values on error: 1 A specified package or archive name was not installed, invalid or the installed version did not match the given archive. 2 Changed or missing package files, or checksum mismatch on an archive. 255 Invalid option. *If both of the first two conditions are true, the exit status will be 3. EXAMPLES
debsums foo bar Check the sums for installed packages foo and bar. debsums foo.deb bar.deb As above, using checksums from (or generated from) the archives. debsums -l List installed packages with no checksums. debsums -ca List changed package files from all installed packages with checksums. debsums -ce List changed configuration files. debsums -cagp /var/cache/apt/archives As above, using sums from cached debs where available. apt-get install --reinstall $(dpkg -S $(debsums -c) | cut -d : -f 1 | sort -u) Reinstalls packages with changed files. RESULTS
OK The file's md5sum is good. FAILED The file's md5sum does not match. REPLACED The file has been replaced by a file from a different package. NOTES
The default installation of debsums package sets the debconf boolean value debsums/apt-autogen to be "true". This will create /etc/apt/apt.conf.d/90debsums as: DPkg::Post-Invoke { "debsums --generate=nocheck -sp /var/cache/apt/archives"; }; by the postinst script (>=2.0.7). Every APT controlled package installation processes will execute this code fragment to generate the missing md5sums files from the binary packages. In order to create md5sums files for the already installed packages, you must run debsums_init once after the installation of debsums pack- age. SEE ALSO
md5sum(1), debsums_init(8) ENVIRONMENT
TMPDIR Directory for extracting information and contents from package archives (/tmp by default). CAVEATS
While in general the program may be run as a normal user, some packages contain files which are not globally readable so cannot be checked. Privileges are of course also required when generating sums with the keep option set. Files which have been replaced by another package may be erroneously reported as changed. debsums is intended primarily as a way of determining what installed files have been locally modified by the administrator or damaged by media errors and is of limited use as a security tool. If you are looking for an integrity checker that can run from safe media, do integrity checks on checksum databases and can be easily con- figured to run periodically to warn the admin of changes see other tools such as: aide, integrit, samhain, or tripwire. AUTHOR
Written by Brendan O'Dea <bod@debian.org>. Based on a program by Christoph Lameter <clameter@debian.org> and Petr Cech <cech@debian.org>. COPYRIGHT
Copyright (C) 2002 Brendan O'Dea <bod@debian.org> This is free software, licensed under the terms of the GNU General Public License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Debian 2007-11-29 DEBSUMS(1)