Home
Downloads
What's New
 
 Related   Information
  FAQ
  History
  Announcements
 
 Available   Software
  FCheck
  Finddups
  Shadmrg
  TivScan
  

FCheck

Intrusion Detection - Policy Enforcement


The only way to tell what has been modified on your system is by a snapshot of your complete file systems, before the modification or intrusion took place.

FCheck fills in that missing information by not only generating the needed "pristene" system snapshot, but when properly configured and used, will monitor the system and immediately report any deviations from that original snapshot.

FCheck is an open source PERL script providing intrusion detection and policy enforcement of Windows 95/98/NT/3.x and Unix server administration through the use of comparative system snapshots. FCheck can provide notification of any differences found through use of your event management system, printer, and/or email when any monitored files or directories are altered, including any additions and/or deletions.

A Little History
During the craze to out-source "everything", you may have noticed that your own systems have developed unique configurations as they have passed hands. Little system modifications that have long since lost their purpose or reason are left alone in fear. Why was it done, and when? Who knows.

FCheck was developed out of necessity from a similar situation when my own company outsourced it administrators when this craze first started. Being the person that went to the meetings, not knowing that a complete file-system had been removed, happened only once. My "staff" had forgotten to notify me of the change, along with several other changes. I needed a way to monitor the system for any modifications that would report back to me immediately to stay abreast of thier whimsical changes. Thus, FCheck was born.

FCheck grew into an overnight success with its ease of use, even though I did not see its complete potential at first. When a surprise Security Audit Team arrived, the full potential was soon recognized. Having several tools already in place to satisfy their demands, the auditors thought they had us when a baseline snapshot of the system was requested. Expecting to hear that we had no such tool in place, they were eager to learn more about FCheck and its abilities.

Essentially, FCheck has the ability to monitor directories, files or file-systems, for any additions, deletions, and modifications. It is configurable to exclude log files, and can be ran as often as needed making it extremely difficult to circumvent.

FCheck in it's current state runs as a PERL script on any platform that supports PERL and long filenames. That means FCheck is not limited to UNIX platforms, but can run on Win32 platforms with PERL installed. Currently only one other baseline system security tool exist (Tripwire), and is purchasable with licensing agreements, etc. All FCheck code is written from scratch, and is owned solely by the author, but rights are granted for its usage to any site that desires free baseline security measures.

What does FCheck require?
FCheck has been tested and is known to run on the following platforms with PERL installed:

  • AIX
  • BSD and variants (BSDi, FreeBSD, etc.)
  • HP/UX
  • Linux
  • SCO
  • Solaris
  • SunOS
  • Windows 95/98/NT
  • and Windows 3.x (with slight modifications)

If this script helps to provide some peace of mind to other individuals then drop me an Email at the address below, or take a moment to sign the guestbook.

Download FCheck

Download the FCheck application here.


All Material Copyright ©1996-2000 Michael A. Gumienny
Contact Me
Page last updated: 2000/11/07
1