Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work on all platforms (it only needs Perl and a few standard modules), including Windows, Linux, Unix.
The configuration syntax is very close from tripwire/aide.
Homepage
Download
Recent Releases
3.8.112 Sep 2024 12:42
minor feature:
A backup is now done before an update's scan.
The allow_overload directive apply on all configuration.
Exclusions apply also on directories.
3.8.010 Apr 2023 03:25
major feature:
New experimental directive mask_sysupdate to remove alerts from system updates changes
3.6.008 Dec 2017 13:53
minor feature:
code refactorisation (classes)
fix windows installer and launcher
3.5.310 Feb 2017 12:55
minor feature:
code refactorisation (classes)
afick_learn_tk tool
3.5.206 Aug 2016 07:05
minor feature:
Control
3.5.104 Dec 2015 11:26
minor feature:
this release comes with 2 changes :
- installers
+ unix : the default tgz install is changed to install afick on /opt. The old is still
available (consult INSTALL doc)
+ windows : the install program is now build by inno setup, which is a living software
- new tools
+ afick_learn : will help improve config file by removing false positive
+ afick_format : can rewrite afick output for human beings (html) or computers (xml)
3.5.013 May 2015 15:18
major feature:
this releases is the end of 3 years of afick recoding : it uses a new Afick::Cfg class to manage the configuration. It allows a better software design and software testing.
3.4.316 Apr 2015 12:07
minor feature:
this release was built to fix the 2 following problems :
1) changing attributes in a rule should not change the afick's report (files are not changed)
2) some attributes (inode/mtime) are not meaningfull to detect a file change, but are interesting for
analysis
So the code was changed :
until 3.4.2 : only required attributes are stored in the database
from 3.4.3 : store all attributes in database and use required attributes (inode, file_size, checksum ...) to detect file changes
bug fix
(afick) fix sparse error Odd number of elements in anonymous hash
(afick-tk) after save config, reload only if same name
improvements
better file change detection (less false positives)
incompatiblities
(linux, windows) remove inode, mtime from default rules (dummy change detection)
plugins output may also change, because they can access many more data
others
(afick) rename all same variables with same name ra_toscan
(afick) add internal doc
(afick) clean code, remove dead code (test_dbm_available, make_regex)
(afick) rename update sub into update_database
(afick) remove Nbmod global variable
(control) control sub also use is_changed