Afick: The Complete Beginner’s Guide

Afick Explained: Features, Benefits, and Use Cases

What Afick is

Afick (Another File Integrity Checker) is an open-source file integrity monitoring tool—a portable clone of AIDE/Tripwire—designed to detect new, deleted, or modified files on a host to help with intrusion detection.

Key features

• Command-line core: Main Perl scripts (afick.pl) for init/check/update/compare operations.
• Multiple backends: Uses SDBM historically; newer releases detect and use the best available DB backend.
• Configurable scans: Include/exclude by suffix, prefix, regular expressions, chroot support, and environment-variable expansion.
• Automatic scheduling helpers: afick_cron for Unix and afick_planning.pl for Windows to run regular checks.
• Graphical and web interfaces (optional): Perl/Tk GUI (afick-tk.pl) and a Webmin module for remote config and analysis.
• Archiving & history: Optional archive and history files for report retention; export/import and CSV export available.
• Control and integrity files: Generates a control file to protect the database and supports archive/report management tools (afick_archive.pl).
• Resident/real-time efforts (afickrt): Early-stage work to provide near-real-time notifications using file-alteration monitors.

Benefits

• Detects unauthorized changes: Helps identify tampering, malicious changes, or accidental modifications.
• Portable and lightweight: Written in Perl with minimal dependencies, runs on many Unix-like and Windows systems.
• Flexible configuration: Fine-grained inclusion/exclusion rules and environment-driven config make it adaptable.
• Supports automation: Designed to run regularly (cron/batch) for continuous monitoring.
• Simple recovery/audit: History, archives, and export formats aid forensic analysis and audits.

Common use cases

• Server integrity monitoring for Unix/Linux and Windows systems.
• Complementing intrusion detection systems and security audits.
• Compliance support where file-change auditing is required.
• Maintaining read-only copies (CD-ROM) of code/databases for higher security architectures.
• Lightweight integrity checks in resource-constrained or legacy environments.

Basic workflow example

1. Configure afick.conf (paths, rules, database settings).
2. Initialize database: afick -c afick.conf –init.
3. Regularly run checks: afick -c afick.conf –compare or schedule afick_cron.
4. Review reports/archives; use afick_archive.pl and history files for investigation.
5. Update baseline when legitimate changes are approved: afick –update.

Sources: afick project documentation/manpage (afick.sourceforge.net).