Valid HTML 4.01!
Valid CSS!

Support EFF and sourceforge.net - donate them money

Close document

Easy Integrity Check System

Installation manual

  1. Requirements
  2. Configuring
  3. Compiling
  4. Installing
  5. Setting up
  6. Troubleshooting

1. Requirements

You need the following extra software to use eics

2. Configuring

You configure the compilation by typing ./configure. This will install the program with prefix /usr which means that

Binary goes to:/usr/bin/eics
Database files:/usr/lib

You can configure the places files go mainly with the following parameters

--prefix=DIRDefines where you want to put the files
--sbindir=DIRWhere 'eics' goes. This defaults to $prefix/sbin
--sysconfdir=DIRConfiguration and keyfiles will be placed into this directory. Defaults to $prefix/etc
--with-database-dir=DIRDatabase files will be placed here. Defaults to $prefix/lib/eics
--with-root-prefix=DIRThis is for package builders. When the files are copied this is appended to the paths. Does not affect the program itself.
--mandir=DIRWhere man pages go. Defaults to $prefix/man

3. Compiling

To compile the program, type 'make' (or gmake if your make is not GNU). The program should compile without much fiddling. If it does not compile properly, contact me.

4. Installing

'make install' will install the program into appropriate places.

5. Setting up

All configuration at this point lies within the eics.conf file. Format of the file is very simple, and follows the following rules:
  • A line that starts with # is a comment
  • A line that is empty is ignored
  • Line that begins with ~/ or / is a policy line
  • ~/ is a regular epxression
  • / is a pattern expression
  • First expression must be an absolute directory. This will be the start point. Usually this is '/'
  • After expression comes flags

Flags that you can use are:

aAccess time
Check when the file was last accessed (as in, read f.ex.). You cannot use the 'h' flag with this because it accesses the file and modifies this value. Do not use this for directories either. Actually, just use this for those FILES you need to know.
cCreation time
Checks for entry creation time. This is updated for every directory if a file is created there.
eModification time
When someone modifies a file or directory this gets updated.
gOwning group
Checks for the numeric gid.
hCheck file contents
Calculates SHA1 and RIPEMD160 hashes from regular files. Note! Do not use this in /dev or /proc unless you are asking for trouble. /dev/null is not a regular file, but /proc/kcore is. In other words, it's not safe.
iCheck file inode
Checks for the inode of the file. This reveals if the file has been deleted and recreated.
lAllow file to grow
This is good for monitoring log files. You use this with 's' flag. If the file size only grows, no warning is given.
mCheck file permissions and type
Checks the file permissions (user,group,world) and the entry type. No, this does not mean if it's text file or not. It checks whether a file has changed into a symlink, or directory into a file etc.
nNumber of links
This checks how many links there are from a file. F.ex. if someone creates a subdirectory, the parent is linked into the subdir's '..' entry. This increases the number of links by 1. Likewise if directory disappears, the number is decreased.
uFile owner
File owner's uid chck.
sSize of file
Checks the size of the file. See flag 'l' for log files and such
XExclude this entry from all checks (other flags are not meaningful here)
This mode causes that the entry defined won't be considered. You can use this for excluding all *.tmp files. /home/cmouse/*.tmp X
DDo not descend to directory
Since there is no flag inheritance yet, specifying just 'D' won't do the trick. You need to specify all flags that you want to apply for this entry as well. If you want to check some directory's SUBDIRS without going into them, do not write /home Dgmui. Write /home/* Dgmui. Otherwise it won't go into /home.

6. Troubleshooting

Problem Possible solution
After giving password when confirming policy changes comes error message 'error checking policy file'. The program cannot write to the policy signature file (eics.conf.sig) or you have given wrong password three times.
I get a complaint about a database problem? Can I just fix the database? Sorry, this is not possible. You need to reinitialize the database to fix this.
For some reason file/directory did not get checked. Make sure your policy file has been written correctly. There is a grave difference between /tmp and /tmp/*. Note that /tmp/ won't ever match anything and /tmp/* will match everything. Even if you have a policy for /tmp/myfile.
Program claims that an entry has gone missing, and it's still there! This is usually because you have edited policy file. If you add new exlusions and limits to it, program will think that they have gone missing because it won't check them anymore. No need to be alerted.
I have a problem and it's not listed here! Read the documentation once more and if still unresolved, email to me at cmouse at users dot sourceforge dot net.