FCheck

The FCheck Homepage is located at:

	http://www.geocities.com/fcheck2000/fcheck.html

Intrusion Detection - Policy Enforcement
 
The only way to tell what has been modified on your system is by a
snapshot of your complete file systems, before the modification or
intrusion took place. 

FCheck fills in that missing information by not only generating the needed
"pristene" system snapshot, but when properly configured and used, will
monitor the system and immediately report any deviations from that
original snapshot. 

FCheck is an open source PERL script providing intrusion detection and
policy enforcement of Windows 95/98/NT/3.x and Unix server administration
through the use of comparative system snapshots. FCheck can provide
notification of any differences found through use of your event management
system, printer, and/or email when any monitored files or directories are
altered, including any additions and/or deletions. 

A Little History
During the craze to out-source "everything", you may have noticed that
your own systems have developed unique configurations as they have passed
hands. Little system modifications that have long since lost their purpose
or reason are left alone in fear. Why was it done, and when? Who knows. 

FCheck was developed out of necessity from a similar situation when my own
company outsourced it administrators when this craze first started. Being
the person that went to the meetings, not knowing that a complete
file-system had been removed, happened only once. My "staff" had forgotten
to notify me of the change, along with several other changes. I needed a
way to monitor the system for any modifications that would report back to
me immediately to stay abreast of thier whimsical changes. Thus, FCheck
was born. 

FCheck grew into an overnight success with its ease of use, even though I
did not see its complete potential at first. When a surprise Security
Audit Team arrived, the full potential was soon recognized. Having several
tools already in place to satisfy their demands, the auditors thought they
had us when a baseline snapshot of the system was requested. Expecting to
hear that we had no such tool in place, they were eager to learn more
about FCheck and its abilities. 

Essentially, FCheck has the ability to monitor directories, files or
file-systems, for any additions, deletions, and modifications. It is
configurable to exclude log files, and can be ran as often as needed
making it extremely difficult to circumvent. 

FCheck in it's current state runs as a PERL script on any platform that
supports PERL and long filenames. That means FCheck is not limited to UNIX
platforms, but can run on Win32 platforms with PERL installed. Currently
only one other baseline system security tool exist (Tripwire), and is
purchasable with licensing agreements, etc. All FCheck code is written
from scratch, and is owned solely by the author, but rights are granted
for its usage to any site that desires free baseline security measures. 

What does FCheck require?
FCheck has been tested and is known to run on the following platforms with
PERL installed:

*	AIX
*	BSD and variants (BSDi, FreeBSD, etc.)
*	HP/UX
*	Linux
*	SCO
*	Solaris
*	SunOS
*	Windows 95/98/NT
*	and Windows 3.x (with slight modifications)