Details

In the discussion that follows, we will make reference to the Verify Configuration Example section. You might want to look over it now to get an idea of what it does.

The main elements consist of adding a schedule, which will normally be run daily, or perhaps more often. This is provided by the VerifyCycle Schedule, which runs at 5:05 in the morning every day.

Then, you must define a Job. We recommend that the Job name contain the name of your machine as well as the word “Verify” or “Check”. In the example, we named it “MatouVerify”. This will permit you to easily identify your Job when running it from the Console.

You will notice that most records of the Job are quite standard, but that the FileSet resource contains verify=pins1 option in addition to the standard signature=SHA1 option. If you don’t want SHA1 signature comparison, and we cannot imagine why not, you can drop the signature=SHA1 and none will be computed nor stored in the Catalog. Or alternatively, you can use verify=pins5 and signature=MD5, which will use the MD5 hash algorithm. The MD5 hash computes faster than SHA1, but is cryptographically less secure.

The verify=pins1 is ignored during the InitCatalog Job, but is used during the subsequent Catalog Jobs to specify what attributes of the files should be compared to those found in the Catalog. pins1 is a reasonable set to begin with, but you may want to look at the details of these and other options. They can be found in the FileSet Resource section. Briefly, however, the p of the pins1 tells Verify to compare the permissions bits, the i is to compare inodes, the n causes comparison of the number of links, the s compares the file size, and the 1 compares the SHA1 checksums (this requires the signature=SHA1 option to have been set also).

You must also specify the Client and the Catalog resources for your Verify job, but you probably already have them created for your Client and do not need to recreate them, they are included in the example for completeness.

As mentioned above, you will need to have a FileSet resource for the Verify Job, which will have the additional verify=pins1 option. You will want to take some care in defining the list of files to be included in your FileSet. Basically, you will want to include all system (or other) files that should not change on your system. If you select files, such as log files or mail files, which are constantly changing, your automatic Verify Job will be constantly finding differences. The objective in forming the FileSet is to choose all unchanging important system files. Then, if any of those files have changed, you will be notified, and you can determine if it changed because you loaded a new package, or because someone has broken into your computer and modified your files.