| • | wzsgreg Usage: wzsgreg [-n] [class ...] This command is to register both file attributes and content checksum for classes specified or all the active classes. When there are existing registry files, you should use "-n" option to save the existing files and generate new ones. |
| • | wzsgchk Usage: wzsgchk [-i] [class ...] This is the command to check whether there is any file got changed based on based on the registry files' records. If no class name is provided on the command line, it will check for all active classes. It will first check the corresponding registry file's checksum, to make sure the registry file itself was not tempered with. Then to make sure the checksum record's integrity, you can run wzsgchk with the "-i" option: this will prompt you to key in checksum protection password, and then if you provided correct password, it will confirm whether the checksum recorded is broken or not. |
| • | wzsgaupd Usage: wzsgaupd {-d|-m bbbbbbb|-u} {class|Attribute_File} [file ...] This is the command for updating file attributes record. For file attributes record, there are 3 types of updates you may want to achieve 1. Delete the file record, e.g. when the file is no longer there permanently: wzsgaupd -d {class|Attribute_File} [file ...] 2. Just update the record with current values. wzsgaupd -u {class|Attribute_File} [file ...] 3. Turn on/off monitoring for those attributes such that when some files' certain attributes will change during normal operation, e.g. those pseudo tty devices will change ownership depends who is using that device, you can turn off the ownership attributes monitoring for those files. For to do such kind of update: wzsgaupd -m bbbbbbb {class|Attribute_File} [file ...] here, bbbbbbb is a 7-bit binary number, with each bit's meaning follows: bit 1 for p: object's permission. bit 2 for o: object's owner. bit 3 for d: device's Major/Minor, or link's target. bit 4 for g: object's group owner. bit 5 for t: object's type. bit 6 for e: object's existence. bit 7 for c: object's change time (mtime). To turn off mtime monitoring for /dev/stdin, you can wzsgaupd -m 1111110 link /dev/stdin and to turn that back on: wzsgaupd -m 1111111 link /dev/stdin For all the 3 types of usages, you need either specify target registry file using class name, or give the path to the attributes registry file. And for files that need be updated in the same way, you can either list the file path for each of the files one by one on the command line, or save them in a file with one line one file format and feed to the standard input of the command. |
| • | wzsgcupd Usage: wzsgcupd {-d|-m|-u} {class|content_registry_file} [file ...] There are also 3 types of updates you may want to achieve: 1. Delete the file record from the registry, as the file no longer there or removed from the class. wzsgcupd -d {class|content_registry_file} [file ...] 2. Mask the file: the file content will always change for normal, so no use to monitor the content. wzsgcupd -m {class|content_registry_file} [file ...] 3. The file content was changed due to normal update, so need to update the record with the new content: wzsgcupd -u {class|content_registry_file} [file ...] Similar to wzfgaupd, you need either give class name or the content registry file path to identify which registry file you want to update to. As for files that records need be updated, you can either list them on the command line, or save them to a file and feed the file content to the command's standard input. |
| • | wzsglogp Usage: wzfglogp class category reportfile This command is for helping to retrieve file names from scan report. Here, the class is the name of the class you want to retrieve the files from. Category could be "a" for attributes, "c" for content checksum, "fa" for files which attributes unregistered, and "fc" for files which content unregistereds |