systraq runs various system commands, to inspect the state of the system: what is it doing now?, what has it been doing recently?, are we running to hardware limitations?. Furthermore, it runs commands to inspect some files in users' homedirectories, as well as some system files, for frequently seen flaws. All these commands are maintained in little scripts in /etc/systraq/systraq.d. The first two characters of the script's name are used for the execution-order. The names of executable files in systraq.d/ (or symlinks to such files) must consist entirely of upper and lower case letters, digits, underscores, and hyphens. Files which not adhere will be silently ignored. The systraq script supplies some environment variables to the scripts in systraq.d/, these might be helpful when adding your own scripts. Refer to the (very small) systraq code itself for the details.
We'll elaborate on some of the shipped systraq.d/ scripts.
AA-shellrc checks for unsafe umask setting in shell startup scripts, or unsafe PATH in these scripts.
AA-debsums runs debsums, to check md5sums as stated in packaging files with the sums of the actual files running the system. (NB: debsums has support for md5 checksums only, most Debian packages ship md5 checksums only. Therefore, we can't use sha256sum. See also the discussion on m[blue]proposed release goal: DEBIAN/md5sums for all packagesm at the Debian release mailinglist in August 2007 as well as m[blue]Debian Bug #268658m for some considerations on this.)
AA-localdigest runs sha256sum (or the command set in the ST_SUM environment variable) to check message digests as locally maintained in a file named in the ST_LDIGESTS environment variable. Typically, this is set to /var/lib/systraq/systraq.sums. If this environment variable is unset, this check is silenty skipped.
Of course, you can add your own scripts. If you name them AA-local, they'll never get overwritten by any version of this software. If you don't like one of these scripts, you can disable it by removing the symlink, and creating a new symlink with the same name pointing to /bin/true.
Copyright © 2001-2016 Joost van Baal
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation.
This document is based upon a manual page written by Laurent Fousse for the Debian project.
proposed release goal: DEBIAN/md5sums for all packages