Skip to content
Lightweight file permission checker
Branch: master
Clone or download
legionus v1.2.9
Signed-off-by: Alexey Gladkov <>
Latest commit 837fd65 May 14, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
data Cron: add hash type configuration support Apr 22, 2019
src Make sure that all messages end with newline May 12, 2019
update Version bump Apr 22, 2019
.gear-rules Add gear rules Jun 4, 2008
.gitignore Add utitlity to get version of database Feb 11, 2013
AUTHORS Version bump Apr 22, 2019
COPYING Initial commit May 12, 2008
ChangeLog Remove ChangeLog Sep 3, 2016
INSTALL Initial commit May 12, 2008
NEWS v1.2.9 May 14, 2019
README Version bump Apr 22, 2019
TODO Initial commit May 12, 2008 Add autogen script Nov 23, 2011 Add large-file support Dec 9, 2016
depcomp Initial commit May 12, 2008
install-sh Initial commit May 12, 2008
missing Initial commit May 12, 2008
osec.spec Removed some warnings: Apr 23, 2019


Osec is a lightweight integrity checking system.
You can use it to see difference between two states of your system
Osec also adds an ability of checking system for the dangerous files, e.g.
suid, sgid and world writeable

If you run osec under root acount, then this program
will work under non-privilegy user with only one extra capability 'dac_read_search', so osec cannot
damage any system file on internal errors.

Osec is divided into two parts:
1. osec          - data gathering program. Osec have made it's output in row format to stdout.
2. osec_reporter - report filter. You can pass row output from osec to reporter to see 
human-readable reports with some analisys.

Reporter process made it's output to stdout, so you can continue this pipeline. For example, you 
can send e-mail with report to system administrator.

If you develop some interesting reporter module or filter you can sent to authors to include
it into osec distribution.

Written in C++ by Stanislav Ievlev <>.
Almost completely rewritten from scratch in C by Alexey Gladkov <>.
Support for hash type switching and stribog512 hash is implemented by Aleksei Nikiforov <>

You need following tools to build library:
    o c compiler (gcc 3.2 or higher)
    o libcdb library (0.76 or higher). Latest version available at
    o libcap library (1.10 or higher)
    o GNU autoconf (2.61 or higher)
    o GNU automake (1.11 or higher)
    o GNU help2man (1.40.12 or higher)
    o libgcrypt

    o libattr library (2.4.46 or higher)

You can use osec under non-privilege user, but if you try to run osec under administrator account,
osec will try to drop its privileges to non-privilege user "osec". You can change this default
user (and group) using --user (--group) options.
By default, osec will create database in current directory. You can change this path using
--dbpath option. If you run osec under administrator account please check that non privilege user
have write osec in this output directory.

Bug reporting
Please report all bugs you find in the program directly to authors.
You can’t perform that action at this time.