This recipe demonstrates how to search for specified DigStrings on
a subject system using ftimes and ssh such that output will be
directed to the ssh connection instead of the subject host.  This
recipe assumes that 1) all local commands are in the search path
and will be executed from a Bourne shell; 2) the local and subject
operating systems are supported flavors of UNIX; and 3) the local
host can establish a connection to the subject host over ssh.

1. If necessary, transfer a statically compiled, stripped copy of
   ftimes to /tmp on the subject host.  Note: Make sure you assign
   real values to LOCAL_FTIMES, SUBJECT, and SSHUSER before executing
   the following commands.

   export LOCAL_FTIMES=/usr/local/integrity/bin/ftimes
   export SSHUSER=sshuser
   export SUBJECT=subject
   scp -p ${LOCAL_FTIMES} ${SSHUSER}@${SUBJECT}:/tmp

2. Generate a list of DigStrings, and store them in a config file
   on the local system.  Note: Make sure you assign real URL-encoded
   strings to each DigString control.

   echo 'DigString=1st-url-encoded-string'  > ftimes-digauto-over-ssh.strings
   echo 'DigString=2nd-url-encoded-string' >> ftimes-digauto-over-ssh.strings
   ...
 
3. Run ftimes on the subject host while redirecting stdout/stderr
   to separate files on the local system.  Give these files a name
   that includes a unique host identifier and the current time.
   The following ssh command will cause ftimes to dig through the
   entire subject system.

   export INCLUDE_LIST=''
   export RUNTIME=`date +%Y-%m-%d_%H:%M:%S`
   cat ftimes-digauto-over-ssh.strings | ssh ${SSHUSER}@${SUBJECT} /tmp/ftimes --digauto - ${INCLUDE_LIST} > ${SUBJECT}_${RUNTIME}.dig 2> ${SUBJECT}_${RUNTIME}.log

   Note: If you only wish to dig through a specific set of directories
   and files, modify INCLUDE_LIST as appropriate.  For example, to
   scan /bin and /sbin, set INCLUDE_LIST as follows:

   export INCLUDE_LIST='/bin /sbin'

4. The following command will extract this recipe to a script file
   suitable for execution.  Note: Make sure you assign real values
   to LOCAL_FTIMES, SUBJECT, and SSHUSER.  If you only wish to dig
   through a specific set of directories and files (e.g., /bin and
   /sbin), modify INCLUDE_LIST as appropriate.

   sed -e '1,/^--- script ---$/d; /^--- script ---$/,$d' ftimes-dig-autodig-over-ssh.txt > ftimes-dig-autodig-over-ssh.sh

--- script ---
#!/bin/sh
INCLUDE_LIST='' # '/bin /sbin'
LOCAL_FTIMES=/usr/local/integrity/bin/ftimes
SSHUSER=sshuser
SUBJECT=subject
scp -p ${LOCAL_FTIMES} ${SSHUSER}@${SUBJECT}:/tmp
RUNTIME=`date +%Y-%m-%d_%H:%M:%S`
cat ftimes-digauto-over-ssh.strings | ssh ${SSHUSER}@${SUBJECT} /tmp/ftimes --digauto - ${INCLUDE_LIST} > ${SUBJECT}_${RUNTIME}.dig 2> ${SUBJECT}_${RUNTIME}.log
--- script ---