disk diff payload via afick

afick_build_payload.sh

afick -p > ~/before # dump the db prior to update
afick --update # update the db now
afick -p > after # dump the new db
diff before after > db_diff
cat db_diff | egrep -o "> directory .*|" > new_directories
cat db_diff | egrep -o "> file .*|" > new_files

./build_payload.rb

tar -cvpzf payload.tar.gz payload/

# scp tar.gz to target and go like:
# cd / && tar --strip-components 1 -xvzf /path/to/payload.tar.gz

afick_initialize.sh

echo "deb http://eric.gerbier.free.fr/download/pool ./" >> /etc/apt/sources.list
apt-get update
apt-get install afick
afick -i # build base db

build_payload.rb

#!/usr/bin/env ruby
require('fileutils')

if File.directory? "payload"
  FileUtils.rm_rf "payload"
end
FileUtils.mkdir "payload"

File.open("new_files").each do |line|
  path = line.match(/\> file (.+)/)[1].split("|")[0];
  new_path = File.join("payload", path)
  if !File.directory? File.dirname(new_path)
    FileUtils.mkdir_p new_path
  end
  print "#{new_path} ... "
  FileUtils.cp path, new_path
  puts "OK"
end

dont actually use this -- it destroys all your bin permissions