integrit is a more simple alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system.
Without a system like integrit, a sysadmin can't know whether the tools he/she uses to investigate a potential break in are trojan horses or not. e.g., If the machine has a "/tmp/. " directory containing a shell that's setuid root, and you want to investigate to determine how badly the cracker has compromised the machine, how do you know that the attacker hasn't replaced your "find" and "ls" commands with tampered versions that fail to report the cracker's files?
A system like integrit works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and then later you can use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
integrit is a robust, stable piece of software designed for professionals.
Here are some key features of "Integrit":
· small memory footprint during runtime
· This is a big deal because a machine that is important enough to protect is probably doing important things. Since the other processes are important, integrit doesn't step on anyone's toes: its conservative with memory.
· simple, modular design and implementation means a smaller learning curve and better potential for open-source development
· uses up-to-date cryptographic algorithms from gnupg.
· designed with unattended use in mind
· e.g., integrit includes the MD5 checksum of newly generated databases in its report
· intuitive cascading rulesets for the paths listed in the configuration file
· an option to reset the access times of selected files or directory trees after doing checksums
· output format can be XML or an easy-to-scan human-readable format
· simultaneous check and update: integrit can generate a new database while running a check against an old database
· distribution contains standalone auxiliary programs for convenience that you can safely ignore or else use when needed.
· builds quickly and easily source
What's New in This Release:
· This version fixes exit status codes when just "missing files" are found.