Please visit the URL below to access the most current versions of integrit. The sourceforge site is not being updated actively.
integrit.sourceforge.nethome of the integrit file verification systemthe integrit project |
What is integrit? integrit is a more simple alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. Without a system like integrit, a sysadmin can't know whether the tools he/she uses to investigate a potential break in are trojan horses or not. e.g., If the machine has a "/tmp/. " directory containing a shell that's setuid root, and you want to investigate to determine how badly the cracker has compromised the machine, how do you know that the attacker hasn't replaced your "find" and "ls" commands with tampered versions that fail to report the cracker's files? A system like integrit works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and then later you can use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed. integrit is a robust, stable piece of software designed for professional use. |
Its features include:
|
Please note: unless you carefully configure integrit for your site, you cannot use integrit effectively as a security tool.
Packages often use a default configuration for convenience, but package maintainers expect that a sysadmin will only use integrit on production systems after reading integrit's documentation and configuring integrit to work at each specific site.
Note: do not run integrit on virtual filesystems like Linux's /proc filesystem. Use a configuration rule like like the one below to ignore virtual filesystems:
!/proc
Note that there is no trailing slash.
Documentation:
The Integrit File Verification System Manual (one HTML page)
The Integrit File Verification System Manual (postscript)
Donations:
Links:
If you are interested in discussing integrit, please join the appropriate mailing list.
You can download sources or participate by visiting the project page.
integrit no longer uses the openssl library for cryptographic checksums. Instead, code adapted from the free gnupg is being used.
The Boehm garbage collection library (not required) is used for memory leak detection (not for garbage collection).
integrit's databases use the cdb database format, developed by D. J. Bernstein, but integrit does not require cdb to be installed.
A general hash table library, hashtbl, is included in integrit.
integrit is a simple tool in the spirit of the UN*X idea that each tool should do one thing and do it well. There are some realistic examples of how to use integrit in conjunction with other tools like awk, cron, and sendmail in the integrit distribution's "examples" directory. It is my hope that users who have not yet used a file integrity verification system will use integrit because it is relatively easy to understand. |
praise for integrit on Freshmeat.net: [note: integrit was added to debian soon after these comments were made.] |
Read the SysAdmin Magazine web exclusive article on integrit. |
the integrit file verification system is an independent project hosted by Sourceforge.