Please visit the URL below to access the most current versions of integrit. The sourceforge site is not being updated actively.

https://github.com/integrit/integrit


integrit.sourceforge.net

home of the integrit file verification system

the integrit project


What is integrit?

integrit is a more simple alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system.

Without a system like integrit, a sysadmin can't know whether the tools he/she uses to investigate a potential break in are trojan horses or not. e.g., If the machine has a "/tmp/. " directory containing a shell that's setuid root, and you want to investigate to determine how badly the cracker has compromised the machine, how do you know that the attacker hasn't replaced your "find" and "ls" commands with tampered versions that fail to report the cracker's files?

A system like integrit works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and then later you can use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.

integrit is a robust, stable piece of software designed for professional use.

Its features include:
  • small memory footprint during runtime

    This is a big deal because a machine that is important enough to protect is probably doing important things. Since the other processes are important, integrit doesn't step on anyone's toes: its conservative with memory.

  • simple, modular design and implementation means a smaller learning curve and better potential for open-source development

  • uses up-to-date cryptographic algorithms from gnupg.

  • designed with unattended use in mind

    e.g., integrit includes the MD5 checksum of newly generated databases in its report

  • intuitive cascading rulesets for the paths listed in the configuration file

  • an option to reset the access times of selected files or directory trees after doing checksums

  • output format can be XML or an easy-to-scan human-readable format

  • simultaneous check and update: integrit can generate a new database while running a check against an old database

  • distribution contains standalone auxiliary programs for convenience that you can safely ignore or else use when needed.

  • builds quickly and easily

source

distribution-specific packages

Please note: unless you carefully configure integrit for your site, you cannot use integrit effectively as a security tool.

Packages often use a default configuration for convenience, but package maintainers expect that a sysadmin will only use integrit on production systems after reading integrit's documentation and configuring integrit to work at each specific site.

project page


Note: do not run integrit on virtual filesystems like Linux's /proc filesystem. Use a configuration rule like like the one below to ignore virtual filesystems:

!/proc

Note that there is no trailing slash.


Documentation:

Donations:

Links:

integrit is a simple tool in the spirit of the UN*X idea that each tool should do one thing and do it well. There are some realistic examples of how to use integrit in conjunction with other tools like awk, cron, and sendmail in the integrit distribution's "examples" directory.

It is my hope that users who have not yet used a file integrity verification system will use integrit because it is relatively easy to understand.

praise for integrit on Freshmeat.net:

by Karellen - Jan 6th 2001 17:15:58

This tool is pretty nice and it has most of the things I wanted from a file integrity verification system: constant datbases, file attributes like inode, pemissions, number of links, uid, gid, file size, access and modification times, and of course SHA checksums. It's statically linked with OpenSSL and CDB, so things don't get messed up if someone poisons your libs. Very simple config file syntax (syslog.conf like) and checksum generation for the current/known state database so you know if it's been tampered with. See the homepage for more info. Keep up the good work, I'd like to see this included in Debian ;*)

[note: integrit was added to debian soon after these comments were made.]
 

Read the SysAdmin Magazine web exclusive article on integrit.


 
 
 
 

 

the integrit file verification system is an independent project hosted by Sourceforge.

SourceForge Logo