usage:
integrit -C conffile [-x] [-u] [-c]
integrit -V
integrit -h
options:
-C specify configuration file
-x use XML output instead of human-readable output
-u do update: create current state database
-c do check: verify current state against known db
-V show integrit version and exit
-h show this help
Briefly, the idea is to do this periodically:
generate a new current-state database while checking against an old known-state database that has been protected from modification (e.g. by putting it on read-only media or on a secure server), mailing the output to a remote machine (or more)
read the report, perhaps using UN*X or XML tools to massage it into a form to your liking
if the report looks fine, copy the new database to a secure server for export via read-only NFS, or a secure medium that can be made read-only. (saving the old one in case something goes wrong.)
IMPORTANT: verify that the current md5sum of the database you just copied over matches the MD5 checksum in the report. (This shows that no one has tampered with the database since the report and the new database were generated.)
everything's OK, so the new database will be the known-state database the next time you repeat this process.