Integrit – File Verification System

Outsmart Malicious Hackers


Integrit is a file verification system, a simple yet secure alternative to products like tripwire. It has a small memory footprint, uses up-to-date cryptographic algorithms, and has features that make sense (like including the MD5 checksum of newly generated databases in the report).

Integrit - File Verification System

The Integrit system detects intrusion by detecting when trusted files have been altered.

By creating an Integrit database (update mode) that is a snapshot of a host system in a known state, the host’s files can later be verified as unaltered by running integrit in check mode to compare current state to the recorded known state. Integrit can do a check and an update simultaneously.

Other options are:

AIDE – Advanced Intrusion Detection Environment
Tiger – Unix Security Audit & Intrusion Detection Tool
Samhain v.2.5.9c – Open Source Host-Based Intrusion Detection System (HIDS)
OSSEC HIDS – Open Source Host-based Intrusion System

Usage

Using a product like Integrit for intrusion detection is a continuous process, involving a sequence something like the following:

  1. Generate a new current-state database while checking against an old known-state database that has been protected from modification (This step can be done unattended, since the report that integrit generates at runtime includes the MD5 checksum of the newly-generated current-state database. The output should be directed to a remote host, e.g., via a trusted sendmail binary.) *
  2. Read the report, possibly using UN*X or XML tools to massage it into a form to your liking (There is an example GUI viewer for integrit’s XML output in the examples directory of the distribution.)
  3. If the report looks fine, copy the new database to a secure server for export via read-only NFS, or a secure medium that can be made read-only.
  4. Verify that the current md5sum of the database you just copied over matches the MD5 checksum in the report. (This shows that no one has tampered with the database since the report and the new database were generated.)
  5. Everything’s OK, so the new database will be the known-state database the next time you repeat this process.

* You may use a script to renice the Integrit process and possibly do a sequence of runs, each with a different configuration file.

Output

The human-readable format is intended for quick scanning on a viewer with a large number of columns (like an xterm with maximized width).

Other popular file integrity verification systems split the information between a list of files that have changed at the top of the report and a more detailed section showing the nature of the changes at the bottom of the report. Instead, integrit provides all the information for each file as it learns it.

Besides saving on runtime memory usage, the big advantage of this approach is that the person reading the output never has to skip to the end of the report to learn the exact nature of a change.

You can download integrit here:

integrit-4.1.tar.gz

Or read more here.

Posted in: Countermeasures, Security Software


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.