mainIntegcheck - Summary

 
 
Show feedback again
Membership Info
Project Admin:
2 active members

Group identification
Id: #111
System Name: integcheck
Name: Integcheck
Group Type: Programs

Search in this Group

in
   

Integcheck is a system integrity checker.

Theory

The idea is to check integrity of exposed systems by getting a list of md5 of any important file via ssh, to keep this list on a pretty safe system (a system that do not run any server publicly available), and, finally, to compare everyday this list and with the previous one.

As long as the system considered as safe is not compromised, it should inform administrators of any changes on the others systems.

As others integrity checker, if its own components are corrupted, it can be fooled. In others words, you cannot have a security policy entirely relying on an integrity checker, and you should always do manual checks regularly to be sure that the integrity checker is not corrupted itself.

So what's the point of this tool, if you are still forced to do manual checks? In fact, it is way faster to check integrity of integcheck than integrity of the whole system.

Howto

The following description assumes that your system can handle debian packages (directly or by converting them).

On every system you want to monitor, you have to install the integcheck-victim package, and on one computer, at least, you must have to install the integheck-bobby package.

The integcheck-victim package provide a specific shell. The integcheck-bobby provide cronjob and scripts to get and compare md5 list.

Misc

Integcheck rely on OpenSSH, is written in Perl, use the perl modules Digest::MD5, opt::Long and File::Find::Rule.

Registration Date: Fri 23 Jan 2004 02:24:46 PM UTC
License: GNU General Public License V2 or later
Development Status: 5 - Production/Stable

 

Latest News 
Integcheck 1.0.4
     posted by yeupou, Sat 12 Nov 2005 09:59:53 AM UTC - 0 replies

A new version of integcheck as just been released:

Now checks rely on md5 and file size, not only md5 as in previous versions. http://www.cits.rub.de/MD5Collisions/ made clear enough that relying solely on md5 is unwise.

Integcheck 1.0.3
     posted by yeupou, Mon 04 Jul 2005 12:25:22 PM UTC - 1 reply

A new version of integcheck as just been released:

It now uses File::Find::Rule instead of GNU Find (task #1944).

Integcheck 1.0.1
     posted by yeupou, Sat 19 Jun 2004 11:24:22 AM UTC - 0 replies

A new version of integcheck as just been released:

* Better clever search method in subdirs. Now you can add in the checklist
entries like /etc directly (closes: task #146).
* Be less verbose when nothing changed, thanks to Vincent Caron patch
(closes: bug #393)

Integcheck 1.0.0
     posted by yeupou, Sun 25 Jan 2004 02:29:57 PM UTC - 0 replies

The first release of integcheck is available.

http://download.gna.org/integcheck/

As it is an initial release, there's no changes to mention.


[Submit News]
[4 news in archive]

Communication Tools
Mailing Lists Mailing Lists (1 public mailing-list)

Show feedback again

Back to the top


Powered by Savane 3.1-cleanup