Directory
File Integrity Checkers
When a system is compromised an attacker will often alter certain key files to provide continued access and prevent detection. By applying a message digest (cryptographic hash) to key files and then checking the files periodically to ensure the hash hasn’t altered a degree of assurance is maintained. On detecting a change an alert will be triggered. Furthermore, following an attack the same files can have their integrity checked to assess the extent of the compromise.
AIDE (Advanced Intrusion Detection Environment)
Visit the Product SiteIt creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) ...
chkrootkit
Visit the Product Sitechkrootkit is a tool to locally check for signs of a rootkit. [talisker] I used to list all the files it checked as well as all the rootkits it detected. Nelson has taken this product to become a huge project with too many features to list please check ou ...
FCheck
Visit the Product SiteFCheck is an open source PERL script providing intrusion detection and policy enforcement of Windows 95/98/NT/3.x and Unix server administration through the use of comparative system snapshots. FCheck can provide notification of any differences found thro ...
integrit
Visit the Product Siteintegrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. Without a system like integrit, a sysadmin can't know whether the tools he/she uses to in ...
Data Sentinel
Visit the Product SiteA baseline snapshot of the system is taken, and, specific to your needs, you schedule times to take further snapshots to compare against this baseline. Any files and registry entries you choose can be included, and you can run the integrity check manually ...
GFI LANguard System Integrity Monitor
Visit the Product SiteGFI LANguard System Integrity Monitor (formerly GFI LANguard File Integrity Checker) is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/NT system. If this happens it will alert th ...
Osiris
Visit the Product SiteOsiris is a file integrity management system that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email thes ...
samhain
Visit the Product Sitesamhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and and thus can remember file changes - contrary to a tool that runs from cron, if a file is modified you will get only ...
Tripwire
Visit the Product SiteTripwire software establishes a "digital inventory" of known good files and their attributes and uses it as a baseline for monitoring changes. Discovering State Change User-scheduled integrity checks monitor files and their attributes, comparing them agai ...