integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system.
Without a system like integrit, a sysadmin can't know whether the tools he/she uses to investigate a potential break in are trojan horses or not. e.g., If the machine has a "/tmp/. " directory containing a shell that's setuid root, and you want to investigate to determine how badly the cracker has compromised the machine, how do you know that the attacker hasn't replaced your "find" and "ls" commands with tampered versions that fail to report the cracker's files?
A system like integrit works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and then later you can use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.