File Integrity Monitoring is the service provided by the intrusion detection systems. Also, there are few dedicated open-source File Integrity Monitoring software are available too. The File Integrity Monitoring tools help you to provide an extra layer of security to your data.
What is File Integrity Monitoring?
In simple words, File Integrity Monitoring means a service that can monitor and provide you alerts when any kind of changes made to your files. The File integrity monitoring (FIM) service ensures the integrity of files and makes sure there should not be any kind of manipulation or damaged happened to files over time. And if there are such things happened, it will provide an alert.
What are the benefits of File Integrity Monitoring?
- Additional security layer to your files database
- Provides the ability to track the change management including registry.
- Generates alerts and notifications that help the IT person or client to take immediate actions.
- File Integrity Monitoring tools can be highly customized to monitor any specific file
Here are some Best available Open source File Integrity Monitoring Tools
Note: We haven’t used any of these file Integrity monitoring tools and just on the basis of internet research, we have listed the best ones for providing the knowledge.
Open Source Tripwire software is a contribution to the Opensource community by Tripwire. Tripwire also provides the premium File Integrity Monitoring solution with some extra and premium features as compared to the free one. Open Source Tripwire File Integrity Monitoring tool provides security and data integrity tool useful for monitoring and alerting on specific file change on a range of systems.
It is suitable for small Linux server setup where the decentralization server is not required including no professional support or system automation. Also, some advanced features are only available in the paid one and another thing that this open-source not provide is real-time alerts.
OSSEC is another fully open source and free to use file integrity monitoring software. You can customize the OSSEC according to your security needs via its extensive configuration options. In response to security alerts, you can add custom alert rules and scripts. As it completely open-sources anyone can modify its source code to add new capabilities. OSSEC provides both serverless and server-agent mode
This files integrity monitoring tool provides real-time analytics, log monitoring, process monitoring, root check, and lets you know about any attacks through alert logs, and email alerts sent to you so that you can take instant actions. The problem is that whenever you get the upgrades for this files integrity monitoring tool it will overwrite all your existing rules with out-of-the-box rules.
OSSEC is a host-based intrusion detection system and supports multiple platforms such as
- VMware ESX
Afick is a similar File Integrity tool like tripwire and very close to it. Afick can detect the intrusions and also monitor any changes in the files systems. It also supports multiple platforms such as Linux ( SUSE, Redhat, Debian and more), Windows, HP Tru64 Unix 5.1B, HP-UX 11, AIX 5.2.0. It is designed to be quick and portable and can work any on any computer with Perl and its standard modules.
The Samhain file integrity checker is designed to monitor multiple hosts. It is a multiplatform application for Portable Operating System Interface (POSIX systems) such as Unix, Linux, Cygwin/Windows.This host-based intrusion detection system (HIDS) posses the following capabilities:
- File integrity checking
- Log file monitoring/analysis
- Rootkit detection
- Port monitoring
- Centralized logging and maintenance
- Can also be used as a standalone application on a single host
- Detection of rogue SUID executables, and hidden processes.
On the basis of regular expression created in the config file, it can be used to verify the integrity of the files. This file integrity monitoring tool has several message digest algorithms such as md5, sha1, rmd160, tiger, crc32, and more. These digest algorithms are used to check the integrity of the file. AIDE can read databases from older or newer versions.
AIDE File Integrity Monitoring Tool Features
- md5, sha1, rmd160, tiger, crc32, sha256, sha512, whirlpool, and more supported message digest algorithms
- File type, Permissions, Link name, Size, Block count, Inode, Uid, Gid, Number of links, Mtime, Ctime, and Atime are supported file attributes
- Support for Posix ACL, SELinux, XAttrs and Extended file system attributes i
- Plain text configuration files and database for ease
- Gzip database compression
- Stand-alone static binary for easy client/server monitoring configurations
If you think this list is incomplete and you know some well known free or open-source file integrity monitoring solution then please let us know using the comment section.