This shell script can help detect potential security breaches or unauthorized modifications.
This script creates a file integrity monitoring system. Here's how to use it:
- Save the script to a file (e.g.,
file_monitor.sh
) - Make it executable:
chmod +x file_monitor.sh
- Initialize the database:
sudo ./file_monitor.sh init
- Run checks:
sudo ./file_monitor.sh check
Key features:
- Monitors critical system directories
- Creates SHA256 hashes of files
- Detects any modifications to files
- Logs changes with detailed information
- Sends alerts through multiple channels (email, desktop notifications, system journal)
- Records file permissions, ownership, and timestamps
To automate monitoring, add it to crontab:
# Check every hour
0 * * * * /path/to/file_monitor.sh check
Be sure to:
- Modify the
WATCH_DIRS
variable to include your critical directories - Update the
EMAIL
variable with your email address - Secure the hash database and log files
- Consider storing the hash database on a separate, secure system