Skip to content

Linux file monitoring that alerts if specific files have been compromised

License

Notifications You must be signed in to change notification settings

Safe-Harbor-Cybersecurity/linux-file-monitor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

Linux-file-monitor

This shell script can help detect potential security breaches or unauthorized modifications.​​​​​​​​​​​​​​​​

This script creates a file integrity monitoring system. Here's how to use it:

  1. Save the script to a file (e.g., file_monitor.sh)
  2. Make it executable: chmod +x file_monitor.sh
  3. Initialize the database: sudo ./file_monitor.sh init
  4. Run checks: sudo ./file_monitor.sh check

Key features:

  • Monitors critical system directories
  • Creates SHA256 hashes of files
  • Detects any modifications to files
  • Logs changes with detailed information
  • Sends alerts through multiple channels (email, desktop notifications, system journal)
  • Records file permissions, ownership, and timestamps

To automate monitoring, add it to crontab:

# Check every hour
0 * * * * /path/to/file_monitor.sh check

Be sure to:

  1. Modify the WATCH_DIRS variable to include your critical directories
  2. Update the EMAIL variable with your email address
  3. Secure the hash database and log files
  4. Consider storing the hash database on a separate, secure system

About

Linux file monitoring that alerts if specific files have been compromised

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages