Simple Shell script to create a list of all files and their kast mocification dates to compare and determine what has changed on the system.
The Simple Tripwire Shell Script is a POSIX-compliant shell script designed to provide basic intrusion detection capabilities by monitoring changes to specified files and directories. It helps detect unauthorized modifications to critical system files, helping to maintain the integrity and security of your system.
- Introduction
- Features
- Prerequisites
- Usage
- Configuration
- Customization
- Cron Job
- Reporting
- Contributing
- License
Depends heavily on the find command
Tripwire is a well-known security tool used to detect changes to files and directories on a system. This Simple Tripwire Shell Script provides a lightweight alternative to full-fledged Tripwire installations, offering a straightforward way to monitor important files for any unauthorized changes.
- Monitors specified files and directories for modifications.
- Generates checksums for monitored files and stores them in a secure database file.
- Compares current checksums with stored checksums to detect changes.
- Notifies users about detected changes via email.
- POSIX-compliant shell (e.g., Bash).
md5sumorsha256sumutility, depending on your preference.mailcommand for email notifications.
- Clone or download this repository to your system.
- Ensure the script has execute permissions:
chmod +x tripwire.sh. - Edit the script's configuration section as needed (see Configuration).
- Run the script manually:
./tripwire.sh. - Alternatively, set up a cron job to run the script at desired intervals (see Cron Job).
In the script, you will find a configuration section that contains variables to be customized:
MONITORED_DIRS: List of directories to be monitored.REPORT_EMAIL: Email address where notifications will be sent.CHECKSUM_ALGORITHM: Choose betweenmd5sumorsha256sumfor checksum generation.
You can customize this script to fit your needs:
- Add or remove directories and files from the
MONITORED_DIRSlist. - Modify the notification message to include more details about the changes detected.
- Enhance the reporting functionality by integrating with other notification mechanisms.
To automate the monitoring process, you can set up a cron job:
- Open the crontab configuration:
crontab -e. - Add a line to schedule the script. For example, to run the script every day at 2:00 AM:
0 2 * * * /path/to/tripwire.sh - Save and exit the crontab editor.
When changes are detected, the script sends an email to the address specified in REPORT_EMAIL containing information about the changes detected. Make sure your system is set up to send emails using the mail command.
Contributions to this project are welcome. Feel free to fork the repository, make improvements, and submit pull requests.
This project is licensed under the MIT License.
Note: This script provides basic intrusion detection capabilities. For more advanced security needs, consider using a dedicated intrusion detection system like Tripwire or other comprehensive security solutions.
Documentation By: Raymond C. TURNER
Last Updated: November 24th, 2024