After fiddling with tripwire, I decided to create a lighter and faster
file data intergrity tool. I found tripwire (now a commercial product)
be too heavy and slow for my needs.
L6 is a file data integrity checker using both the MD5 and SHA-1 hash
algorithms. This tool can detect file tampering based on hashes
by both algorithms and other inode information (not as reliable tho).
It also provides a useful, lightweight and flexible interface (written
perl) to verify file data integrity, and the output and functionality
Here are a few examples:
Using digest version SHA-1, library version 1.2
-STANDARD INPUT-//X - - - [-,-] 6048 bytes
-STANDARD INPUT-//X - - - [-,-] 20 bytes
/etc/sshd.pid//text 649608 100666 1 root/root 6 bytes 365de054
/etc/ftphosts//text 649607 100600 1 root/sys 190 bytes 36124491
/etc/sendmail.cf//text 649534 100644 1 root/other 31497 bytes 365e70e9
L6 many more options, and is approx. 40% faster than it's C conterpart.
It's open source. It's free. <BIG BANNER HERE>
I am donating this tool to the general security community for
Patrick Gilbert +1 (514) 865-9178
CEO, PGCI http://www.pgci.ca
Montreal (QC), Canada CE AB B2 18 E0 FE C4 33 0D 9A AC 18 30 1F D9 1A