by After fiddling with tripwire, I decided to create a lighter and faster
file data intergrity tool. I found tripwire (now a commercial product)
to
be too heavy and slow for my needs.
L6 is a file data integrity checker using both the MD5 and SHA-1 hash
algorithms. This tool can detect file tampering based on hashes
generated
by both algorithms and other inode information (not as reliable tho).
It also provides a useful, lightweight and flexible interface (written
in
perl) to verify file data integrity, and the output and functionality
Here are a few examples:
Using digest version SHA-1, library version 1.2
-STANDARD INPUT-//X - - - [-,-] 6048 bytes
4516d5c3bd3699ec63ddfd3b175574e738cbf013
-STANDARD INPUT-//X - - - [-,-] 20 bytes
9469c6c14b5ed78b8aef396d2f9f96d7
/etc/sshd.pid//text 649608 100666 1 root/root 6 bytes 365de054
5dc552f3cac7db7d02285733b0febc0e
/etc/ftphosts//text 649607 100600 1 root/sys 190 bytes 36124491
d6bbb0d28e5f68d2afe01be0a72831d7
/etc/sendmail.cf//text 649534 100644 1 root/other 31497 bytes 365e70e9
545abca428e2dc807c69914b64231335
L6 many more options, and is approx. 40% faster than it's C conterpart.
It's open source. It's free. <BIG BANNER HERE>
I am donating this tool to the general security community for
improvement
and comments.
http://www.pgci.ca/l6.html
Cheers,
--
Patrick Gilbert +1 (514) 865-9178
CEO, PGCI http://www.pgci.ca
Montreal (QC), Canada CE AB B2 18 E0 FE C4 33 0D 9A AC 18 30 1F D9 1A