File integrity monitoring in Rust

This software aims to improve the File integrity monitoring that we perform nowadays

Hello everybody,

. File integrity monitoring is a common task in a security environment that all world is demanding. For that reason, we want to produce faster and easy to use open-source FIM tool improving similar functionality from Ossec.

How to compile

We suggest using the Cargo tool to get dependencies automatically downloaded Steps:

cargo build --release

Set up environment

Linux

  • Install git
  • Install gcc
  • Run curl https://sh.rustup.rs -sSf | sh to install rust (install at default location).
  • run git clone https://github.com/Achiefs/fim.git
  • run cargo run to download crates, build and run Fim.
  • Edit config.yml to adjust your needs.

How to use

You need to modify the config.yml file to adjust to your needs. This file has to be on the same path as the binary file. Run fim with: Linux

sudo ./fim

Windows

./fim.exe

Configuration file

To customize your installation and monitor all required files, you may want to edit the config.yml file. Such file is pretty straightforward below you have its structure:

monitor: 
  - C:\tmp\test.txt
  - C:\tmp\dir

log: 
  output: 
    file: fim.log
    level: debug
  events:
    file: events.log
    format: json

The monitor section keeps a list of files/directories. Add to it as many lines as you require. By now the recursion is only supported by adding nested folders.

The log section keeps all configuration of software output there are two sections here:

  • output Handle application output logging:
    • file path to writing the output logs.
    • level the level of verbosity of the FIM app, currently supported debug/info/error/warning.
  • events Section to handle file system events output:
    • file path to writing the output events.
    • format the output format, currently supported json or syslog
Issues

Collection of the latest Issues

alberpilot

alberpilot

0

It's needed to define a list of use cases using fim. This issue aims to start defining the first iteration:

  • A user with a file located at path X wants to know if the file is modified as soon as possible. This user wants to know who modified the file, what changed, process id, parent process id, and permissions changed (all metadata in general like inode, etc).
  • A user with a folder that contains other folders and files, randomly organized, wants to know the modifications about their files or folders recursively, only indicating what folder wants to monitor.
alberpilot

alberpilot

0

Instead of attaching a template per index, fim should create a template the first time that connects to an indexer (Opensearch, Elasticsearch, Wazuh indexer). The template should define the index pattern. It is desirable to define shards and size options.

okynos

okynos

0

Hello!

We want to include a wiki page with ingestion tutorial.

  • Include way to create events charts
  • Include event tracking (count)
  • Include data monitoring

Regards.

okynos

okynos

0

We want to include a way to send logs through network and avoid to use external tools. One possible approach could be to use RSyslog.

okynos

okynos

0

Currently, Fim only logs the produced events at the time of execution. We want to improve this feature by adding a database to store the previous object state. This will allow us to generate events with specific file changes or who changed the file.

Versions

Find the latest versions by id

v0.3.1 - Jun 03, 2022

What's Changed

Full Changelog: https://github.com/Achiefs/fim/compare/v0.3.0...v0.3.1

v0.3.0 - May 19, 2022

What's Changed

Full Changelog: https://github.com/Achiefs/fim/compare/v0.2.1...v0.3.0

v0.2.1 - Feb 25, 2022

Official release of FIM it includes:

It works in Linux, Windows and macOS.

This program aims to monitor the stored files of your server/desktop/VM, keep an eye on what is yours!.

v0.2.0 - Nov 19, 2021

Official release of File Integrity Monitoring in Rust it includes:

It works in Windows and Linux (Debian and RPM based).

This program aims to monitor our stored files to maintain the level of security over them, keep an eye on what is yours!.

v0.1.0 - Mar 14, 2021

First official release of File Integrity Monitoring in Rust it includes:

  • Event monitoring of folders and files recursively (create/remove/rename/write/chmod/close_write/rescan).
  • Easy to read and use configuration file in Yaml format.
  • JSON file where all events are stored in JSON format.

Working on Windows and Linux.

This program aims to monitor our stored files to maintain the level of security over them.

Information - Updated Jun 13, 2022

Stars: 9
Forks: 2
Issues: 6

Repositories & Extras

Rocket is an async web framework for Rust with a focus on usability, security,

Visiting localhost:8000/hello/John/58, for example, will trigger the hello

Rocket is an async web framework for Rust with a focus on usability, security,

macOS/iOS Security framework for Rust

MIT license (LICENSE-MIT or

macOS/iOS Security framework for Rust

Data-first Monitoring

ingraind is a security monitoring agent built around rustup

Data-first Monitoring

libdiffuzz: security-oriented alternative to Memory Sanitizer

This is a drop-in replacement for OS memory allocator that can be used to detect uses of uninitialized memory

libdiffuzz: security-oriented alternative to Memory Sanitizer

Transparent endpoint security

Block and detect advanced attacks

Transparent endpoint security

A WIP Rust implementation of Messaging Layer Security based on draft 9+

Messaging Layer Security based on draft 9+

A WIP Rust implementation of Messaging Layer Security based on draft 9+

Welcome To PARSEC

Security for the Infrastructure Edge

Welcome To PARSEC

Rust Language Security

execrices: RUSTSEC-2021-0001

Rust Language Security

No security audit has been performed

There are currently 3 interesting things

No security audit has been performed

security-keys-rust

Many thanks to the authors of the openpgp-card Rust crate

security-keys-rust

Owlyshield open source security platform

An OSS security platform written in rust with security threat detection

Owlyshield open source security platform

No security audit has been performed

There are currently 3 interesting things

No security audit has been performed
Facebook Instagram Twitter GitHub Dribbble
Privacy