. File integrity monitoring is a common task in a security environment that all world is demanding. For that reason, we want to produce faster and easy to use open-source FIM tool improving similar functionality from Ossec.
How to compile
We suggest using the
Cargo tool to get dependencies automatically downloaded
cargo build --release
Set up environment
- Install git
- Install gcc
curl https://sh.rustup.rs -sSf | shto install rust (install at default location).
git clone https://github.com/Achiefs/fim.git
cargo runto download crates, build and run Fim.
config.ymlto adjust your needs.
How to use
You need to modify the
config.yml file to adjust to your needs.
This file has to be on the same path as the binary file.
To customize your installation and monitor all required files, you may want to edit the
config.yml file. Such file is pretty straightforward below you have its structure:
monitor: - C:\tmp\test.txt - C:\tmp\dir log: output: file: fim.log level: debug events: file: events.log format: json
monitor section keeps a list of files/directories. Add to it as many lines as you require.
By now the recursion is only supported by adding nested folders.
log section keeps all configuration of software output there are two sections here:
outputHandle application output logging:
filepath to writing the output logs.
levelthe level of verbosity of the FIM app, currently supported debug/info/error/warning.
eventsSection to handle file system events output:
filepath to writing the output events.
formatthe output format, currently supported