Skip to content
/ Remote-Integrity-Tool Public

The DearBytes remote integrity tool is an IDS (Intrusion Detection System) that keeps track of files on a remote server and logs an event if a file gets added, removed or modified.

License

LGPL-3.0 license
12 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DearBytes/Remote-Integrity-Tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
dear
dear
 
 
docs
docs
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sample.cfg
sample.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

DearBytes Remote Integrity Tool

The DearBytes remote integrity tool is an IDS (Intrusion Detection System) that keeps track of files on a remote server and logs an event if a file gets added, removed or modified.

Dependencies

  • Python version: 3.6.0+

Installation

To install the tool, clone the source into a directory of choice and run the following commands:

Linux / OSX

$ pip install virtualenv --user     # Install virtualenv (if not installed yet)
$ virtualenv venv                   # Set up a virtual environment 
$ source venv/bin/activate          # Activate the virtual environment (do this every time you wish to run the tool)
$ pip install .                     # Install the package (use -e for development)

Windows

C:\Users\You\Integrity> pip install virtualenv --user
C:\Users\You\Integrity> virtualenv venv
C:\Users\You\Integrity> .\venv\Scripts\activate.bat
C:\Users\You\Integrity> pip install .

Usage (Remote Integrity tool)

To use the tool, activate the virtual environment and run the following command:

$ remote-integrity --config {path to config file}.cfg

Usage (Database Inspection tool)

To use the database inspection tool, activate the virtual environment and run the following command:

$ remote-integrity --list {servers|checksums|events}

Notification example

Example of a notification

Configuration file format

The tool requires a configuration file to be run, this allows flexibility without having to repeat the same commands every time you use the tool. The format is as follows:

# Sample configuration file
# Usable as template and local development configuration file
#
# Copyright (C) 2017 DearBytes B.V. - All Rights Reserved

[server]
server_name=Unique name that will be stored in the database
server_port=22
server_address=127.0.0.1

[auth]
auth_username=someone
auth_private_key=~/.ssh/id_rsa

[filter]
scan_php_modules = yes
start_directory=~/Documents/
ignore_files=.gitignore
ignore_directories=.git,fonts

[email]
email_smtp_host=smtp.domain.com
email_smtp_user=username
email_smtp_pass=<password>
email_recipients=you@email.com,someone@email.com
email_noreply_address=noreply@example.com

[logging]
logging_syslog_host=syslog.domain.com

[telegram]
telegram_api_token={your api token}
telegram_api_chat_id={your chat id}

Skipping notifications

  • Email notifications: Leave config field email_smtp_host blank
  • Syslog notifications: Leave config field logging_syslog_host blank
  • Telegram notifications: Leave config field telegram_api_token blank

About

The DearBytes remote integrity tool is an IDS (Intrusion Detection System) that keeps track of files on a remote server and logs an event if a file gets added, removed or modified.

Topics

python security python3 ids intrusion-detection-system integrity-monitoring

Resources

Readme

License

LGPL-3.0 license
Activity
Custom properties

Stars

12 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages