Overview
File System Saint, or just "Saint", is designed to be a fast, flexible and easy to use Host-based Intrusion Detection System. The code is free for use and modification - see the license for details.
Saint records file attributes such as ownership, permissions and size as well as a SHA checksum then monitors them for change. This provides reporting to a level and time-increment of your choice for just a few files, or your entire system.
#################################################
Required modules (Use: "perl -MCPAN -e shell" to install)
Digest::SHA
Digest::MD5
Getopt::Std
File::Find
#################################################
Usage
Usage: saint [options]
Options
-c <config file> Config: Specify a config file. Defaults to saint.conf -d <database> Database: Specify a database file. Defaults to <hostname>.db
-h Help: Show usage information. -i Initialize: Generate a new database. -l <logfile> Logfile: Set logfile. Default is saint.log. -L Links: Include checks on symbolic links. (skipped by default) -q Quiet: Suppress all output except for changes and errors. -s Scan: Use the DB as a reference and check all known files. -S Deep Scan: Use a new scan as a ref thus accounting for new files. -v Verbose: Print detailed information to terminal. -Y Yack: Print extensive information to the log.
Use of Initialize or one of the Scan modes is required.
Create/Re-initialize the database:
saint -i
Standard system check:
saint -s
Suppress log output:
saint -l /dev/null [other options]
#################################################
Notes
- There is no "Update" option. This is because at the present time it is faster to just re-create the database than to compare and update. In the future there will be better support for updates.
- It is recommended that you set owner and group permissions as follows: saint - root/other 0500 (-r-x------) saint.conf - root/other 0400 (-rw-------) directory - root/other 0700 (drwx------)