Giter VIP home page Giter VIP logo

fimble's Introduction

fimble

WORK IN PROGRESS

Command-line cryptographically-secure File Integrity Monitoring

Fimble lets you ensure the integrity of key files and directories to ensure that they haven't changed. It does this by computing a cryptographically secure digest of a known good state, then comparing the current state against this known good state.

Fimble aims to be very fast, and can do a file-integrity check of the source code of the linux kernel in about two second with a warm disk cache. Despite being very fast, it doesn't take shortcuts and fully hashes all files and file attributes every time.

Usage

# Simply compute the digest of a directory
fimble hash /var/my/very/sensitive/files

# Create a manifest of a known good state
fimble build-manifest /var/my/very/sensitive/files > known_good.fimble_manifest

# View the manifest details
fimble view-manifest known_good.fimble_manifest

# Some time passes, possibly bad things happen...

# Check the current system against the manifest to ensure nothing has changed. This is very fast.
fimble check-manifest known_good.fimble_manifest

How it works

Fimble works by computing the blake3 cryptographic hash of the specified directories.

To create a manifest, fimble creates a space-efficient bloom-filter. This is fairly expensive, but the resulting manifest is small and easy to pass around or check into version control.

To check the current status of a system, fimble takes a two step process:

  1. First fimble does a quick-check, computing the blake3 digest of the system and checking this against the master digest in the manifest. If no digest mismatch is found, then we know the system is unaltered and we are done.
  2. If there is a digest mismatch, fimble does an in-depth analysis to see where the differences are.

Gotchas and solutions

  1. If the manifest file is too large for your liking, you don't need to use it. Instead just run fimble hash /my/path and check the resulting digest against a known good digest. The downside is that you will need to manually determine what has changed if there is a digest mismatch.

  2. Fimble doesn't detect internal changes to serial or block devices, although it does detect additions, removals and permission changes for devices.

fimble's People

Contributors

phayes avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.