File Integrity Checkers
When a system is compromised an attacker will often alter certain key files to provide continued access and prevent detection. By applying a message digest (cryptographic hash) to key files and then checking the files periodically to ensure the hash hasn’t altered a degree of assurance is maintained. On detecting a change an alert will be triggered. Furthermore, following an attack the same files can have their integrity checked to assess the extent of the compromise.
AIDE (Advanced Intrusion Detection Environment)
Visit the Product SiteIt creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) ...
chkrootkit
Visit the Product Sitechkrootkit is a tool to locally check for signs of a rootkit. [talisker] I used to list all the files it checked as well as all the rootkits it detected. Nelson has taken this product to become a huge project with too many features to list please check ou ...
integrit
Visit the Product Siteintegrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. Without a system like integrit, a sysadmin can't know whether the tools he/she uses to in ...
Osiris
Visit the Product SiteOsiris is a file integrity management system that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email thes ...
samhain
Visit the Product Sitesamhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and and thus can remember file changes - contrary to a tool that runs from cron, if a file is modified you will get only ...
Tripwire
Visit the Product SiteTripwire software establishes a "digital inventory" of known good files and their attributes and uses it as a baseline for monitoring changes. Discovering State Change User-scheduled integrity checks monitor files and their attributes, comparing them agai ...
Verisys
Visit the Product Site
Verisys is an advanced system and file integrity monitoring solution for Windows that allows you to maintain the integrity of business critical files and data by detecting unauthorised changes.
Verisys is easily configured to suit your requirements using ...
NNT Change Tracker
Visit the Product Site
NNT Change Tracker Enterprise provides configuration assessment policies out of the box... Change Tracker Enterprise enables IT organizations to assess the entire IT Infrastructure against security benchmarks for both physical and virtual configurations, ...