Open Source File Integrity Monitoring (FIM) Software

If you are looking for open source file integrity monitoring (FIM) software you will be happy to learn that there are options available. This may come as a relief after seeing all of the expensive, proprietary, closed source options that are out there.

These are the top two open source file integrity monitoring tools you will come across:

• AIDE
• Samhain

There is another tool that is still in very early development:

• Ship Grip - FIM

Why Open Source File Integrity Monitoring?

There are multiple reasons why you might strongly prefer open source tools.

One reason might be the cost. Software can be expensive and FIM software is no exception. If you’ve looked at some of the licensing costs for FIM software these days you probably know all too well that cutting this cost will have an impact on your budget. Open source software is free and can help you save a lot.

The other reason you might prefer to go open source is for flexibility and control. Having access to the source of a product gives people insight into how it works. This added transparency adds value to the product.

The fact that a piece of software is open source means that the fate of that software isn’t necessarily in the hands of one company or organization. It won’t necessarily just be discontinued at the whim of a company. If the community isn’t happy with the direction the tool is going in it can be forked. We’ve seen this happen more than once with high profile projects.

AIDE - Advanced Intrusion Detection Environment

AIDE is an excellent tool for host-based intrusion detection / file integrity monitoring. It is geared towards performing its primary task well without much in the way of unrelated functionality.

At a basic level this is what AIDE does:

• Scan the matching files specified in the configuration.
• Store checksums and file information in a database.
• Check files for changes.

Features:

• Variety of message digests available.
• Can check permissions and almost any other file attribute you could think of.
• Regular expressions used to select files.

Learn more about AIDE here:

• GitHub
• Wikipedia

Samhain

Samhain is a host based intrusion detection system. It provides the following:

• File integrity checking
• Log monitoring
• port monitoring
• rootkit detection
• Hidden process detection
• Rogue SUID executable detection

Learn more about Samhain here:

• www.la-samhna.de
• Wikipedia

Ship Grip - FIM

Ship Grip FIM is a newer project from Low Orbit Flux. It is currently mostly written in Golang and is designed to be run in parallel for performance reasons. The idea is to be able to scan large amounts of data as quickly as possible.

The primary goal is to improve data integrity and corruption. Security could be considered a secondary goal. The reason this project exists is to ensure all files remain exactly the same. It is geared towards people who manage large file stores and network attached storage.

Learn more here:

• Low Orbit Flux
• GitHub