Overview ---------------- File System Saint, or just "Saint", is designed to be a fast, flexible and easy to use Host-based Intrusion Detection System. The code is free for use and modification - see the license for details. Saint records file attributes such as ownership, permissions and size as well as a SHA checksum then monitors them for change. This provides reporting to a level and time-increment of your choice for just a few files, or your entire system. ################################################# Required modules (Use: "perl -MCPAN -e shell" to install) ---------------- Digest::SHA Digest::MD5 Getopt::Std File::Find ################################################# Usage ---------------- Usage: saint [options] Options --------- -c Config: Specify a config file. Defaults to saint.conf -d Database: Specify a database file. Defaults to .db -h Help: Show usage information. -i Initialize: Generate a new database. -l Logfile: Set logfile. Default is saint.log. -L Links: Include checks on symbolic links. (skipped by default) -q Quiet: Suppress all output except for changes and errors. -s Scan: Use the DB as a reference and check all known files. -S Deep Scan: Use a new scan as a ref thus accounting for new files. -v Verbose: Print detailed information to terminal. -Y Yack: Print extensive information to the log. Use of Initialize or one of the Scan modes is required. Create/Re-initialize the database: saint -i Standard system check: saint -s Suppress log output: saint -l /dev/null [other options] ################################################# Notes ---------------------- * There is no "Update" option. This is because at the present time it is faster to just re-create the database than to compare and update. In the future there will be better support for updates. * It is recommended that you set owner and group permissions as follows: saint - root/other 0500 (-r-x------) saint.conf - root/other 0400 (-rw-------) directory - root/other 0700 (drwx------)