{"id":113,"date":"2011-12-14T23:22:59","date_gmt":"2011-12-15T06:22:59","guid":{"rendered":"http:\/\/www.businesstechnologyassociates.com\/blog\/?p=113"},"modified":"2011-12-14T23:22:59","modified_gmt":"2011-12-15T06:22:59","slug":"simple-intrusion-detection","status":"publish","type":"post","link":"https:\/\/www.businesstechnologyassociates.com\/blog\/2011\/12\/simple-intrusion-detection\/","title":{"rendered":"Simple Intrusion Detection"},"content":{"rendered":"

Sometimes I want to have a simple way to determine if a file has been changed or has been compromised without the configuration required of a full feature IDS such as AIDE<\/a> or Tripwire<\/a>.\u00a0 This technique uses CFV<\/a>, a free and open-source program written in Python and “has been verified to work on linux, freebsd, openbsd, netbsd, solaris, macosx, and windows.”\u00a0 This program can generate a variety of checksum formats including the SHA1<\/a> used in this example.<\/p>\n

To create the signature file for a directory’s and sub-directories’ files use the following commands in a Linux or Mac OS X command window:<\/p>\n

cd \/usr\/local\/bin\r\ncfv -C -rr -f bin.sha1 -t sha1\r\ngpg -sab bin.sha1<\/pre>\n
To verify the file signatures use the following commands:<\/p>\n
cd \/usr\/local\/bin\r\ngpg --verify bin.sha1.asc\r\ncfv -M -f bin.sha1<\/pre>\n
The gpg<\/a> command verifies the integrity of the signature file (bin.sha1).\u00a0 The cfv<\/a> command then verifies all the files originally tested when creating the signature file.<\/p>\n","protected":false},"excerpt":{"rendered":"
Sometimes I want to have a simple way to determine if a file has been changed or has been compromised without the configuration required of a full feature IDS such as AIDE or Tripwire.\u00a0 This technique uses CFV, a free and open-source program written in Python and “has been verified to work on linux, freebsd, … <\/p>\n
Continue reading “Simple Intrusion Detection”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,7,6,17,3],"tags":[19,20,18],"class_list":["post-113","post","type-post","status-publish","format-standard","hentry","category-linux","category-macintosh","category-windoze","category-security","category-technology","tag-cfv","tag-gpg","tag-ids"],"_links":{"self":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts\/113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/comments?post=113"}],"version-history":[{"count":3,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts\/113\/revisions"}],"predecessor-version":[{"id":116,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts\/113\/revisions\/116"}],"wp:attachment":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/media?parent=113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/categories?post=113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/tags?post=113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}