ViperDB 0.9.9 review
DownloadViperDB is a file checker somewhat similar to Tripwire, but based on different assumptions
|
|
ViperDB is a file checker somewhat similar to Tripwire, but based on different assumptions. It only reports if a change is found and therefore can be run every couple of minutes.
ViperDB does not use a fancy all-in-one database to keep records instead, I opted to keep it fast and hence decided to go with a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for a attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases that likelyhood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your syste
To install follow these steps:
1.) download latest version of ViperDB
2.) uncompress archive
3.) enter distro directory
4.) edit viperdb.conf to include and directories you wish to monitor
5.) copy viperdb.conf to /usr/local/etc/
6.) edit viperdb.ignore to include all files you want to ignore
7.) copy viperdb.ignore to /usr/local/etc/
8.) edit viperdb.pl to change $notify_email and $loglevel
9.) copy viperdb.pl to /usr/local/sbin/
10.) run viperdb.pl -init
11.) copy filecheck.sh /etc/cron.hourly/
12.) copy filecheck-nomd5.sh /usr/local/sbin/
13.) add filecheck-nomd5 to your crontab
/5 * * * * /usr/local/sbin/viperdb.pl -check
NOTE: If you want to mix md5 and non-md5 checks, make sure you have md5=0 in the config file.
What's New in This Release:
hash deleting bugfix
locking bugfix
config parsing bugfix
tie-ing bugfix
logfile bugfix
ViperDB 0.9.9 search tags