FIM (short for File Integrity Monitor) is a tool that monitors a host’s local system for changes to specified files, directories, and registry settings to detect illicit modifications. In this basic FIM, it accomplishes its task by calculating file hashes and storing them in a baseline, then the monitoring starts by verifying that the current file state hash is equal to the one stored in our trusted baseline. For a more in-depth step-by-step tutorial, check out this 4 minute read Documentation i made about the project.
This project was heavily inspired by Josh Madakor's Youtube Video. Check out his channel for cybersecurity related content.
- Open your web browser and navigate to the Downloads for Windows section of the official Python website. Search for your desired version of Python.
- At the time of publishing this article, the latest Python 3 release is version 3.9.6, while the latest Python 2 release is version 2.7.18.
- Select a link to download either the Windows x86-64 executable installer or Windows x86 executable installer
- Run the Python Installer once downloaded. (In this example, we have downloaded Python 3.7.3.)
- Make sure you select the Install launcher for all users and Add Python 3.7 to PATH checkboxes. The latter places the interpreter in the execution path. For older versions of Python that do not support the Add Python to Path checkbox, see Step 6.
- Select Install Now – the recommended installation options.
- Make sure python is correctly installed and working. Open the command line and type python
>Python
If python doesn't work,you may have to Add it's Path to Environment Variables manually.
To see which version of Python 3 you have installed, open a command prompt and run
$ python3 --version
If you are using Ubuntu 16.10 or newer, then you can easily install Python 3.6 with the following commands:
$ sudo apt-get update
$ sudo apt-get install python3.6
- Launch Terminal. Go to Launchpad – Other – Terminal.
- Install HomeBrew. Go to command line and type the following command
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
- Install Python3 with Brew. Enter brew command into terminal
brew install python3
If python doesn't work,you may have to Add it's Path to Environment Variables manually.
once the script is executed, you only have to input one of two choices
- Collect new baseline
- Start monitoring with already collected baseline
Executing the script without passing any command line argument will monitor the path directory of the script, in order to monitor the directory of your choosing, you have to pass the directory as an argument as follows
./script path/to/directory/to/monitor
Open terminal
python3 path/to/script.py
open powershell and type
cd path/to/script
./script.ps1
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew install --cask powershell
$ pwsh
cd path/to/script
./script.ps1
$ sh /path/to/script
or
$ cd /directory/with/script
$ ./executable
#----------------
$ chmod +x script # only required if your file is not already executable
Execute Shell Script file same as on a linux based system using WSL (Windows Subsystem for Linux) or by installing a linux virtual machine.
Pull requests are welcome. Feel free to take the code and make it your own, expand on it and put it in your portfolio, while mentioning the original authors.