This Python-based system monitors assigned files and directories, notifying you of any changes. To run it, use: python3 ./FIMS.py
If no changes are detected, you’re notified:
If changes occur, you decide whether they’re authorized:
If authorized, the baseline (which stores details like filename, permissions, and hashes) updates accordingly.
If unauthorized, a report.txt is generated, logging the modifications for investigation.
this is what report.txt looks like:
To get started, clone the repo, modify the paths in create_baseline.py
run it to set up a baseline for monitoring: python3 ./create_baseline.py
and, the very first thing, open the folder in a code editor, VScode maybe, as it is preinstalled on kali or any other, open the create_baseline.py file and change the paths of those file, just replace with the filename and file path you want to monitor and also the path of the snapshot directory where you want to save the snapshot of those files. snapshot is just like how you take snapshot of Virtual machine before your analysis or just like how you take backup. yes! you got it just like that we are creating snapshot of those files. after setting the paths, run create_baseline.py script: python3 create_baseline.py
What it will do? It will create baseline.csv file and snapshot directory. baseline.csv, which stores the info about those file which works as a base for comparing and finding the changes in those files. and snapshot directory will be created which stores snapshot of those files.
after that open FIMS.py and change the path according to where you saved those files.
Source link
lol
