/fim

FIM is an Open Source Host-based file integrity monitoring tool that performs file system analysis, file integrity checking, real time alerting and provides Audit daemon data.

Primary LanguageRustGNU General Public License v3.0GPL-3.0

FIM

Join us on Slack GitHub Coverage Status

FIM is a File Integrity Monitoring tool that tracks any event over your files. It is capable of keeping historical data of your files. It checks the filesystem changes in the background. FIM is the fastest alternative to other software like Ossec to perform file integrity monitoring. It could integrate with other security tools like Ossec or Wazuh. The produced data can be ingested and analyzed with tools like ElasticSearch/OpenSearch. It has developed with Rust, the best core programming language.

Features

  • Filesystem monitor (File change monitor).
  • Identification of changes in content, attributes, ownership or permissions (Linux Audit data).
  • Store logs of detected events.
  • Easy integration with Elasticsearch/OpenSearch Wazuh indexer.
  • Compatible with Linux, macOS and Windows.

Get started

To set up FIM perform the following steps:

  1. Download our last package from the packages repository, located at Github
  1. Install with:
  • RPM: yum install fim-*.rpm
  • DEB: dpkg -i fim*.deb
  • CARGO: cargo install --git https://github.com/Achiefs/fim.git
  1. You can start to work typing sudo nohup fim in your terminal

  2. FIM software will start monitoring any activity on the default folders configured in /etc/fim/config.yml file.

  3. If you want to test it you could launch touch /tmp/file.txt in your terminal then, take a look at /var/lib/fim/events.json file. It will store each produced event in JSON format.

Configuration

To customize your installation take a look at our Documentation Wiki

Contribute

Feedback

Feel free to open us an issue in this repository or send your feedback to our developers through support@achiefs.com We will be glad to hear from you and your thoughs about the software.

How to compile

We suggest using the Cargo tool to get dependencies automatically downloaded Steps:

cargo build --release

Then take a look at the target/release folder

Set up environment

Linux

  • Install git
  • Install gcc
  • Run curl https://sh.rustup.rs -sSf | sh to install rust (install at default location).
  • Reload PATH variable in your terminal.
  • Run git clone https://github.com/Achiefs/fim.git
  • Run cd fim to go inside cloned folder.
  • Edit config.yml to adjust your needs, add paths or ignore files.
  • Run cargo run to download crates, build and run FIM software.