Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 105kB of archives.
After unpacking 340kB of additional disk space will be used.
Get:1 http://mirror.ox.ac.uk stable/main integrit 3.02.00-11 [105kB]
Fetched 105kB in 0s (274kB/s)
Selecting previously deselected package integrit.
(Reading database ... 12745 files and directories currently installed.)
Unpacking integrit (from .../integrit_3.02.00-11_i386.deb) ...
Setting up integrit (3.02.00-11) ...
This will complete the installation of integrit
Once installed you'll find a configuration file /etc/integrit/integrit.conf.check default integrit.conf file.
This configuration file contains a list of directories, or paths, which are checked.
Every file beneath the named directory will be checksumed using the SHA-1 hash, and its details will be stored in the integret database located at /var/lib/integrit.
The configuration file contains a list of example directories along with a brief explanation of how to add new entries
Minimal Integrit working configuration file
# Global settings
# Ignore '!' the following directories because we don't care if their contents are modified.
Once this is setup you can create the initial database:
#integrit -C /etc/integrit/integrit.conf -u
This saves the current state of the system into the file /var/lib/integrit/current.cdb, we need to move this into the known state - and also take a copy offsite.
-C Specify conffile as the configuration file for integrit.
-V Show integrit version information and exit.
-h Show brief help.
-x Produce XML output.
-u Do update - create a new database that reflects the current state of the system.
-c Do check - compare the current state of the system to a database containing a snapshot of the system when it was in a known state.
-N Manually override specification of the current ("New") database. Normally it is set in the configuration file.
-O Manually override specification of the known ("Old") database. Normally it is set in the configuration file.
-q Lower integrit's level of verbosity.
-v Increase integrit's level of verbosity.
(m in this case is the modification date of the file, c being the creation date).
The Debian package will mail you every day if files have changed - and even if they haven't. There is a cron job setup by the file /etc/cron.daily/integrit. You can edit that file if you only wish to see an email in the case of differences, the comments explain how to do so:
# * UNCOMMENT the two following lines marked with `# !' if you don't
# * want to receive reports if no mismatches were found
# ! if [ '$(echo '$output' | egrep -v '^integrit: ')' ]; then
message=$(echo '$message' && echo '$output')
# ! fi
If you want to run this every day you can configure the integrit.debian.conf file
Sample file Looks like below you need to adjust the settings fit to your needs
# Configuration of the example daily cron job /etc/cron.daily/integrit
# Set the configuration file(s) for integrit. /etc/cron.daily/integrit
# will run ``integrit -uc -C <file>'' for each file specified in CONFIGS.
# An empty CONFIGS variable disables /etc/cron.daily/integrit. Multiple
# file names are separated with spaces, e.g.:
# CONFIGS="/etc/integrit/usr.conf /etc/integrit/lib.conf"
# Set the mail address reports are sent to
# Set the subject line for the report mails
EMAIL_SUBJ="[integrit] `hostname -f`: report on changes in the filesystems"
# If ALWAYS_EMAIL is set to ``true'', a report is mailed on every run.
# Normally a report is only generated when integrit(1) exits non-zero.
For more information and other options check integrit manual