A PHP script, designed to be run by a cron job, which detects files which have been added, deleted or modified since the previous execution of the script. Sends emails with a summary of changes. Great for detecting malicious activity (hacking, unauthorised access other hacker actions).
PHP
Latest commit c5929e1 Jan 7, 2015 @lucanos PHP Version Check
Checking PHP Version before starting script
Permalink
Failed to load latest commit information.
README.md Markdown Dec 4, 2014
tripwire.php PHP Version Check Jan 7, 2015
tripwire_config.php Multiple features May 10, 2013

README.md

Tripwire

Need to know if your server-based files have changed? If new files have been added, or files have been deleted? Whether as part of your routine checks, or as remedial action after your server has been compromised, Tripwire can be used to check for changes in your file system and provide a simple list of those files which have been added, deleted or modified since the last time you ran Tripwire.

How to use Tripwire

Simply upload these files to your webserver where they can be viewed through a web browser or triggered via SSH. Then do so. Tripwire will create an index of all the files it can detect, and a hash of their contents.

The next time you access or trigger Tripwire (or have a Cron job do the same), that index will be checked and compared to the new list of files and hashes and the differences will be shown.

Licencing

Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Exceptions: Tripwire can be used as part of a Commercial action (such as by an IT specialist who is investigating an attack on a server, etc.) but cannot be packaged and sold as a product.