AI WEB SOFTWARE MOBILE CYBERSECURITY
hi@sulata.com
Home / Store / FileIntegra
Cybersecurity, Monitoring, Utilities

FileIntegra

Know the instant someone touches your config files. Checksums + email alerts = peace of mind.

Linux, macOS Version 1.0 10.8 MB
Free no payment required
Download Free Version No credit card required

About FileIntegra

FileIntegra is a cross-platform command-line tool that monitors critical filesfor unauthorized changes and sends email alerts the moment a modification isdetected. Point it at configuration files, system binaries, web serverconfigs, SSL certificates, or any file that should not change without yourknowledge — and get notified within minutes.

Available for Linux, macOS, and Windows. Single binary, zero dependencies,installs in seconds.

Why File Integrity Monitoring Matters

When an attacker gains access to a server, one of the first things they do ismodify files — injecting backdoors, altering configurations, or replacingbinaries. Without file integrity monitoring, these changes can go unnoticedfor weeks or months. FileIntegra closes that gap by alerting you on the nextscheduled check.

How It Works

  • On first run, FileIntegra takes a secure fingerprint (SHA-256) of eachmonitored file
  • On subsequent runs (scheduled via cron), it recalculates fingerprints andcompares them against stored snapshots
  • If any monitored file has been modified, an email alert is sent with fulldetails
  • The alert includes the file path, previous fingerprint, new fingerprint, andtimestamp
  • Use --reset to accept legitimate changes and establish a newbaseline

What To Monitor

  • Web server configuration (nginx.conf, apache2.conf, .htaccess)
  • Application config files (database credentials, API keys, environment files)
  • System binaries and libraries (/usr/bin, /usr/sbin)
  • SSL/TLS certificates and private keys
  • Cron jobs and scheduled task definitions
  • SSH configuration and authorized_keys files
  • Any file that should only change during planned maintenance

Key Features

  • SHA-256 fingerprinting for cryptographically strong integrity verification
  • Email alerts via SMTP with TLS (port 465) and STARTTLS (port 587) support
  • Alerts include file path, change status, previous and current fingerprints
  • Configurable file list — monitor the exact files that matter to you
  • Cron-friendly with quiet mode — no noise, alerts only when something changes
  • Dry-run mode to test your setup without triggering alerts
  • Reset mode to take fresh snapshots after planned maintenance
  • Summary reports sent via email on schedule
  • Cross-platform — runs on Linux, macOS, and Windows
  • Single static binary, zero runtime dependencies
  • Minimal resource usage — runs efficiently on any server or VPS

Who Needs This

  • Sysadmins managing production web servers
  • Security teams implementing defence-in-depth strategies
  • Compliance officers requiring file integrity monitoring (PCI-DSS, SOC 2, ISO27001)
  • DevOps teams managing cloud infrastructure
  • Anyone running a VPS or dedicated server who needs to know when criticalfiles change

Quick Start

  1. Download the binary for your platform
  2. Copy config.example.yaml to config.yaml and addyour SMTP details
  3. Run fileintegra --config config.yaml --test to verify emailworks
  4. Run fileintegra --config config.yaml --reset --all to takeinitial snapshots
  5. Add a cron job to check every 5 minutes — done

Supported Platforms

File Operating System
fileintegra-linux-amd64 Linux (Intel/AMD 64-bit)
fileintegra-linux-arm64 Linux (ARM 64-bit, e.g., AWS Graviton, Raspberry Pi)
fileintegra-darwin-amd64 macOS (Intel)
fileintegra-darwin-arm64 macOS (Apple Silicon — M1/M2/M3/M4)
fileintegra-windows-amd64.exe Windows (64-bit)

Installation

# Install the binary
chmod +x fileintegra-linux-amd64
sudo mv fileintegra-linux-amd64 /usr/local/bin/fileintegra

# Set up config directory
sudo mkdir -p /etc/fileintegra
sudo cp config.example.yaml /etc/fileintegra/config.yaml
sudo chmod 600 /etc/fileintegra/config.yaml

# Edit config with your SMTP credentials and monitored files
sudo nano /etc/fileintegra/config.yaml

Configuration

Important: Create a dedicated email account specifically for FileIntegra (e.g., fileintegra@yourdomain.com). Do not use a shared or personal email account. If the SMTP password is changed on the mail server and not updated in config.yaml, FileIntegra will fail to send alerts silently. A dedicated account ensures no one accidentally changes the password during routine credential rotations.

Config Reference

email:
  smtp_host: "smtp.example.com"
  smtp_port: 587            # 587 = STARTTLS, 465 = implicit TLS
  username: "alerts@example.com"
  password: "your-password"
  from: "alerts@example.com"
  to:
    - "admin@example.com"
  subject_prefix: "[File Integrity Alert]"

storage:
  snapshot_file: "/var/lib/fileintegra/snapshots.json"

monitored_files:
  - "/etc/passwd"
  - "/etc/shadow"
  - "/etc/ssh/sshd_config"

Usage Examples

# Check specific files
fileintegra --config config.yaml /etc/passwd /etc/ssh/sshd_config

# Check all files from config
fileintegra --config config.yaml --all

# Dry run (no emails sent, no snapshots updated)
fileintegra --config config.yaml --dry-run --all

# Take fresh snapshots (no alerts sent)
fileintegra --config config.yaml --reset --all

# Test email configuration
fileintegra --config config.yaml --test

# Quiet mode + summary (ideal for cron)
fileintegra --config config.yaml --all --quiet --summary

# Notify when new files are added to monitoring
fileintegra --config config.yaml --all --notify-new

# Check version
fileintegra --version

Command Flags

Flag Description
--config Path to YAML config file (default: config.yaml)
--all Check all files listed in monitored_files
--test Send a test email to verify SMTP config
--dry-run Check files without sending emails or saving snapshots
--reset Take fresh snapshots without sending alerts
--quiet Suppress output (for cron jobs)
--summary Send a summary email after the check
--notify-new Send email when new files are first monitored
--version Print version and exit

Exit Codes

Code Meaning
0 All files OK, no changes
1 Error (config, I/O, SMTP failure)
2 Integrity change detected

Cron Setup

By default, FileIntegra only sends an email when a file change is detected. No change = no email. The --quiet flag prevents cron from generating its own notification emails. 

# Check every 5 minutes, email only on changes
*/5 * * * * /usr/local/bin/fileintegra --config /etc/fileintegra/config.yaml --all --quiet

# Hourly check with summary report (sends email every run regardless of changes)
0 * * * * /usr/local/bin/fileintegra --config /etc/fileintegra/config.yaml --all --quiet --summary

Security Notes

  • Store config.yaml with restricted permissions (chmod 600)
  • The snapshot file should also be protected (chmod 600)
  • Consider running as a dedicated service user
  • For production, use environment variables or a secrets manager for SMTP credentials

Permissions & Sudoers

Some monitored files (e.g., /etc/shadow) require root access to read. If running FileIntegra from cron as a non-root user, add a sudoers entry: 

# /etc/sudoers.d/fileintegra
youruser ALL=(root) NOPASSWD: /usr/local/bin/fileintegra

Then run from cron with sudo:

*/5 * * * * sudo /usr/local/bin/fileintegra --config /etc/fileintegra/config.yaml --all --quiet

Alternatively, run the cron job directly as root via sudo crontab -e.

Frequently Asked Questions

I made a legitimate change to a monitored file. How do I stop getting alerts?

Run fileintegra --config config.yaml --reset --all to take fresh snapshots. The next check will use the new baseline.

I changed my email password and now FileIntegra isn't sending alerts. What do I do?

Update the password field in your config.yaml to match the new password, then run fileintegra --config config.yaml --test to verify it works.

How do I know if FileIntegra is actually running?

Check your cron logs (grep fileintegra /var/log/syslog) or run it manually without --quiet to see output.

Can I monitor files that require root access (e.g., /etc/shadow)?

Yes. Either run FileIntegra as root, or add a sudoers entry: youruser ALL=(root) NOPASSWD: /usr/local/bin/fileintegra. Then use sudo /usr/local/bin/fileintegra in your cron job.

What happens if a monitored file is deleted?

FileIntegra will report an error for that file. It won't send a change alert — it will show the file as missing in the summary.

Can I monitor an entire directory?

Not directly. List each file individually in monitored_files in your config. This is by design — monitoring specific critical files is more secure than watching entire directories.

How often should I run FileIntegra?

Every 5 minutes is a good default for critical servers. For less sensitive systems, hourly or daily may be sufficient.

Will FileIntegra slow down my server?

No. It only reads files and computes a fingerprint. The overhead is negligible, even when checking dozens of files every few minutes.

How do I set up FileIntegra to run automatically?

Add a cron job. Open your crontab with crontab -e (or sudo crontab -e for root) and add:
*/5 * * * * /usr/local/bin/fileintegra --config /etc/fileintegra/config.yaml --all --quiet

What does --dry-run do exactly?

It checks all files and shows you what changed, but does not save the new snapshots and does not send any emails. Useful for testing your setup before going live.

What do the exit codes mean?

Exit 0 = all files are unchanged. Exit 1 = an error occurred (bad config, can't read a file, email failed). Exit 2 = one or more files were modified (integrity change detected).

What permissions does the config file need?

Set it to chmod 600 so only the owner can read it — it contains your SMTP password. The snapshot file should also be chmod 600.

How do I add more files to monitor?

Edit your config.yaml and add file paths under monitored_files. Then run fileintegra --config config.yaml --reset --all to take initial snapshots of the new files.

What does --notify-new do?

By default, when FileIntegra sees a file for the first time, it takes a snapshot silently. With --notify-new, it sends an email confirming which new files have been added to monitoring.

Can I send alerts to multiple people?

Yes. Add multiple email addresses under the to field in your config.

What's the difference between --quiet and --summary?

--quiet suppresses all console output (ideal for cron so you don't get cron emails). --summary sends a summary email after each check regardless of whether changes were found. You can use both together.

Download FileIntegra

Free download · No credit card required

Get Started

Talk to Our Experts

Ready to transform your business? Schedule a free consultation to discuss your project and discover how our 10-year warranty can protect your investment.

Email Us hi@sulata.com
Offices Miami | Lahore
Drag to submit your message →
Sulata AI