A CLI tool for per-directory file integrity monitoring, change detection, and security log analysis.
Project description
VGLS/Vigilant Scanner
vgls is a Python-based CLI tool for monitoring file integrity, detecting changes, analyzing logs and identifying potential security threats.
🚀 Features
- System Integrity Monitoring: Detect changes in file content, metadata, and structure. Monitor directories for unauthorized or suspicious changes (permissions, owner, etc).
- Log Analysis (In Progress): Analyze logs for security threats and anomalies.
🛠 Installation
pip install vigilant-scanner
📋 Usage
-
Initialize Snapshot Create a snapshot of the current directory state and store metadata in the database:
vgls integrity-init <directory>
-
Scan and Compare Scan the directory and compare results with the last snapshot:
vgls integrity-scan <directory>
-
Update the Database Update the database with the current state of the directory:
vgls integrity-update <directory>
- Log analysis
Analyse all logs (all files with .log extension) in provided directory on matching with malicious patterns.
vgls log-scan <directory>
Work is still in progress. Mostly working on malicious signature collection that will be used here.
⚙️ How It Works
# Create database with the current state of a target directory
vgls integrity-init /var/www
# Perform a scan to detect changes
vgls integrity-scan /var/www
# Update the database after legitimate changes are made (deploy was conducted etc.)
vgls integrity-update /var/www
-
Initialization (
init)- Scans a directory and stores metadata (file path, hash, size, permissions, etc.) in a SQLite database.
-
Scanning and Comparison (
scan)- Scans the directory again and compares the current state with the stored metadata.
- Outputs new, modified, and deleted files.
-
Updating the Database (
update)- Updates the database to reflect the latest directory state.
- Inserts new files, updates modified files, and removes deleted files.
📋 Requirements
- Python 3.10+
🛠 Development
To contribute or run the tool locally:
-
Clone the repository:
git clone https://github.com/ivpel/vigilant-scanner.git
-
Navigate to the project directory:
cd vigilant-scanner
-
Install dependencies:
pip install . # for development pip install -e ".[dev]"
-
Run tests:
pytest
📜 License
This project is licensed under the GNU General Public License v3 or later (GPLv3+). See the LICENSE file for details.
💬 Support
If you encounter any issues, feel free to open a ticket on the GitHub Bug Tracker.
🔗 Links
- Homepage: Vigilant Scanner on GitHub
- Bug Tracker: Report Issues
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vigilant_scanner-1.0.3.tar.gz.
File metadata
- Download URL: vigilant_scanner-1.0.3.tar.gz
- Upload date:
- Size: 403.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7b30295b244e08d9138efcde1b16de6dbce68408f16f7adabba1550e46d39e1d
|
|
| MD5 |
3729a8ffa76f7304f52af08a77580f90
|
|
| BLAKE2b-256 |
77001ff6e247572ab037106ca645498a843ec35d0d985df431ddacb05847a61a
|
File details
Details for the file vigilant_scanner-1.0.3-py3-none-any.whl.
File metadata
- Download URL: vigilant_scanner-1.0.3-py3-none-any.whl
- Upload date:
- Size: 24.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1d9753319a2293385cf49b7994578da915c295e4345bf272028e480858d31160
|
|
| MD5 |
ef0e3eb9d576c53586aae9c5039bf4c5
|
|
| BLAKE2b-256 |
22ecbf0cd5674f32418db768d3772e5093712f14e08a843cbd1be4be796f9de2
|
