Closed antoninoLorenzo closed 3 months ago
This is explained in the README, see USAGE.
chkbit uses one index file per directory to track hashes.
Yes, I tried it out and I noticed the following:
The hashes are kept inside .chkbit
, this solves my question about how are updates managed, however storing the hashes in the file is a vulnerability:
{
"v":2,
"idx": {
"file_to_watch.txt":{
"mod":1709627283794,
"a":"blake3",
"h":"3fba5250be9ac259c56e7250c526bc83bacb4be825f2799d3d59e5b4878dd74e"
},
...
"idx_hash":"c490ca9fd73829664a0ced0135420858"
}
As an attacker I would modify the files, compute the hash, and manually update them inside .chkbit
; when the file owner runs chkbit PATH
the hashes are loaded from the modified file; I think you should encrypt the hashes (a symmetric algorithm would be a good fit) and figure out a way to store the private key.
If you think I am missing out on something I would like to be corrected.
Not sure about your usecase. chkbit's job is to detect errors (e.g. flipped bits) or changes (e.g. compression applied to an image/video by a cloud provider). It's not there to protect against an attacker, that would be the job of disk encryption.
Ok, I think that I misunderstood its objective, I thought of it more as a security tool. However, the use case I had in mind was log tampering protection.
Hi, I got here while learning about file integrity, as my understanding of the code the hash of a file is kept in a dictionary in the
Index
class, so I assume that chkbit cannot guarantee that the file wasn't modified while it wasn't running as it hasn't a persistent hash history; also, it isn't clear to me if there is an alerting mechanism while it is running or you must manually check.About the first point, I was wondering if a SQLite database wouldn't be a better fit, it would have the advantages of using files and would make it possible to have a persistent history; still, it would also introduce more complexities, such as database management but, more important, the hashes should be encrypted -> the key should be kept somewhere safe.
I would like to know more about the project, given my recent interest in file integrity.